antiviirus.exe,drnpfdxwlv.dll,BootChk.dll,zip.dll,altvxvm.dll,tmp0.exe

"Worm.Win32.NetSky" - antiviirus.exe,drnpfdxwlv.dll,BootChk.dll,zip.dll,altvxvm.dll,tmp0.exe

antiviirus.exe

AntiVir 7.6.0.73 2008.03.17 TR/Agent.fwi 
ClamAV 0.92.1 2008.03.17 Trojan.Dropper-5246
eTrust-Vet 31.3.5621 2008.03.17 Win32/Pripecs.JK
F-Secure 6.70.13260.0 2008.03.17 Trojan-Downloader.Win32.Small.ivo
Ikarus T3.1.1.20 2008.03.17 Trojan-Clicker.Win32.Small.BG
Kaspersky 7.0.0.125 2008.03.17 Trojan-Downloader.Win32.Small.ivo
Microsoft 1.3301 2008.03.16 TrojanDownloader:Win32/Zirit.A
NOD32v2 2952 2008.03.17 a variant of Win32/TrojanDropper.Agent.EYA 
Norman 5.80.02 2008.03.17 W32/DLoader.GEAT 

2008-03-13 08:53 . 2008-03-13 08:53 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-03-13 07:11 . 2008-03-13 07:11 16,468 -r-hs---- C:\Programme\tmp41078.exe
2008-03-13 07:11 . 2008-03-13 07:11 16,468 -r-hs---- C:\Programme\tmp36031.exe
2008-03-12 22:12 . 2008-03-12 22:12 16,468 -r-hs---- C:\Programme\tmp71937.exe
2008-03-12 22:11 . 2008-03-12 22:11 16,468 -r-hs---- C:\Programme\tmp66875.exe
2008-03-12 22:12 . 2008-03-12 22:12 16,468 -r-hs---- C:\Programme\tmp71937.exe
2008-03-12 22:11 . 2008-03-12 22:11 16,468 -r-hs---- C:\Programme\tmp66875.exe
2008-03-12 22:08 . 2008-03-12 22:08 16,468 -r-hs---- C:\Programme\tmp6048593.exe
2008-03-12 22:07 . 2008-03-12 21:04 253,952 --a------ C:\WINDOWS\drnpfdxsvw.dll
2008-03-12 22:07 . 2008-03-12 21:04 241,664 --a------ C:\WINDOWS\altvxvm.dll
2008-03-12 22:07 . 2008-03-12 21:04 204,800 --a------ C:\WINDOWS\etlrlws.dll
2008-03-12 22:07 . 2008-03-12 21:04 94,208 --a------ C:\WINDOWS\fmsxwqs.exe
2008-03-12 22:07 . 2008-03-12 22:07 21,592 --a------ C:\Programme\antiviirus.exe
2008-03-12 22:07 . 2008-03-12 22:07 16,468 -r-hs---- C:\Programme\tmp6043578.exe
2008-03-12 22:07 . 2008-03-12 22:07 16,468 -r-hs---- C:\Programme\tmp6008515.exe
2008-03-12 22:07 . 2008-03-12 22:07 16,468 -r-hs---- C:\Programme\tmp6003515.exe

Trojan Files Found:

C:\WINDOWS\Installer\{e80b8fe9-3310-457e-9460-0aad4b57c011}\DrvAlrt.dll - Deleted
C:\WINDOWS\Installer\{39f9f6b4-e832-49ce-88e7-9c9e8feb27e0}\zip.dll - Deleted
C:\WINDOWS\Installer\{757edd1b-90af-41bd-ac0a-9981eb80e5db}\PrxRunOnce.dll - Deleted
C:\WINDOWS\drnpfdxsvw.dll - Deleted
C:\Programme\antiviirus.exe - Deleted
C:\WINDOWS\altvxvm.dll - Deleted
C:\WINDOWS\etlrlws.dll - Deleted
C:\WINDOWS\fmsxwqs.exe - Deleted

Folder C:\WINDOWS\Installer\{e80b8fe9-3310-457e-9460-0aad4b57c011} - Removed
Folder C:\WINDOWS\Installer\{39f9f6b4-e832-49ce-88e7-9c9e8feb27e0} - Removed
Folder C:\WINDOWS\Installer\{757edd1b-90af-41bd-ac0a-9981eb80e5db} - Removed

Files with Hidden Attributes :

Thu 13 Mar 2008 16,468 ..SHR --- "C:\Programme\tmp26671.exe"
Thu 13 Mar 2008 16,468 ..SHR --- "C:\Programme\tmp27968.exe"
Thu 13 Mar 2008 16,468 ..SHR --- "C:\Programme\tmp30343.exe"
Thu 13 Mar 2008 16,468 ..SHR --- "C:\Programme\tmp30671.exe"

usw.
usw.

Infizierte Dateien:
C:\Programme\tmp6003515.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Programme\tmp6008515.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Programme\tmp6043578.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Programme\tmp6048593.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Programme\tmp26671.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.

KILLALL:: 

Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D504883-70CA-48BD-A282-639753D3B0CE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D7990CB-1D01-4554-9EED-75BDC6406FC2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"altvxvm"=-
"bokpkov"=-
"BootChk"=-
"bokpkov"=-
"DrvAlrt"=-
"dwnrpofk"=-
"PrxRunOnce"=-
"SrvDrv"=-
"vbgtorfd"=-
"zip"=-

File:: 
C:\Programme\tmp1.exe
C:\Programme\tmp0.exe
C:\WINDOWS\altvxvm.dll
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\drnpfdxsfn.dll
C:\WINDOWS\dwnrpofk.dll 
C:\WINDOWS\etlrlws.dll
C:\WINDOWS\fmsxwqs.exe
C:\WINDOWS\vbgtorfd.dll 
C:\Programme\antiviirus.exe

Folder:: 
C:\WINDOWS\Installer\{baa8c74c-43b5-453b-ab33-285fa8b45603}
C:\WINDOWS\Installer\{e80b8fe9-3310-457e-9460-0aad4b57c011}
C:\WINDOWS\Installer\{39f9f6b4-e832-49ce-88e7-9c9e8feb27e0}
C:\WINDOWS\Installer\{757edd1b-90af-41bd-ac0a-9981eb80e5db}
C:\WINDOWS\Installer\{753956ec-c3cb-4857-aaa2-2bc381af5fba}
C:\WINDOWS\Installer\{6cf97c8a-ca75-4ff1-86c8-0bb8634c89be}
C:\WINDOWS\Installer\{9690aab9-fcfe-4b8a-a3d2-dfd4d2bff0de}
C:\WINDOWS\Installer\{e8560666-4996-4ed4-99cd-266bc398e83a}
C:\Dokumente und Einstellungen\%Username%\Desktopvirii
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\orujsxwr

(((((( Weitere Löschungen )))))))))))

C:\Programme\akl
C:\Programme\akl\akl.dll
C:\Programme\akl\akl.exe
C:\Programme\akl\uninstall.exe
C:\Programme\akl\unsetup.exe

C:\Programme\spylocked 4.3
C:\Programme\spylocked 4.3\ignored.lst
C:\Programme\spylocked 4.3\sd.ini

C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe

(((( Dateien erstellt von 2008-02-27 bis 2008-03-27 )))))))))

2008-03-27 10:44 . 2008-03-27 10:44 DIR d-------- C:\Dokumente und Einstellungen\%Username%\Desktopvirii

2008-03-27 10:44 . 2008-03-27 10:44 4,096 --a------ C:\Dokumente und Einstellungen\%Username%\DesktopTrojan.Win32.BlackBird.exe
2008-03-27 10:44 . 2008-03-27 10:44 4,096 --a------ C:\Dokumente und Einstellungen\%Username%\DesktopFWebdEditor.exe
2008-03-27 10:44 . 2008-03-27 10:44 4,096 --a------ C:\Dokumente und Einstellungen\%Username%\Desktopfwebd.exe
2008-03-27 10:44 . 2008-03-27 10:44 4,096 --a------ C:\Dokumente und Einstellungen\%Username%\Desktopfkwp2.0.exe
2008-03-27 10:44 . 2008-03-27 10:44 4,096 --a------ C:\Dokumente und Einstellungen\%Username%\Desktopfkwp1.5.exe
2008-03-27 10:44 . 2008-03-27 10:44 4,096 --a------ C:\Dokumente und Einstellungen\%Username%\Desktopfilemanagerclient.exe
2008-03-27 10:44 . 2008-03-27 10:44 4,096 --a------ C:\Dokumente und Einstellungen\%Username%\DesktopEditorFKWP2.0.exe
2008-03-27 10:44 . 2008-03-27 10:44 4,096 --a------ C:\Dokumente und Einstellungen\%Username%\DesktopEditorFKWP1.5.exe
2008-03-27 10:43 . 2008-03-27 10:43 DIR d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\orujsxwr

2008-03-27 10:43 . 2008-03-26 17:28 221,184 --a------ C:\WINDOWS\vbgtorfd.dll
2008-03-27 10:43 . 2008-03-26 17:28 212,992 --a------ C:\WINDOWS\kdftlboedsb.dll
2008-03-27 10:43 . 2008-03-27 10:43 110,592 --a------ C:\WINDOWS\system32\cpepylcb.exe - TR/Crypt.XPACK.Gen (Antivirus)
2008-03-27 10:43 . 2008-03-26 17:28 81,920 --a------ C:\WINDOWS\norlatmx.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {9690aab9-fcfe-4b8a-a3d2-dfd4d2bff0de} - C:\WINDOWS\Installer\{9690aab9-fcfe-4b8a-a3d2-dfd4d2bff0de}\zip.dll 
"vbgtorfd"= {56687D8C-7B0F-4199-8385-375F7356FA41} - C:\WINDOWS\vbgtorfd.dll 
"dwnrpofk"= {1313448A-BCE4-4767-8888-D5F53365B70C} - C:\WINDOWS\dwnrpofk.dll 
"ChkRom"= {e8560666-4996-4ed4-99cd-266bc398e83a} - C:\WINDOWS\Installer\{e8560666-4996-4ed4-99cd-266bc398e83a}\ChkRom.dll