Trojaner spy.win32@mx

Rolli-04
Gast

« am: 13.10.07, 12:53:03 »

Hallo!

Mein PC ist mit dem Trojaner spy.win32@mx infiziert. Ich habe die Anweisungen, die in einem Thread (vom 5.11.06) standen, befolgt. Abschließend habe ich die Internetscanner Panda und Bitdefender scannen lassen. Bitdefender hat aber dennoch Probleme gefunden. Was soll ich nun tun???

Ich füge den Report von Bitdefender und das Hijack-Logfile an.

Vielen Dank für Eure Hilfe im Voraus!

Rolli-04

BitDefender Online Scanner

Scan report generated at: Sat, Oct 13, 2007 - 12:26:47

Scan path: A:\;C:\:\;E:\;F:\;G:\;H:\;

Statistics

Time
01:49:44

Files
318825

Folders
11727

Boot Sectors
2

Archives
13068

Packed Files
12514

Results

Identified Viruses
4

Infected Files
7

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
7

Engines Info

Virus Definitions
826560

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tatss\patchme.exe=>(VISE Installer o)=>dpi.exe
Detected with: Application.Downloader.Js

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tatss\patchme.exe=>(VISE Installer o)=>dpi.exe
Disinfection failed

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tatss\patchme.exe=>(VISE Installer o)=>dpi.exe
Deleted

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tatss\patchme.exe=>(VISE Installer o)
Update failed

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tatss\patchme.exe=>(VISE Installer o)=>dpi.exe
Detected with: Application.Downloader.Js

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tatss\patchme.exe=>(VISE Installer o)=>dpi.exe
Disinfection failed

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tatss\patchme.exe=>(VISE Installer o)=>dpi.exe
Deleted

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tatss\patchme.exe=>(VISE Installer o)
Update failed

C:\Programme\Kazaa\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\Programme\Kazaa\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\Programme\Kazaa\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\Programme\Kazaa\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)
Updated

C:\Programme\Kazaa\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)
Update failed

C:\Programme\Kazaa\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 208)
Infected with: Trojan.Downloader.3346.A

C:\Programme\Kazaa\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 208)
Disinfection failed

C:\Programme\Kazaa\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 208)
Deleted

C:\Programme\Kazaa\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab
Update failed

C:\Programme\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\Programme\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\Programme\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\Programme\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)
Updated

C:\Programme\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)
Update failed

C:\Programme\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 208)
Infected with: Trojan.Downloader.3346.A

C:\Programme\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 208)
Disinfection failed

C:\Programme\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 208)
Deleted

C:\Programme\Kazaa\My Shared Folder\kmd202_de.exe=>(CAB Sfx o)=>\Disk1\data2.cab
Update failed

C:\WINDOWS\system32\c.bat
Infected with: Generic.Botget.40345B5D

C:\WINDOWS\system32\c.bat
Deleted

Moderator informieren

Antworten zu Trojaner spy.win32@mx:

Rolli-04
Gast

Re: Trojaner spy.win32@mx

« Antwort #1 am: 13.10.07, 12:53:30 »

Logfile of HijackThis v1.99.1
Scan saved at 12:41:53, on 13.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\0190WA~1\WARN0190.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
C:\Programme\22M WLAN\WLANMON.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\kernel.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
c:\programme\t-online\t-online_software_6\browser\Browser.exe
C:\Dokumente und Einstellungen\Rolf\Desktop\Antivirenprogramme\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/quicktime/resources/qt4/us/buynow
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {990E8098-05E8-4C64-B39C-EB13C850F768} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P36 "EPSON Stylus DX3800 Series (Kopie 1)" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [NI.UGA6P_0001_N115M0110] "c:\dokumente und einstellungen\rolf\anwendungsdaten\install_en[1].exe" -nag
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - Global Startup: 22M WLAN Adapter Utility.lnk = C:\Programme\22M WLAN\WLANMON.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Dokumente und Einstellungen\Nicole\Lokale Einstellungen\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Moderator informieren

ersguterjunge (7.378)

35x Beste Antwort

50x "Danke"

Re: Trojaner spy.win32@mx

« Antwort #2 am: 13.10.07, 13:32:27 »

Hat dir diese Antwort geholfen?

Hallo,
du hast einen W32/Stubbot-B drauf,dass ist ein IRC-Backdoortrojaner mit Wurmfunktionalität.

siehe hier:
http://www.sophos.de/security/analyses/w32stubbotb.html

der zugehörige Prozess ist dieser hier:
C:\WINDOWS\System32\gearsec.exe

bzw.

O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

Daher würde ich dir raten den Pc zu formatieren.

http://www.trojaner-board.de/12154-anleitung-neuaufsetzen-des-systems-und-anschliessende-absicherung.html

Moderator informieren

Rolli-04
Gast

Re: Trojaner spy.win32@mx

« Antwort #3 am: 14.10.07, 11:40:30 »

Danke für die Antwort.

Habe versucht, das Formatieren erstmal zu umgehen und habe die Datei gearsec.exe gelöscht. Daraufhin habe ich mehrere Virensuchprogramme und Scanner durchsuchen lassen. Gefundene Viren wurden gelöscht, Als letztes habe ich den Online-Scanner von Bitdefender nochmals durchsuchen lassen. Während des Suchens öffnete sich AntiVir mit der Meldung, dass ein Trojaner TR/Dldr.Zlob.efc bzw TR/Dldr.Zlob.efd erkannt wurde. Die befallenen Dateien haben wir per AntiVir löschen lassen. Daraufhin zeigte der Bitdefender folgende gefundene Viren o.ä. an (siehe Report).
Gehört das noch zu dem o.g. Backdoor-Trojaner oder ist das wieder etwas anderes?

Was kann man tun? Kann man das Formatieren noch umgehen? Was passiert mit Bildern, Musik und Daten (Word, pdf, Exel u.ä.). Können diese Dateien befallen sein oder kann man diese gefahrlos speichern? Ich verzweifle fast.

Vielen Dank für Eure Mühe!

Rolli-04

BitDefender Online Scanner

Scan report generated at: Sun, Oct 14, 2007 - 11:19:20

Scan path: A:\;C:\:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time
02:09:46

Files
353125

Folders
12493

Boot Sectors
4

Archives
16042

Packed Files
13026

Results

Identified Viruses
4

Infected Files
7

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
7

Engines Info

Virus Definitions
826616

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000235.bat
Infected with: Generic.Botget.40345B5D

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000235.bat
Deleted

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000248.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000248.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000248.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000248.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)
Updated

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000248.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)
Update failed

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000248.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 208)
Infected with: Trojan.Downloader.3346.A

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000248.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 208)
Disinfection failed

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000248.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 208)
Deleted

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000248.exe=>(CAB Sfx o)=>\Disk1\data2.cab
Update failed

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000258.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000258.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000258.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000258.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)
Updated

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000258.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)
Update failed

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000258.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 208)
Infected with: Trojan.Downloader.3346.A

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000258.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 208)
Disinfection failed

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000258.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 208)
Deleted

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP3\A0000258.exe=>(CAB Sfx o)=>\Disk1\data2.cab
Update failed

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP5\A0000609.exe=>(VISE Installer o)=>dpi.exe
Detected with: Application.Downloader.Js

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP5\A0000609.exe=>(VISE Installer o)=>dpi.exe
Disinfection failed

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP5\A0000609.exe=>(VISE Installer o)=>dpi.exe
Deleted

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP5\A0000609.exe=>(VISE Installer o)
Update failed

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP5\A0000609.exe=>(VISE Installer o)=>dpi.exe
Detected with: Application.Downloader.Js

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP5\A0000609.exe=>(VISE Installer o)=>dpi.exe
Disinfection failed

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP5\A0000609.exe=>(VISE Installer o)=>dpi.exe
Deleted

C:\System Volume Information\_restore{06A5DAB3-017E-4037-AB04-6413CBC18CC0}\RP5\A0000609.exe=>(VISE Installer o)
Update failed

Moderator informieren

Rolli-04
Gast

Re: Trojaner spy.win32@mx

« Antwort #4 am: 14.10.07, 11:41:31 »

Logfile of HijackThis v1.99.1
Scan saved at 11:42:57, on 14.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
c:\programme\t-online\t-online_software_6\browser\Browser.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programme\qip\qip.exe
C:\Dokumente und Einstellungen\Rolf\Desktop\Antivirenprogramme\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/quicktime/resources/qt4/us/buynow
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {990E8098-05E8-4C64-B39C-EB13C850F768} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P36 "EPSON Stylus DX3800 Series (Kopie 1)" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Dokumente und Einstellungen\Nicole\Lokale Einstellungen\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Gear Security Service (GEARSecurity) - Unknown owner - C:\WINDOWS\System32\gearsec.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Moderator informieren

HELP
Gast

Re: Trojaner spy.win32@mx

« Antwort #5 am: 14.10.07, 12:13:35 »

@Rolli-04
Lösche bitte deinen Browser-Cache und alle sonstigen Temporären Dateien,
ebenso den Papierkorb. Benutze dazu einfach die Freeware CCleaner,
http://www.ccleaner.com/ccdownload.asp
und führe den Befehl Cleaner aus.

Weiter deaktiviere die Windows Systemwiederherstellung, boote den PC neu, danach kann die Systemwiederherstellung wieder aktiviert werden. Eine Anleitung findet man dazu hier:
http://www.bsi.de/av/texte/wiederher.htm

Anschließend sollte kein Virenscanner einen Fund machen.

Auch für dich gilt, führe bei Java Runtime Environment (JRE) eine Aktualisierung auf die Version "6.0 Update 3" aus.
http://java.sun.com/javase/downloads/index.jsp
(Die alte Version muss erst deinstalliert werden !)
Und deinstalliere die vielen Antispywaretools, die Installation von AntiVir und einer Antispywaresoftware reichen aus.

Moderator informieren

Rolli-04
Gast

Re: Trojaner spy.win32@mx

« Antwort #6 am: 14.10.07, 16:46:16 »

Hallo!

Habe alle deine Anweisungen befolgt. Ist jetzt alles wieder okay? Ich schicke Report und Hijack logfile zur Kontrolle.

Vielen Dank für Deine Hilfe.

Rolli-04

BitDefender Online Scanner

Scan report generated at: Sun, Oct 14, 2007 - 16:36:35

Scan path: A:\;C:\:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time
01:50:24

Files
353527

Folders
12105

Boot Sectors
4

Archives
15950

Packed Files
12947

Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0

Engines Info

Virus Definitions
826637

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

No virus found.

Logfile of HijackThis v1.99.1
Scan saved at 16:41:02, on 14.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\kernel.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
c:\programme\t-online\t-online_software_6\browser\Browser.exe
C:\Dokumente und Einstellungen\Rolf\Desktop\Antivirenprogramme\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/quicktime/resources/qt4/us/buynow
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {990E8098-05E8-4C64-B39C-EB13C850F768} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P36 "EPSON Stylus DX3800 Series (Kopie 1)" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Dokumente und Einstellungen\Nicole\Lokale Einstellungen\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Gear Security Service (GEARSecurity) - Unknown owner - C:\WINDOWS\System32\gearsec.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Moderator informieren

HELP
Gast

Re: Trojaner spy.win32@mx

« Antwort #7 am: 14.10.07, 19:19:14 »

@Rolli-04
Sieht gut aus !

Fixe aus den HijackThis Log die folgenden Einträge da sie überflüssig sind:

O2 - BHO: (no name) - {990E8098-05E8-4C64-B39C-EB13C850F768} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O23 - Service: Gear Security Service (GEARSecurity) - Unknown owner - C:\WINDOWS\System32\gearsec.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

Anleitung - Eintrag fixen:
Schließe alle Programme -->> Öffne HijackThis -->> Drücke den Button "Do a system scan only" -->>"scan" -->> Häkchen setzen -->> "Fix checked" -->> PC neu starten

Tipp:
Prüfe bei den folgenden Anwendungen ob sie aktuell sind um bekannte Sicherheitslücken nach Möglichkeit zu schließen.

- Firefox 2.0.0.7 (Updatefunktion verwenden)
- Adobe Reader 8.1 http://www.adobe.com/de/products/acrobat/readstep2.html
- QuickTime 7.2 (Updatefunktion verwenden)
- Macromedia Flash Player 9,0,47,0 http://www.adobe.com/go/getflashplayer
- T-Online (Updatefunktion verwenden)
- AOL Instant Messenger
- Windows Messenger
- Microsoft Office (Updatefunktion verwenden)

Und bei vier Toolbar, sind doch drei zuviel, oder ?

Moderator informieren

Rolli-04
Gast

Re: Trojaner spy.win32@mx

« Antwort #8 am: 14.10.07, 20:01:04 »

Vielen Dank für deine Antwort. Da bin ich erstmal erleichtert.
Habe deine letzten Anweisungen für HijackThis befolgt. Aber es lässt sich

O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

nicht entfernen. Was nun?

Vielen Dank.

Rolli-04

Moderator informieren

HELP
Gast

Re: Trojaner spy.win32@mx

« Antwort #9 am: 14.10.07, 22:48:13 »

Zitat von: Rolli-04 am 14.10.07, 20:01:04

...Aber es lässt sich
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

nicht entfernen. Was nun?

@Rolli-04
Halb so wild.
Versuche den Dienst GEARSecurity über
Arbeitsplatz ->> Verwalten ->> Dienste und Anwendungen ->> Dienste
zu deaktivieren.

Moderator informieren

Rolli-04
Gast

Re: Trojaner spy.win32@mx

« Antwort #10 am: 15.10.07, 10:10:17 »

Habe deine Anweisungen befolgt.
Vielen Dank für deine Hilfe!

Rolli-04

Moderator informieren

Gast22
Gast

Re: Trojaner spy.win32@mx

« Antwort #11 am: 03.12.07, 12:57:18 »

Hallo.

Habe das gleiche Problem. Verwende den BitDefender und auf meinem Laptop habe ich den PSW-x Trojaner.

Die anderen Trojaner (hatte 34) konnte ich beseitigen, bei diesem scheitere ich aber aufgrund mangelnden Verständnisses für den Computer.

Vielleicht kann mir jemand von euch helfen, da ich mit meinem Latein echt am Ende bin.

Danke!

Moderator informieren

Trojaner spy.win32@mx

Antworten zu Trojaner spy.win32@mx:

Re: Trojaner spy.win32@mx

Mehr zu Trojaner spy.win32@mx

Hat Ihnen diese Seite geholfen?