Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan backdoor.small38.R??

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 20.05.2005, 22:27   #1
guchev
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



Hi guys,
I have a problem with my computer and the only place i found somone who had simmilar experiance was on this forum. Just a few treds down. But my english is better than my German and i couldnt understand how to sort the problem
The mentioned above virus/trojan appeared a few days ago and AVG found it and it heal it but it keeps comming back.
It seems to me that it pops out when iexplorer is lounched, but this is only my opinion.
I am sending you my HijackThis log to have a look.
Best Regards,
Thank you in advance
PS if you are in Cambridge or Peterborough you have a BIER from me.


Logfile of HijackThis v1.97.7
Scan saved at 23:16:43, on 20/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Documents and Settings\Do\My Documents\Spyware Programmes\hijackthis1977.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\svchost.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101113700534
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A6CAAD3-568E-458F-89BF-6112A909EBF6}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{790AD587-6869-42D7-B3FA-185119EFE956}: NameServer = 192.168.1.5

Alt 20.05.2005, 22:59   #2
cronos
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



Hi

Gathering informations about a sytem by using HijackThis means to use the latest one of Hijackthis:

Latest Version

Plz let us know your latest log using the latest version.

Also try to upload this file:

C:\WINDOWS\svchost.dll

here:

http://virusscan.jotti.org/

We want the results.

Perhaps you have to stop the process in the taskmanager before uploading .
__________________

__________________

Alt 20.05.2005, 23:02   #3
Cidre
Administrator, a.D.
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



Hello gutchev,

download and run the newest version of HJT. Edit your last post and post the new HJT Log-File.
Importantly:
Defuse all active hyperlinks.

btw:
Post the exactly path where AVG found the backdoor.small38.R.

EDIT:
Hi cronos
__________________
__________________

Alt 21.05.2005, 10:44   #4
guchev
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



Hi guys,
Danke fur der shnell antworten.(is it right?)
I will continue in English, coz i dont want to solve another riddle triyng to decifer replays in German.
There is the Log with the new version i belive.
I just ran avg and it didnt find it. But i know it will come back becouse it happened beffore.As i said earlier i think comes bakc if i ran iexplorer (i am using firefox now). And i know the Trojan is back becouse disconects me from the internet. Than when i ran AVG it finds it exactly in C:\\WINDOWS and i think the file was scvhost2.exe.

Do you want me to send you i HijackThis report when i think the virus is there ( or when AVG thinks it is there,[before i run the AVG]).
I could run iexplorer and when it disconects me i am sure its there than i can gun the Hijack this. If there is differance in the two reports it may give us a clue,what do you think?


Logfile of HijackThis v1.99.1
Scan saved at 11:28:08, on 21/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Do\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\svchost.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101113700534
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A6CAAD3-568E-458F-89BF-6112A909EBF6}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{790AD587-6869-42D7-B3FA-185119EFE956}: NameServer = 192.168.1.5
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thanks again for your help,
Greatings from England

Alt 21.05.2005, 10:56   #5
guchev
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



by the way i just ran Pest Patrol and it found Trojan. Win32. StartPage.my and deleted it , but i have done that yesterday too and as you can see it is back.
there is some info on it:http://www3.ca.com/securityadvisor/p...x?id=453088608

Is that the same pest/horse as the BackDoor38 or it is diferent?
Pest Patrol found it in the same place : C:\\WINDOWS\scvhost.exe

Danke schon noch einmal,
bye


Alt 21.05.2005, 11:08   #6
guchev
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



Hi CRONOS<
You were right.
There is the scan fro the link you gave me:
What do i do next??



File: svchost.dll
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 a6c76903ba3b343f8d652ab5442ac72b
Packers detected:
UPX
Scanner results
AntiVir
Found TR/Agent.CL
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found Trojan.Agent.CL
ClamAV
Found Trojan.Agent-67
Dr.Web
Found Trojan.Hobot
F-Prot Antivirus
Found nothing
Fortinet
Found W32/Agent.CL-tr
Kaspersky Anti-Virus
Found Trojan.Win32.Agent.cl
mks_vir
Found Trojan.Agent.Cl
NOD32
Found Win32/Agent.CL
Norman Virus Control
Found W32/Agent.DJK
VBA32
Found Trojan.Win32.Agent.cl

Alt 21.05.2005, 11:23   #7
Rene-gad
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



@guchev
I think , you should flatten and rebuild you system: If a Backdoor was found it's absolutely necessary. Info: http://www.microsoft.com/technet/com...mt/sm0504.mspx
BTW:
Zitat:
my english is better than my German
What's your native language?

Alt 21.05.2005, 11:35   #8
guchev
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



hi Rene-gad,
thanks for the encouraging information.
i am bulgarian

Alt 21.05.2005, 11:54   #9
Rene-gad
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



@guchev
You have a PM .

Alt 21.05.2005, 12:20   #10
guchev
 
Trojan backdoor.small38.R?? - Unglücklich

Trojan backdoor.small38.R??



sorry but i dont know what do you mean by PM?

Alt 21.05.2005, 12:21   #11
Rene-gad
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



Zitat:
Zitat von guchev
sorry but i dont know what do you mean by PM?
It's a Personal Message : http://www.trojaner-board.de/private.php

Alt 21.05.2005, 13:19   #12
guchev
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



hi everybody,
i just was disconected and i ran hijackthis. i am sure avg will find the backdoor.small38 if i ran it now. take a look at the log , there might be differance
Logfile of HijackThis v1.99.1
Scan saved at 14:14:56, on 21/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE
C:\Documents and Settings\Do\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\svchost.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101113700534
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{790AD587-6869-42D7-B3FA-185119EFE956}: NameServer = 192.168.1.5
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



danke

Alt 21.05.2005, 13:34   #13
cronos
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



Try to scan your system with Escan in the save mode.

Escan has to be stored in the folder: C:\Bases_X.

Be sure you carried out following settings:



Allow us to know the results.

Here the manual how to use escan exactly.Unfortunaly in german:

http://www.trojaner-board.de/showthread.php?t=17492
__________________
Only cronos endures

Geändert von cronos (21.05.2005 um 16:09 Uhr)

Alt 24.05.2005, 01:19   #14
guchev
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



Hi Cronos,
I just ran ESCAN as you suggested. And it found 25 viruses.

Tue May 24 01:45:17 2005 => ***** Scanning complete. *****

Tue May 24 01:45:17 2005 => Total Objects Scanned: 110208
Tue May 24 01:45:17 2005 => Total Virus(es) Found: 25
Tue May 24 01:45:17 2005 => Total Disinfected Files: 0
Tue May 24 01:45:17 2005 => Total Files Renamed: 0
Tue May 24 01:45:17 2005 => Total Deleted Objects: 0
Tue May 24 01:45:17 2005 => Total Errors: 555
Tue May 24 01:45:17 2005 => Time Elapsed: 02:07:27
Tue May 24 01:45:17 2005 => Virus Database Date: 2005/05/23
Tue May 24 01:45:17 2005 => Virus Database Count: 131254

It is virtualy the same Trojan.WIN32.Agent.cl
What do you suggest is the next step?
I think it is triggered only when i use iexplorer.

Danke!!

Alt 24.05.2005, 07:19   #15
cronos
 
Trojan backdoor.small38.R?? - Standard

Trojan backdoor.small38.R??



Download this .bat-File.Right-Click on the Link and choose "save target as". Run the downloaded file. Now there should be a file named C:\eScan_neu.txt on your computer. Post the content of this file.
__________________
Only cronos endures

Antwort

Themen zu Trojan backdoor.small38.R??
avg, backdoor.small, bho, bier, computer, control center, diagnostics, excel, firefox, google, hijack, hijackthis, hijackthis log, hotkey, installation, internet, internet explorer, log, messenger, microsoft, mozilla, mozilla firefox, problem, software, spyware, system, thomson, trojan, usb, webroot, windows, windows messenger, windows xp



Ähnliche Themen: Trojan backdoor.small38.R??


  1. Trojan Backdoor Activity 15
    Log-Analyse und Auswertung - 14.06.2014 (6)
  2. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  3. >> Backdoor.Bot, Trojan.Bitminer <<
    Log-Analyse und Auswertung - 06.03.2013 (20)
  4. Backdoor.Trojan
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (69)
  5. Trojan.Backdoor.mrx
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (37)
  6. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  7. Stark trojanerverseuchtes System! (Trojan Buzuss, Backdoor Trojan, Trojan Dropper,..)
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (3)
  8. Trojan.Agent und Backdoor.bot
    Plagegeister aller Art und deren Bekämpfung - 06.02.2010 (74)
  9. Backdoor.Trojan - Was nun?
    Plagegeister aller Art und deren Bekämpfung - 11.11.2009 (1)
  10. Backdoor.Trojan und Backdoor.Grybird
    Mülltonne - 13.10.2008 (0)
  11. IRC.Backdoor.Trojan
    Plagegeister aller Art und deren Bekämpfung - 07.09.2007 (1)
  12. Trojan horse backdoor.iql
    Plagegeister aller Art und deren Bekämpfung - 20.07.2007 (12)
  13. Backdoor.Trojan
    Plagegeister aller Art und deren Bekämpfung - 03.12.2006 (18)
  14. Backdoor.Trojan
    Plagegeister aller Art und deren Bekämpfung - 08.05.2006 (3)
  15. IRC.Backdoor.Trojan (hbd.dll)
    Log-Analyse und Auswertung - 01.05.2006 (2)
  16. HILFE!!Backdoor.Trojan
    Log-Analyse und Auswertung - 18.08.2005 (1)
  17. BackDoor Trojan
    Plagegeister aller Art und deren Bekämpfung - 11.04.2004 (4)

Zum Thema Trojan backdoor.small38.R?? - Hi guys, I have a problem with my computer and the only place i found somone who had simmilar experiance was on this forum. Just a few treds down. But - Trojan backdoor.small38.R??...
Archiv
Du betrachtest: Trojan backdoor.small38.R?? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.