Viren-/Trojanerfunde (u. a.): TR/Spy.SpyEyes.hdj // JAVA/Agent.KA (etc.) // TR/EyeStye.N.4

Yakul

Hallo liebes Trojaner-Board-Team,

ich habe mal so eben mein Antivir rüberlaufen lassen und musste erschreckend feststellen, dass er mir dann das hier als Ergebnis anzeigte:



Avira AntiVir Personal
Report file date: Montag, 9. Mai 2011 20:24

Scanning for 2703703 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Muskeljesus
Computer name : JESUS

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 01.04.2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 27.04.2011 13:34:15
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01.04.2010 12:57:06
LUKE.DLL : 10.0.3.2 104296 Bytes 10.12.2010 20:06:32
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.02.2010 23:40:50
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 06:35:52
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 15:27:23
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 16:08:11
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 21:26:37
VBASE004.VDF : 7.11.5.226 2048 Bytes 07.04.2011 21:26:37
VBASE005.VDF : 7.11.5.227 2048 Bytes 07.04.2011 21:26:37
VBASE006.VDF : 7.11.5.228 2048 Bytes 07.04.2011 21:26:37
VBASE007.VDF : 7.11.5.229 2048 Bytes 07.04.2011 21:26:37
VBASE008.VDF : 7.11.5.230 2048 Bytes 07.04.2011 21:26:37
VBASE009.VDF : 7.11.5.231 2048 Bytes 07.04.2011 21:26:37
VBASE010.VDF : 7.11.5.232 2048 Bytes 07.04.2011 21:26:37
VBASE011.VDF : 7.11.5.233 2048 Bytes 07.04.2011 21:26:37
VBASE012.VDF : 7.11.5.234 2048 Bytes 07.04.2011 21:26:37
VBASE013.VDF : 7.11.6.28 158208 Bytes 11.04.2011 13:51:34
VBASE014.VDF : 7.11.6.74 116224 Bytes 13.04.2011 13:51:34
VBASE015.VDF : 7.11.6.113 137728 Bytes 14.04.2011 14:05:54
VBASE016.VDF : 7.11.6.150 146944 Bytes 18.04.2011 13:34:14
VBASE017.VDF : 7.11.6.192 138240 Bytes 20.04.2011 13:34:14
VBASE018.VDF : 7.11.6.237 156160 Bytes 22.04.2011 13:34:14
VBASE019.VDF : 7.11.7.45 427520 Bytes 27.04.2011 15:44:32
VBASE020.VDF : 7.11.7.64 192000 Bytes 28.04.2011 15:44:32
VBASE021.VDF : 7.11.7.97 182272 Bytes 02.05.2011 18:24:00
VBASE022.VDF : 7.11.7.127 467968 Bytes 04.05.2011 18:24:01
VBASE023.VDF : 7.11.7.183 185856 Bytes 09.05.2011 18:23:54
VBASE024.VDF : 7.11.7.184 2048 Bytes 09.05.2011 18:23:54
VBASE025.VDF : 7.11.7.185 2048 Bytes 09.05.2011 18:23:54
VBASE026.VDF : 7.11.7.186 2048 Bytes 09.05.2011 18:23:54
VBASE027.VDF : 7.11.7.187 2048 Bytes 09.05.2011 18:23:54
VBASE028.VDF : 7.11.7.188 2048 Bytes 09.05.2011 18:23:54
VBASE029.VDF : 7.11.7.189 2048 Bytes 09.05.2011 18:23:54
VBASE030.VDF : 7.11.7.190 2048 Bytes 09.05.2011 18:23:54
VBASE031.VDF : 7.11.7.203 60416 Bytes 09.05.2011 18:23:54
Engineversion : 8.2.4.228
AEVDF.DLL : 8.1.2.1 106868 Bytes 30.07.2010 00:07:37
AESCRIPT.DLL : 8.1.3.61 1253754 Bytes 07.05.2011 18:24:06
AESCN.DLL : 8.1.7.2 127349 Bytes 03.12.2010 15:32:16
AESBX.DLL : 8.1.3.2 254324 Bytes 03.12.2010 15:32:22
AERDL.DLL : 8.1.9.9 639347 Bytes 25.03.2011 16:49:05
AEPACK.DLL : 8.2.6.0 549237 Bytes 09.04.2011 21:26:41
AEOFFICE.DLL : 8.1.1.22 205178 Bytes 07.05.2011 18:24:05
AEHEUR.DLL : 8.1.2.113 3494263 Bytes 07.05.2011 18:24:05
AEHELP.DLL : 8.1.16.1 246134 Bytes 04.02.2011 13:29:47
AEGEN.DLL : 8.1.5.4 397684 Bytes 04.04.2011 15:46:06
AEEMU.DLL : 8.1.3.0 393589 Bytes 03.12.2010 15:31:36
AECORE.DLL : 8.1.20.2 196982 Bytes 09.04.2011 21:26:38
AEBB.DLL : 8.1.1.0 53618 Bytes 23.04.2010 20:31:20
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02.08.2010 15:09:58
AVPREF.DLL : 10.0.0.0 44904 Bytes 02.08.2010 15:09:56
AVREP.DLL : 10.0.0.9 174120 Bytes 27.04.2011 13:34:15
AVREG.DLL : 10.0.3.2 53096 Bytes 02.08.2010 15:09:56
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 27.04.2011 13:34:15
AVARKT.DLL : 10.0.22.6 231784 Bytes 10.12.2010 20:06:31
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02.08.2010 15:09:56
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 14:27:24
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02.08.2010 15:09:58
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 14:27:22
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:22
RCTEXT.DLL : 10.0.58.0 97128 Bytes 02.08.2010 15:10:10

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Montag, 9. Mai 2011 20:24

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'FreeAgentService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ICQ.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'StxMenuMgr.exe' - '1' Module(s) have been scanned
Scan process 'DDmService.exe' - '1' Module(s) have been scanned
Scan process 'VCDDaemon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'BJMyPrt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\dgfusdghudf\dgfusdghudf.exe
[DETECTION] Is the TR/Spy.SpyEyes.hdj Trojan

The registry was scanned ( '388' files ).


Starting the file scan:

Begin scan in 'C:\' <XP32>
C:\dgfusdghudf\dgfusdghudf.exe
[DETECTION] Is the TR/Spy.SpyEyes.hdj Trojan
C:\Documents and Settings\Muskeljesus\Application Data\Sun\Java\Deployment\cache\6.0\35\513d8fa3-78ef8190
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.KA Java virus
--> api/market_patch.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.KA Java virus
--> importer/market.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BS Java virus
--> importer/parser.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.DV Java virus
--> importer/searchers.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BQ Java virus
C:\Documents and Settings\Muskeljesus\Application Data\Sun\Java\Deployment\cache\6.0\46\65ad046e-511d9e5e
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.KA Java virus
--> netbeans/PHP.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.KA Java virus
--> plugin/Commander.class
[DETECTION] Contains recognition pattern of the JAVA/Pesc.K Java virus
--> plugin/Console.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BQ Java virus
--> plugin/Syntax.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BS Java virus
C:\_OTL\MovedFiles\04282011_181916\C_blyadstvoeb\blyadstvoeb.exe
[DETECTION] Is the TR/EyeStye.N.4 Trojan

Beginning disinfection:
C:\_OTL\MovedFiles\04282011_181916\C_blyadstvoeb\blyadstvoeb.exe
[DETECTION] Is the TR/EyeStye.N.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4d4b911d.qua'.
C:\Documents and Settings\Muskeljesus\Application Data\Sun\Java\Deployment\cache\6.0\46\65ad046e-511d9e5e
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BS Java virus
[NOTE] The file was moved to the quarantine directory under the name '55b4be74.qua'.
C:\Documents and Settings\Muskeljesus\Application Data\Sun\Java\Deployment\cache\6.0\35\513d8fa3-78ef8190
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BQ Java virus
[NOTE] The file was moved to the quarantine directory under the name '0439e498.qua'.
C:\dgfusdghudf\dgfusdghudf.exe
[DETECTION] Is the TR/Spy.SpyEyes.hdj Trojan
[NOTE] The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9678ACB43C661622> was removed successfully.
[NOTE] The file was moved to the quarantine directory under the name '61dbab90.qua'.


End of the scan: Montag, 9. Mai 2011 20:40
Used time: 15:59 Minute(s)

The scan has been done completely.

10396 Scanned directories
246792 Files were scanned
11 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
246781 Files not concerned
1876 Archives were scanned
0 Warnings
4 Notes

---------------------------------------------------------------------
Es hat mich gewundert, weil ich vorher (fast) jeden Tag "Malwarebytes' Anti-Maleware" rüberlaufen ließ und er (zumindest die letzten Tage) nichts zu berichten hatte.

Anbei gebe ich euch mal, was OTL und Malwarebytes' Anti-Malware" zu berichten hatten.

Wie sollte ich vorgehen? Weil es soviele Funde sind, bin ich ehrlich gesagt als Laie recht überfordert. Ich danke euch für jede Hilfe!

MfG

Wenn ihr noch irgendwelche zusätzlichen Informationen/Angaben braucht, raus damit, ich werde jetzt alle paar Minuten F5 drücken.