So,... hab grad ganz viele Programme deinstalliert : )


Der Pfad des Virus´ lautet wie folgt!
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0006 Infected: Trojan.FatObfus.2.Gen
Hmm, keine Ahnung, wie so etwas auf den PC kommt - das war sicher mein kleiner Bruder!

---


Die Log-File:

Logfile of HijackThis v1.99.1
Scan saved at 12:18:36, on 07.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
C:\Programme\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Softwin\BitDefender10\vsserv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Softwin\BitDefender10\bdmcon.exe
C:\Dokumente und Einstellungen\User\Desktop\abc.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [H2O] C:\Programme\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ymetray.lnk = C:\Programme\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D38A0B48-4E6C-4A7F-9543-597CBB9336C8}: NameServer = 213.191.74.19 62.109.123.197
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

---


Hier der Report von Bitdefender:

//-----------------------------------------------------------------
//
// Product BitDefender Internet Security v10
// Product 10.2
//
// Created on: 07/10/2007 12:20:53
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : D:\
Folders : 7
Files : 69
Memory processes scanned : 0
Archives : 6
Runtime packers : 6
Identified viruses : 1
Infected files : 1
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 1
Scan time : 00:00:03
Scan speed (files/sec) : 23

Virus definitions : 814112
Scan plugins : 16
Archive plugins : 40
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[ ] Scan boot sectors
[ ] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: C:\Dokumente und Einstellungen\User\Anwendungsdaten\BitDefender\Desktop\Profiles\Logs\contextual\1191752453.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[ ] Registry keys
[ ] Cookies


Summary:

D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0006 Infected: Trojan.FatObfus.2.Gen
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0006 Disinfection failed
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0006 Move failed

Scanned files

D:\ OK
D:\cwshredder.exe OK
D:\hijackthis.zip OK
D:\hijackthis.zip=>HijackThis.exe OK
D:\Incomplete\ OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o) OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0000 OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0001 OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0002 OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0003 OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0004 OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0005 OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0006 Infected: Trojan.FatObfus.2.Gen
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0006 Disinfection failed
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0006 Move failed
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0007 OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0008 OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0009 OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0010 OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0010=>(NSIS g) OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0010=>(NSIS g)=>lzma_nsis0000 OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0010=>(NSIS g)=>lzma_nsis0001 OK
D:\Incomplete\T-471741-youtube friend bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_nsis0010=>(NSIS g)=>lzma_nsis0002 OK

Zitat:

Zitat von Robyn

So,... hab grad ganz viele Programme deinstalliert : )

Gut so!
Dann würde ich die Registry mit CCleaner säubern und auch die Temp-Files löschen!

Zitat:

Hmm, keine Ahnung, wie so etwas auf den PC kommt - das war sicher mein kleiner Bruder!

Jo, klar

Lösche den Inhalt des Ordners incomplete und mache zur Sicherheit noch einen eScan!
Mfg

EDIT:Was sollte eig der Titel "Chinesen haben mich im Visier!"