Trojan.Spambot.Az

Rabia

Hallo liebe Forumgemeinede,
ich habe seit gestern den o.g. Trojaner Trojan.Spambot.Az auf meinem Computer. Ich weiß nicht, wie ich ihn löschen soll, verschiedenste Antiviren und Anti-Malware bereits getestet (F-Secure, AntiVir, Ewisoft, Ad-aware). Leider ohne Erfolg.

Zur Schilderung der Enstehung des Problems:
Nach ausführen meldete F-Secure's Firewall das die C:\Windows\System32\smss.exe Zurgiff auf das Internet verlangt. Habe ich selbstverständlich nicht gewährt. Trotzdem kommen aus irgendeinem Grund immer wieder neue Dateien in meinem Temp Ordner des IE xxexmodulbi (xx steht für eine varierenden Ziffer) die ebenfalls um einen Zugriff auf das Internet bitten. Auch abgelehnt! Obwohl ich die Dateien gelöscht kriege und die smss.exe von einem anderen Xp Sytem ausgetauscht habe bleibt das Problem weiterhin bestehen. Bin allmälich ratlos.

Daher sehe ich meine letzte Chance in der Hilfe von euch.

HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 15:02:50, on 12.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Saitek\Software\Profiler.exe
C:\Programme\Saitek\Software\SaiSmart.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\F-Secure Internet Security 2006\Common\FSM32.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Logitech\SetPoint\KEM.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\F-Secure Internet Security 2006\Anti-Virus\fsgk32st.exe
C:\Programme\F-Secure Internet Security 2006\Anti-Virus\FSGK32.EXE
C:\Programme\F-Secure Internet Security 2006\backweb\4476822\program\fsbwsys.exe
C:\Programme\F-Secure Internet Security 2006\Common\FSMA32.EXE
C:\Programme\F-Secure Internet Security 2006\Anti-Virus\fssm32.exe
C:\Programme\F-Secure Internet Security 2006\Common\FSMB32.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\F-Secure Internet Security 2006\backweb\4476822\Program\fspex.exe
C:\Programme\F-Secure Internet Security 2006\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Programme\F-Secure Internet Security 2006\Common\FAMEH32.EXE
C:\Programme\F-Secure Internet Security 2006\Anti-Virus\fsqh.exe
C:\Programme\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Programme\F-Secure Internet Security 2006\Anti-Virus\fsrw.exe
C:\Programme\F-Secure Internet Security 2006\FSPC\fspc.exe
C:\Programme\F-Secure Internet Security 2006\Anti-Virus\fsav32.exe
C:\Programme\F-Secure Internet Security 2006\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Programme\F-Secure Internet Security 2006\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Schnippy\LOKALE~1\Temp\Rar$EX00.532\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {073C5891-372B-DA2B-5245-DE77920C0D1B} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: (no name) - {3292A6EE-DD75-8CCF-C1EF-7C6646A7AE47} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: (no name) - {B7C85468-7C39-2041-8F31-057F17448718} - (no file)
O2 - BHO: (no name) - {C766CE5A-F867-E3E0-E6A3-FD787B42C780} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI-CPanel\atiptaxx.exe"
O4 - HKLM\..\Run: [Profiler] C:\Programme\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Programme\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet Security 2006\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Internet Security 2006\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\F-Secure Internet Security 2006\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Programme\F-Secure Internet Security 2006\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Dieses Popup &blockieren - C:\Programme\F-Secure Internet Security 2006\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security 2006\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security 2006\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security 2006\FSPC\fspcmsie.dll
O9 - Extra button: IE-Schutzschild - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security 2006\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-Schutzschild... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security 2006\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106251230703
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CD458FE-7D76-44FA-8365-608DF9E40C9D}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A37393E5-8F33-4C99-B83A-E9A4268556F8}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Programme\XAMPP 1.5.1\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Unknown owner - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\F-Secure Internet Security 2006\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security 2006\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure Internet Security 2006\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programme\F-Secure Internet Security 2006\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programme\F-Secure Internet Security 2006\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mysql - Unknown owner - C:\Programme\XAMPP 1.5.1\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Programme\XAMPP 1.5.1\xampp\mysql\bin\my.cnf" mysql (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programme\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


Mit freundlichen Grüßen
Rabia ;-)