Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   Backdoor.TDSS.asz und TDSS.atb gefunden (https://www.trojaner-board.de/65396-backdoor-tdss-asz-tdss-atb-gefunden.html)

El_Kimmo 28.11.2008 19:39
Backdoor.TDSS.asz und TDSS.atb gefunden
 
Spyware terminator hat diese beiden Viren gefunden, die tauchen immer wieder auf.

Logfile of Spyware Terminator v2.3.0.488 (db:2.011.028.000)
Scan Time: 28.11.2008 18:48:25 length: 98 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 44042 (Critical:2)
Filter: No System items, No Safe items, No Invalid items

Running Processes
aawservice.exe [Lavasoft] : C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
AppleMobileDeviceService.exe [Apple Inc.] : C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
nvsvc32.exe [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
PnkBstrA.exe : C:\WINDOWS\system32\PnkBstrA.exe
iPodService.exe [Apple Inc.] : C:\Programme\iPod\bin\iPodService.exe
vlc.exe [VideoLAN Team] : C:\Programme\VideoLAN\VLC\vlc.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = *.local
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - [Yahoo! Inc.] : C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll

Toolbars
03 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [Yahoo! Inc.] : C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, iIWiper : [iISoftware] : C:\Programme\IISYSTEM WIPER\SYSTEMWIPER.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, UnlockerAssistant : : C:\Programme\UNLOCKER\UNLOCKERASSISTANT.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SBCSTray : [Sunbelt Software] : C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
04 - Startup: %STARTUP%\Telefonauskunft und Rückwärtssuche auf CD-ROM - Schnellstarter.lnk [klickTel AG] : C:\Programme\Telefonauskunft und Rückwärtssuche\Telefonauskunft + Rückwärtssuche auf CD-ROM\KSTART32.EXE

Shell Extensions
- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - [Sun Microsystems, Inc.] : C:\Programme\OpenOffice.org 2.1\program\shlxthdl.dll
- {087B3AE3-E237-4467-B8DB-5A38AB959AC9} - [Sun Microsystems, Inc.] : C:\Programme\OpenOffice.org 2.1\program\shlxthdl.dll
- {63542C48-9552-494A-84F7-73AA6A7C99C1} - [Sun Microsystems, Inc.] : C:\Programme\OpenOffice.org 2.1\program\shlxthdl.dll
- {3B092F0C-7696-40E3-A80F-68D74DA84210} - [Sun Microsystems, Inc.] : C:\Programme\OpenOffice.org 2.1\program\shlxthdl.dll
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Programme\WinRAR\rarext.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Programme\Real\RealPlayer\rpshell.dll
Nokia Phone Browser - {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - [Nokia] : C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
Message View - {C0C4375A-5B72-4efe-929D-3B848C3A1E91} - [Nokia] : C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll
UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - : C:\Programme\Unlocker\UnlockerCOM.dll
iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - [Apple Inc.] : C:\Programme\iTunes\iTunesMiniPlayer.dll
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

Protocol Handler
IEProtocolHandler Class - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - [Skype Technologies] : C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll

Services
23 - [Lavasoft] : C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
23 - [Apple Inc.] : C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23 - [GEAR Software Inc.] : C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\RtkHDAud.sys
23 - [Apple Inc.] : C:\Programme\iPod\bin\iPodService.exe
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
23 - : C:\WINDOWS\system32\PnkBstrA.exe
23 - [Realtek Semiconductor Corporation] : C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23 - : C:\WINDOWS\system32\drivers\sbhr.sys

IE URL Search Hooks
Yahoo! Toolbar - {{EF99BD32-C1FB-11D2-892F-0090271D4F88}} - [Yahoo! Inc.] : C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll

Threat Files
<Backdoor.TDSS.asz> : C:\WINDOWS\system32\TDSSnrsr.dll
<Backdoor.TDSS.atb> : C:\WINDOWS\system32\TDSSriqp.dll

Advanced Files Report
%PROGRAMFILES%\Lavasoft\Ad-Aware\aawservice.exe [Lavasoft] [Ad-Aware Service] MD5=17067069B9A7865028C1F2E6971D0CCC SIZE=611664
%PROGRAMFILES%\Lavasoft\Ad-Aware\CEAPI.dll [Lavasoft] [CEAPI Dynamic Link Library] MD5=4E0BC5EA2FAF42E7702F80BC69EF7EAB SIZE=804200
%PROGRAMFILES%\Lavasoft\Ad-Aware\PKArchive85u.dll [PKWARE, Inc.] [PKWARE Archive API] MD5=46374252AFA0A37F4F7AF528F6F16B96 SIZE=907096
%PROGRAMFILES%\Alwil Software\Avast4\German\Base.dll [ALWIL Software] [avast! Antivirus] MD5=841E57A717788EDEE7CB69FB01FCDB81 SIZE=65536
%SYSDIR%\CNMLM85.DLL [CANON INC.] [Canon IJ Printer Driver] MD5=DF6BE05B03F506A62B3EB786D0336ED1 SIZE=197632
%SYSDIR%\spool\PRTPROCS\W32X86\CNMPD85.DLL [CANON INC.] [Canon IJ Printer Driver] MD5=FEC3ACE4D5E9B8B13C401941EE50F476 SIZE=27136
%SYSDIR%\spool\DRIVERS\W32X86\3\CNMUI85.DLL [CANON INC.] [Canon IJ Printer Driver] MD5=8489EDA0D2B53505CC98C02C3BCB751D SIZE=1867264
%PROGRAMFILES%\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [Nokia] [Phone Browser] MD5=2861FD3CE98A4D49F19446E285E2FD20 SIZE=516096
%PROGRAMFILES%\Nokia\Nokia PC Suite 6\PCSCM.dll [Nokia] [PCSCM] MD5=C9E3EBED45C10C67D2CDF17B4CF1B3D4 SIZE=520192
%SYSDIR%\ConnAPI.DLL [Nokia.] [Nokia Connectivity API] MD5=B89B2A848FA71E6BC82585580EB4FCE2 SIZE=246272
%PROGRAMFILES%\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ger.nlr [Nokia] [Nokia Phone Browser] MD5=E92929471F2FD77B30F85A7F46FDD361 SIZE=57344
%PROGRAMFILES%\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr [Nokia] [Nokia Phone Browser] MD5=C4F477501075E595A6279AB51708637D SIZE=581632
%PROGRAMFILES%\OpenOffice.org 2.1\program\shlxthdl.dll [Sun Microsystems, Inc.] MD5=AC548E2D1AEA3B1C4FF3DC9BB737383D SIZE=335872
%PROGRAMFILES%\OpenOffice.org 2.1\program\uwinapi.dll [Sun Microsystems, Inc.] MD5=0724A7FEF633C670ED97E047808E8985 SIZE=98304
%PROGRAMFILES%\OpenOffice.org 2.1\program\stlport_vc7145.dll [STLport Consulting, Inc.] [STLport Standard ANSI C++ Libarary] MD5=D66A53BD97E40512C20E99260D43FD11 SIZE=577536
%PROGRAMFILES%\WinRAR\rarext.dll MD5=3458E55E74B620F0C07D2E82F48E4156 SIZE=126976
%PROGRAMFILES%\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.DLL [Apple Inc.] [iTunes] MD5=59F42576BED9D61502F4B057DED8CAD3 SIZE=43520
%PROGRAMFILES%\iTunes\iTunesHelper.Resources\iTunesHelper.DLL [Apple Inc.] [iTunes] MD5=F6CF001DB2DA7BFDB3F785E005530481 SIZE=42496
%PROGRAMFILES%\QuickTime\QTSystem\QuickTime.qts [Apple Inc.] [QuickTime] MD5=AFDCC9F772B713C98FA28392E7A4BF4A SIZE=13217792
%COMMONFILES%\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll [Apple Inc.] [iTunesMobileDevice] MD5=382D8D60E88E780BD1F031A9D2413605 SIZE=1187840
%PROGRAMFILES%\Alwil Software\Avast4\German\Lang.dll [ALWIL Software] [avast! Antivirus] MD5=8D5F6FFF90155E0D4A626CE1D94BD83E SIZE=2555904
%COMMONFILES%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [Apple Inc.] [Apple Mobile Device Service] MD5=F293992F9CEEF6EA00CE52C3094E59E9 SIZE=116040
%SYSDIR%\nvsvc32.exe [NVIDIA Corporation] [NVIDIA Driver Helper Service, Version 93.71] MD5=0FEBE37DB6650FAA5965C00545009D1D SIZE=159810
%SYSDIR%\nvapi.dll [NVIDIA Corporation] [NVIDIA Windows drivers] MD5=A007278EC9D59216274DD0154FF0BBAA SIZE=212992
%SYSDIR%\PnkBstrA.exe MD5=831883B107684301F48ACE752C963984 SIZE=66872
%SYSDIR%\CNCC510.DLL [CANON INC.] [WIA Scanner Driver] MD5=24DDBD40A3197C334BCEF9B5EFE2016D SIZE=1298432
%SYSDIR%\CNCL510.DLL [Canon Inc.] [Canon MP] MD5=D321D63FE2AC4DF5BB08A0519BAD99A4 SIZE=135168
%PROGRAMFILES%\Alwil Software\Avast4\German\langmai.dll [ALWIL Software] [avast! Antivirus] MD5=2F8A28BE137214443944E808D0A70F1B SIZE=44032
%PROGRAMFILES%\iPod\bin\iPodService.exe [Apple Inc.] [iTunes] MD5=3E1544C58548E3332C3F11768BEDE52E SIZE=536872
%PROGRAMFILES%\iPod\bin\iPodService.Resources\de.lproj\iPodServiceLocalized.DLL [Apple Inc.] [iTunes] MD5=A64C749836ECAE887E78F36D669D3FE4 SIZE=43520
%PROGRAMFILES%\iPod\bin\iPodService.Resources\iPodService.DLL [Apple Inc.] [iTunes] MD5=51CA810FB3C11370F3904165036A31A5 SIZE=42496
%PROGRAMFILES%\ICQ6\coolcore49.dll [AOL LLC] [COOL Component Libraries] MD5=4F27D1BACAF09D1919484355B341C868 SIZE=782336
%PROGRAMFILES%\icq6\services\boxelyRenderer\VER2_5_5_1\boxelyRenderer.dll [AOL LLC] [AOL Service Libraries] MD5=6AE77FD5C93B080EF40ACC6AFF5276D7 SIZE=1949696
%PROGRAMFILES%\ICQ6\MBContainer.dll [ICQ, Inc.] [ICQ] MD5=55953D5C4F622F5FE46440AF0ADC0273 SIZE=89088
%SYSDIR%\Macromed\Flash\Flash9c.ocx [Adobe Systems, Inc.] [Shockwave Flash] MD5=82FCE4AC7EC2D077A8DD3C14EDEAD219 SIZE=2267368
%PROGRAMFILES%\icq6\services\urlData\ver1_5_2_1\urlData.dll [AOL LLC] [urlData Service] MD5=8CB46CE48E0855A20C9E5A97117D56D4 SIZE=89600
%PROGRAMFILES%\ICQ6\SSCE5532.dll [Wintertree Software Inc.] [Sentry Spelling-Checker Engine for Windows] MD5=1AA5DBA01D4C2C252C8BBE92DD2AE119 SIZE=229376
%SYSDIR%\Macromed\Flash\NPSWF32.dll [Adobe Systems, Inc.] [Shockwave Flash] MD5=3FB0E232B73881A9CF393816BF6371B2 SIZE=2115816
%PROGRAMFILES%\Unlocker\UnlockerCOM.dll MD5=DA66CEAF1DEF4DA337F1542E0308483D SIZE=10240
%SYSDIR%\ShellExt\DateEd32.dll [Ninotech] [Ninotech Date Edit] MD5=68F63FB152589D1CCC7677D0EE1CD382 SIZE=94208
%PROGRAMFILES%\VideoLAN\VLC\vlc.exe [VideoLAN Team] MD5=F75923B823853EDA310FF041BACB7F3E SIZE=96256
%PROGRAMFILES%\VideoLAN\VLC\libvlc.dll MD5=9D37B9DBC9A6F5C65A6F25068D2E0315 SIZE=2735104
%PROGRAMFILES%\VideoLAN\VLC\plugins\libdshow_plugin.dll MD5=151E75C82E06D358B0F044480606F036 SIZE=115200
%PROGRAMFILES%\VideoLAN\VLC\plugins\libskins2_plugin.dll MD5=6A56FEDF20B5C1034366A687A40806B6 SIZE=1835520
%PROGRAMFILES%\VideoLAN\VLC\plugins\libvout_directx_plugin.dll MD5=A9E7E785E6085EBF454F8C0CE9152641 SIZE=41472
%PROGRAMFILES%\VideoLAN\VLC\plugins\libhotkeys_plugin.dll MD5=EDFDE990C3E5E16B69F5BA72ED97A91D SIZE=20480
%PROGRAMFILES%\VideoLAN\VLC\plugins\libwxwidgets_plugin.dll MD5=A7DC9C4A6D7F60021663C7E0FF5AEE64 SIZE=2793984
%PROGRAMFILES%\VideoLAN\VLC\plugins\libdvdnav_plugin.dll MD5=9274AA94C854BF88595B04637E20FACE SIZE=205312
%PROGRAMFILES%\VideoLAN\VLC\plugins\libvcd_plugin.dll MD5=D16DE893944B2778F2B893F06FFCEB89 SIZE=23040
%PROGRAMFILES%\VideoLAN\VLC\plugins\libaccess_directory_plugin.dll MD5=91D8766B291F9E4302823A575A17A9C1 SIZE=13312
%PROGRAMFILES%\VideoLAN\VLC\plugins\libaccess_file_plugin.dll MD5=5A38C36FFD7279F338B73C669D995B6E SIZE=12288
%PROGRAMFILES%\VideoLAN\VLC\plugins\libasf_plugin.dll MD5=AAF5A2A72D90F72088FEF4BA8C882F5A SIZE=50688
%PROGRAMFILES%\VideoLAN\VLC\plugins\libfake_plugin.dll MD5=81DC9596E1284F615AE79E23F4797B3F SIZE=10240
%PROGRAMFILES%\VideoLAN\VLC\plugins\libpng_plugin.dll MD5=6A30C618E775F63A71BFE2F40159EFAC SIZE=175104
%PROGRAMFILES%\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll MD5=29067514A9D02F383C6BAE85B47D11EC SIZE=111616
%PROGRAMFILES%\VideoLAN\VLC\plugins\liba52_plugin.dll MD5=6830A1E6B372BD9625470A9963271D94 SIZE=10752
%PROGRAMFILES%\VideoLAN\VLC\plugins\libaraw_plugin.dll MD5=9F323AB1DBA0ED6FA5526986E3396CEE SIZE=21504
%PROGRAMFILES%\VideoLAN\VLC\plugins\libcinepak_plugin.dll MD5=52E92104396E7D55BBD80421385B05DE SIZE=13312
%PROGRAMFILES%\VideoLAN\VLC\plugins\libdts_plugin.dll MD5=AEBF7F9F4393E7B42589E7EB9E71AA67 SIZE=12800
%PROGRAMFILES%\VideoLAN\VLC\plugins\libfaad_plugin.dll MD5=E541EF89CF5EEB4E3279ADC5C6E65C30 SIZE=291840
%PROGRAMFILES%\VideoLAN\VLC\plugins\libflacdec_plugin.dll MD5=906C3874263EAD80CFF43021002C44E4 SIZE=134656
%PROGRAMFILES%\VideoLAN\VLC\plugins\liblpcm_plugin.dll MD5=DE5BEA6080DEA7B15606B9579254451F SIZE=8704
%PROGRAMFILES%\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll MD5=59942F9CDAC0EAB07B9DFFE638F6C6B9 SIZE=12800
%PROGRAMFILES%\VideoLAN\VLC\plugins\libspeex_plugin.dll MD5=64D3B2CA15CBCDD325C287DB08F080EE SIZE=107008
%PROGRAMFILES%\VideoLAN\VLC\plugins\libtheora_plugin.dll MD5=D971E0F869EE6DE515044B8A824CAC65 SIZE=194048
%PROGRAMFILES%\VideoLAN\VLC\plugins\libvorbis_plugin.dll MD5=9F2266A99C4551373A45A9ABDA3E969D SIZE=1171456
%PROGRAMFILES%\VideoLAN\VLC\plugins\libffmpeg_plugin.dll MD5=C66DE23CBD17D6DD2E89FCF6A32AB957 SIZE=4214272
%PROGRAMFILES%\VideoLAN\VLC\plugins\libaout_directx_plugin.dll MD5=56B35299314277F398D45E4A0B561075 SIZE=18432
%PROGRAMFILES%\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll MD5=BA3C4264F484906AD47DF6E448FA7C97 SIZE=40448
%PROGRAMFILES%\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll MD5=868B1E487C817E84CD85A20DB82AC529 SIZE=148992
%PROGRAMFILES%\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll MD5=93B09D47375F7D139C3DC1D17FEC72FE SIZE=92160
%PROGRAMFILES%\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll MD5=E9A4F5B179EBF5EADBC21ED57D4755B7 SIZE=23040
%PROGRAMFILES%\VideoLAN\VLC\plugins\libs16tofixed32_plugin.dll MD5=55D7834C63090D229CB7E5E0D1EE4F58 SIZE=7168
%PROGRAMFILES%\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll MD5=87819E09C52AFAA445E27EDFD84EE210 SIZE=6656
%PROGRAMFILES%\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll MD5=B0F8590C7101770ED883B018D8C71A48 SIZE=7680
%PROGRAMFILES%\VideoLAN\VLC\plugins\libfixed32tofloat32_plugin.dll MD5=F999A3344F5CD04FED063255BAB4A710 SIZE=7680
%PROGRAMFILES%\VideoLAN\VLC\plugins\libfixed32tos16_plugin.dll MD5=443043E530F82E7615E4AC287A3B0274 SIZE=7168
%PROGRAMFILES%\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll MD5=4E560F8FE264A92D17B1F485E2FDFC96 SIZE=7680
%PROGRAMFILES%\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll MD5=0794749AC921CCAE53CFE3F13AFE064E SIZE=10752
%PROGRAMFILES%\VideoLAN\VLC\plugins\liblinear_resampler_plugin.dll MD5=CA954519138D9314664023220406F9EE SIZE=9728
%PROGRAMFILES%\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll MD5=E261C941DFC97A95F5BB0CD3062A9C59 SIZE=7168
%PROGRAMFILES%\VideoLAN\VLC\plugins\libfloat32tos16_plugin.dll MD5=212953E3B324B64446BB8BFAE92F67B0 SIZE=7168
%PROGRAMFILES%\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll MD5=5CE61F1FBF5D369454F4D64971342E79 SIZE=8192
%PROGRAMFILES%\VideoLAN\VLC\plugins\libfloat32tos8_plugin.dll MD5=11DDB35E6D9167917D8CB857C4FF08EA SIZE=8192
%PROGRAMFILES%\VideoLAN\VLC\plugins\libfloat32tou16_plugin.dll MD5=74DD9F9D379A7C7E36E1511656B49675 SIZE=8704
%PROGRAMFILES%\VideoLAN\VLC\plugins\libfloat32tou8_plugin.dll MD5=98A1490053729A77C9074FC6A7042864 SIZE=8192
%PROGRAMFILES%\VideoLAN\VLC\plugins\libs16tofloat32swab_plugin.dll MD5=25A5C2E7B2ECC7225E6F25BB1546A8B6 SIZE=7680
%PROGRAMFILES%\VideoLAN\VLC\plugins\libs16tofloat32_plugin.dll MD5=E5DFC76CEFDAF72CD5E4F192D2E623CD SIZE=7680
lsdelete
%PROGRAMFILES%\Telefonauskunft und Rückwärtssuche\Telefonauskunft + Rückwärtssuche auf CD-ROM\KSTART32.EXE [klickTel AG] [Schnellstarter für klickTel] MD5=B6DBAFA27A2E766A434D4640A2E23571 SIZE=4679168
%PROGRAMFILES%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Inc.] [Yahoo! Toolbar] MD5=A6D643A5F5B416FCC1C8049BBAF763BA SIZE=817936
deskpan.dll
%PROGRAMFILES%\ICQLite\ICQLiteShell.dll
%PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=68718FBFE1513AAEED9BF319D912BB47 SIZE=49198
%PROGRAMFILES%\Nokia\Nokia PC Suite 6\MessageView.dll [Nokia] [Phone Browser Message View] MD5=71431373C6A5A019DA89EA6207B245B6 SIZE=256512
%PROGRAMFILES%\iTunes\iTunesMiniPlayer.dll [Apple Inc.] [iTunes] MD5=F3D72B08AE85EC06417BDFB8DA24B6EA SIZE=132392
%SYSDIR%\nvshell.dll [NVIDIA Corporation] [NVIDIA Desktop Explorer, Version 110.60] MD5=4450BBAF1B77F2B87AB9C5EE4E69532C SIZE=466944
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\GEARAspiWDM.sys [GEAR Software Inc.] [CD DVD Filter] MD5=AB8A6A87D9D7255C3884D5B9541A6E80 SIZE=15464
%SYSDIR%\drivers\RtkHDAud.sys [Realtek Semiconductor Corp.] [Realtek(r) High Definition Audio Function Driver (HRTF data Copyright 1994 by MIT Media Lab)] MD5=909D03B3B7FB7C830B74F74F4D0EA7CE SIZE=4304384
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\svchost -k rpcss
%SYSDIR%\DRIVERS\Rtenicxp.sys [Realtek Semiconductor Corporation] [Realtek 10/100/1000 NIC Family all in one NDIS Driver] MD5=D6E1B1BD04FAD422AF17FC4B810CB9AF SIZE=78976
%SYSDIR%\drivers\sbhr.sys [Active Protection SDK] MD5=C6EA8D8C6442648746F69E3D75CACF98 SIZE=15544
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\svchost.exe -k WudfServiceGroup
%COMMONFILES%\Skype\Skype4COM.dll [Skype Technologies] [Skype4COM] MD5=1FBFDD76B096C617AE911B57CFAE7798 SIZE=1828440
%SYSDIR%\vxblock.dll [Sonic Solutions] MD5=454CB3FCA343B5612E808ABA75311273 SIZE=39672
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=CB23B162AC655F24C6711A5F5DF348C6 SIZE=61440
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=1B7524806D0270B81360C63A2FA047CB SIZE=1101824
%SYSDIR%\MFC71DEU.DLL [Microsoft Corporation] [Microsoft® Visual Studio .NET] MD5=C94D9D5B96D385586063093BAAD8F206 SIZE=65536

End of Report


Quarantäneprozess:

Strukturen vorbereiten
Systemwiederherstellungspunkt erstellen
Quarantäne Backdoor.TDSS.asz
Verschobene Datei: C:\WINDOWS\system32\TDSSnrsr.dll
Verschobene Datei: C:\WINDOWS\system32\TDSSnrsr.dll
Dateidetektion fehlgeschlagen: C:\WINDOWS\system32\TDSSnrsr.dll
Quarantäne Backdoor.TDSS.atb
Verschobene Datei: C:\WINDOWS\system32\TDSSriqp.dll
Verschobene Datei: C:\WINDOWS\system32\TDSSriqp.dll
Dateidetektion fehlgeschlagen: C:\WINDOWS\system32\TDSSriqp.dll
Systemwiederherstellungspunkt schließen
Fertig


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131