Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojan-Downloader.Bagle und E-mail-Worm.Bagle (https://www.trojaner-board.de/50970-trojan-downloader-bagle-e-mail-worm-bagle.html)

ZJZ 23.03.2008 19:09
Trojan-Downloader.Bagle und E-mail-Worm.Bagle
 
Hallo!
Wie ich das entfernen kann?
CPU Auslastung liegt immer bei 70 % und höher.
Danke.
Mein HiJackThis Logs:
Logfile of HijackThis v1.99.1
Scan saved at 18:04:57, on 23.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Programme\Spyware Nuker\swnxt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Free Download Manager\fdm.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Sun\StarOffice 8\program\soffice.exe
C:\Programme\Sun\StarOffice 8\program\soffice.BIN
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programme\Spyware Doctor\pctsGui.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\Software\pruefung.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.gmx.net/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.gmx.net/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.gmx.net/home
R3 - URLSearchHook: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programme\LphantBar\tbLph1.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programme\LphantBar\tbLph1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programme\LphantBar\tbLph1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programme\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SWN2] C:\Programme\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Programme\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LphantAutoRun] C:\Programme\Lphant\eLePhantClient.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: StarOffice 8.lnk = C:\Programme\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: GMX Browser Update (AdminSVC) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe

boston 23.03.2008 19:18
hallo, zjz,
welches av-programm hat bagle in welcher datei gefunden?

bitte lade dir hier
ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
blacklight herunter
dann als admin :
- i accept the agreement
- next
- scan

und dann poste das log, das du im blacklight-ordner findest.

ZJZ 23.03.2008 20:02
Danke

03/23/08 19:35:56 [Info]: BlackLight Engine 1.0.67 initialized
03/23/08 19:35:56 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/23/08 19:35:56 [Note]: 7019 4
03/23/08 19:35:56 [Note]: 7005 0
03/23/08 19:36:05 [Note]: 7006 0
03/23/08 19:36:05 [Note]: 7027 1
03/23/08 19:36:05 [Note]: 7027 0
03/23/08 19:36:13 [Note]: 7026 0
03/23/08 19:36:19 [Note]: 7026 0
03/23/08 19:36:19 [Note]: 7024 3
03/23/08 19:36:19 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
03/23/08 19:36:26 [Note]: FSRAW library version 1.7.1024
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Empty.txt
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Filters.xml
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\news.png
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\paint.png
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Profiles\Blank.txt
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Sample1.jpg
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Sample2.jpg
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Note]: 10002 2
03/23/08 19:39:03 [Note]: 10002 2
03/23/08 19:43:10 [Note]: 10002 2
03/23/08 19:43:10 [Note]: 10002 2
03/23/08 19:43:41 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
03/23/08 19:43:41 [Note]: 10002 2
03/23/08 19:43:41 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
03/23/08 19:43:41 [Note]: 10002 2
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\123093.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15748406.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\66078.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\100015.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\101937.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\103843.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\104500.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\105265.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\105843.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\107968.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\108984.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\110468.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\110500.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\111250.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\113578.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\114390.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1147390.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1148500.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\114953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1154937.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\115546.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1156015.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1158390.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\116140.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1161828.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1163078.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\116625.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1168234.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\117921.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1194656.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\119937.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1200046.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1203078.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1209109.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1212500.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1214015.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1221765.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15751312.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15754156.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15757296.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15758546.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\157609.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15765890.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15770578.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15775953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15787312.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15792031.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15829234.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15836890.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\159953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\163031.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\181593.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\188593.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\199703.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\206390.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\61000.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\61562.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\64359.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\65765.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\66484.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\68953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\70343.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\70953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\71203.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\71875.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\73359.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\74250.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\74343.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\75078.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\76671.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\77734.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\79515.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\79875.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\80359.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\80593.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\82968.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\88421.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\94734.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\98000.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\99609.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\124265.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1290859.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1298609.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\131765.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\135781.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\137046.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\142203.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\144875.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\151421.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\156218.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15692546.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15693609.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15699062.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15700250.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15702796.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15706062.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15706937.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15710687.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15741109.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Note]: 10002 2
03/23/08 19:43:45 [Note]: 10002 2
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 2
03/23/08 19:43:50 [Note]: 10002 2
03/23/08 19:51:57 [Note]: 7007 0

ZJZ 23.03.2008 20:24
Wurde von "PC Tools Spyware Doctor" gefunden.
Ich kann die zwei nicht löschen und beim Löschvorgang immer Neustart verlangt wird.
Habe ausprobiert, bringt nichts.
Danke für Ihre Hilfe.
ZJZ.


Trojan-Downloader.Bagle:

Registry-Wert
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA, NextInstance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, Type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, Start
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, DisplayName

Registry-Schlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa

**********************************************************************
E-mail-Worm.Bagle

Registry-Wert:
HKEY_USERS\S-1-5-21-839522115-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run, german.exe

boston 23.03.2008 20:28
Zitat:
Danke
hallo, zjz,
oh, mit dem bedanken solltest du warten.
da bagle in deinem system aktiv ist, führt leider kein
weg am neuaufsetzen vorbei.
http://www.trojaner-board.de/12154-a...sicherung.html
was seit der infektion mit deinem rechner passiert ist, kannst du hier nachlesen:
Technische Kompromittierung - Wikipedia
Botnet - Wikipedia

ZJZ 23.03.2008 20:54
Hallo,
Wenn ich alle meine Daten auf cd kopiere, wird auch Wurm mitkopiert?
Danke

boston 23.03.2008 21:02
hallo,
eigene dokumente, bilder und musik kannst du sichern,
keine ausführbaren dateien.
Computersicherheit - Dateiendungen
am sichersten ist das kopieren der dateien mit einer
live-cd wie z.b. puppy linux.
nach dem neuaufsetzen die dateien
mit einem scanner überprüfen.

ZJZ 24.03.2008 21:48
Danke. Wird gemacht.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19