Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojan-Downloader.Bagle und E-mail-Worm.Bagle (https://www.trojaner-board.de/50970-trojan-downloader-bagle-e-mail-worm-bagle.html)

ZJZ 23.03.2008 19:09
Trojan-Downloader.Bagle und E-mail-Worm.Bagle
 
Hallo!
Wie ich das entfernen kann?
CPU Auslastung liegt immer bei 70 % und höher.
Danke.
Mein HiJackThis Logs:
Logfile of HijackThis v1.99.1
Scan saved at 18:04:57, on 23.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Programme\Spyware Nuker\swnxt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Free Download Manager\fdm.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Sun\StarOffice 8\program\soffice.exe
C:\Programme\Sun\StarOffice 8\program\soffice.BIN
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programme\Spyware Doctor\pctsGui.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\Software\pruefung.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.gmx.net/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.gmx.net/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.gmx.net/home
R3 - URLSearchHook: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programme\LphantBar\tbLph1.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programme\LphantBar\tbLph1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programme\LphantBar\tbLph1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programme\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SWN2] C:\Programme\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Programme\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LphantAutoRun] C:\Programme\Lphant\eLePhantClient.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: StarOffice 8.lnk = C:\Programme\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: GMX Browser Update (AdminSVC) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe

boston 23.03.2008 19:18
hallo, zjz,
welches av-programm hat bagle in welcher datei gefunden?

bitte lade dir hier
ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
blacklight herunter
dann als admin :
- i accept the agreement
- next
- scan

und dann poste das log, das du im blacklight-ordner findest.

ZJZ 23.03.2008 20:02
Danke

03/23/08 19:35:56 [Info]: BlackLight Engine 1.0.67 initialized
03/23/08 19:35:56 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/23/08 19:35:56 [Note]: 7019 4
03/23/08 19:35:56 [Note]: 7005 0
03/23/08 19:36:05 [Note]: 7006 0
03/23/08 19:36:05 [Note]: 7027 1
03/23/08 19:36:05 [Note]: 7027 0
03/23/08 19:36:13 [Note]: 7026 0
03/23/08 19:36:19 [Note]: 7026 0
03/23/08 19:36:19 [Note]: 7024 3
03/23/08 19:36:19 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
03/23/08 19:36:26 [Note]: FSRAW library version 1.7.1024
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Empty.txt
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Filters.xml
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\news.png
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\paint.png
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Profiles\Blank.txt
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Sample1.jpg
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Sample2.jpg
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Note]: 10002 2
03/23/08 19:39:03 [Note]: 10002 2
03/23/08 19:43:10 [Note]: 10002 2
03/23/08 19:43:10 [Note]: 10002 2
03/23/08 19:43:41 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
03/23/08 19:43:41 [Note]: 10002 2
03/23/08 19:43:41 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
03/23/08 19:43:41 [Note]: 10002 2
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\123093.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15748406.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\66078.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\100015.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\101937.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\103843.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\104500.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\105265.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\105843.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\107968.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\108984.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\110468.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\110500.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\111250.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\113578.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\114390.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1147390.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1148500.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\114953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1154937.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\115546.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1156015.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1158390.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\116140.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1161828.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1163078.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\116625.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1168234.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\117921.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1194656.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\119937.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1200046.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1203078.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1209109.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1212500.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1214015.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1221765.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15751312.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15754156.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15757296.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15758546.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\157609.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15765890.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15770578.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15775953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15787312.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15792031.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15829234.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15836890.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\159953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\163031.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\181593.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\188593.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\199703.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\206390.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\61000.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\61562.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\64359.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\65765.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\66484.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\68953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\70343.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\70953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\71203.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\71875.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\73359.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\74250.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\74343.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\75078.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\76671.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\77734.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\79515.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\79875.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\80359.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\80593.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\82968.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\88421.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\94734.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\98000.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\99609.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\124265.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1290859.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1298609.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\131765.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\135781.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\137046.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\142203.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\144875.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\151421.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\156218.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15692546.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15693609.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15699062.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15700250.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15702796.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15706062.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15706937.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15710687.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15741109.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Note]: 10002 2
03/23/08 19:43:45 [Note]: 10002 2
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 2
03/23/08 19:43:50 [Note]: 10002 2
03/23/08 19:51:57 [Note]: 7007 0

ZJZ 23.03.2008 20:24
Wurde von "PC Tools Spyware Doctor" gefunden.
Ich kann die zwei nicht löschen und beim Löschvorgang immer Neustart verlangt wird.
Habe ausprobiert, bringt nichts.
Danke für Ihre Hilfe.
ZJZ.


Trojan-Downloader.Bagle:

Registry-Wert
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA, NextInstance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, Type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, Start
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, DisplayName

Registry-Schlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa

**********************************************************************
E-mail-Worm.Bagle

Registry-Wert:
HKEY_USERS\S-1-5-21-839522115-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run, german.exe

boston 23.03.2008 20:28
Zitat:
Danke
hallo, zjz,
oh, mit dem bedanken solltest du warten.
da bagle in deinem system aktiv ist, führt leider kein
weg am neuaufsetzen vorbei.
http://www.trojaner-board.de/12154-a...sicherung.html
was seit der infektion mit deinem rechner passiert ist, kannst du hier nachlesen:
Technische Kompromittierung - Wikipedia
Botnet - Wikipedia

ZJZ 23.03.2008 20:54
Hallo,
Wenn ich alle meine Daten auf cd kopiere, wird auch Wurm mitkopiert?
Danke

boston 23.03.2008 21:02
hallo,
eigene dokumente, bilder und musik kannst du sichern,
keine ausführbaren dateien.
Computersicherheit - Dateiendungen
am sichersten ist das kopieren der dateien mit einer
live-cd wie z.b. puppy linux.
nach dem neuaufsetzen die dateien
mit einem scanner überprüfen.

ZJZ 24.03.2008 21:48
Danke. Wird gemacht.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131