Hilfe: TR/Agent.Bl.95

Fauchie23 · 30.12.2005, 11:43

Kann mir jemand bei einem Trojaner-Problem behilflich sein?

Hier meine Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 11:43:14, on 30.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\AV Personal\AVGNT.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Mixer.exe
D:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMME\AV PERSONAL\AVGUARD.EXE
D:\Programme\AV Personal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
F:\Antivirus\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - d:\programme\WS_FTP Pro\wsbho2k0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AVGCtrl] "D:\Programme\AV Personal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "d:\games\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Free Software - D:\Programme\Cool Web Scrollbars\hh.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094289871569
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAMME\AV PERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AV Personal\AVWUPSRV.EXE

hoerni26 · 30.12.2005, 11:46

hallo,

welches problem hast du denn genau??
ich kann in deinem log nämlich nix auffälliges finden.

Fauchie23 · 30.12.2005, 11:54

Antivir bringt mir ständig meldungen über einen Trojaner TR/Agent.Bl.95, vorallem wenn ich spybot oder Adaware laufen lasse.

Kannst du mir vielleicht eine gute (kostenlose) Firewall empfehlen? (hab aber einen router)

hoerni26 · 30.12.2005, 11:56

ok dann mach folgendes...
mache bitte Hier einen Online scan und poste das ergebniss.

Fauchie23 · 30.12.2005, 12:06

ok, bin dabei...dauer aber wie´s scheint ein bisschen...hoffe du hast zeit

(da wär ich dir dankbar)

hoerni26 · 30.12.2005, 12:09

ja kein problem..
halbe stunde hab ich noch..

Fauchie23 · 30.12.2005, 12:31

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, December 30, 2005 12:33:35
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 30/12/2005
Kaspersky Anti-Virus database records: 158068
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\

Scan Statistics:
Total number of scanned objects: 16864
Number of viruses found: 3
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 529 sec

Infected Object Name - Virus Name
C:\WINDOWS\combit.ini

lrhrl:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\combit.ini:tmdwur:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\DtcInstall.log:ksgxzt:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\explorer.scf:zmcroy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\Feder.bmp:ctzkue:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\GetServer.ini:xbjwtk:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\hhs.url:qbcbwu:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\KB887742.log:mdoofn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB890046.log:noefvk:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\winamp.ini:rvpdob:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\wmprfhun.prx:ntwke:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\wmprfptb.prx:yvhvbi:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\wmprfsky.prx:rvridt:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\_default.pif:tueui:$DATA Infected: Trojan-Downloader.Win32.Agent.td

Scan process completed.

Hilfe: TR/Agent.Bl.95

Log-Analyse und Auswertung: Hilfe: TR/Agent.Bl.95