Trojaner-Board - Trojan-Downloader.Win32.Small.adin & Co.

Hallo,

ich habe auf meinem Bürorechner mal den "Kaspersky Online Scanner 7.0" durchlaufen lassen - das Ergebnis war erschütternd.

Kurze Zeit später hat dann auch Sophos Virenwarnungen rausgegeben.

Nun ist das Bereinigen des Rechners wohl Aufgabe der Admins. Ich wüsste aber gern, wie schlimm es ist, ob ich mit dem Rechner solange noch am Netz bleiben kann und ob ich dringend alle meine Passworte ändern sollte...

Habt Ihr dazu eine Meinung?

Beste Grüße,
Murphy

Code:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Wednesday, September 17, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Wednesday, September 17, 2008 03:11:45

Records in database: 1243608

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

G:\

O:\

P:\

W:\

Z:\

Scan statistics:

Files scanned: 71178

Threat name: 7

Infected objects: 8

Suspicious objects: 22

Duration of the scan: 02:28:55

File name / Threat name / Threats count

C:\Dokumente und Einstellungen\NAME\Lokale Einstellungen\Temp\wJQs.exe Infected: Trojan-Downloader.Win32.Small.adin 1

C:\Dokumente und Einstellungen\NAME\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CLT3NLX\._file[1].exe Infected: Trojan-Downloader.Win32.Small.adin 1

C:\transfer\Bib_rechner\rechner bib\Dokumat\NAME2\outlook\gesamtmail.pst Infected: Email-Worm.Win32.Bagle.i 2

C:\transfer\Bib_rechner\rechner bib\Dokumat\NAME2\outlook\gesamtmail.pst Infected: Email-Worm.Win32.Bagle.g 1

C:\transfer\Bib_rechner\rechner bib\Dokumat\NAME2\outlook\gesamtmail.pst Suspicious: Exploit.HTML.Iframe.FileDownload 2

C:\transfer\Bib_rechner\rechner bib\Dokumat\NAME2\outlook\gesamtmail.pst Infected: Email-Worm.Win32.NetSky.d 1

C:\transfer\Bib_rechner\rechner bib\Dokumat\NAME2\outlook\outlook.pst Suspicious: Exploit.HTML.Iframe.FileDownload 9

C:\transfer\Bib_rechner\rechner bib\Dokumat\NAME2\outlook\outlook.pst Infected: Trojan-Spy.HTML.Bankfraud.kd 1

C:\transfer\Bib_rechner\rechner bib\Outlook Express\Gelöschte Objekte.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 9

C:\transfer\Bib_rechner\rechner bib\Outlook Express\Gelöschte Objekte.dbx Infected: Trojan-Spy.HTML.Bankfraud.kd 1

C:\transfer\Bib_rechner\rechner bib\Outlook Express\Gelöschte Objekte.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\transfer\Bib_rechner\rechner bib\Outlook Express\MAILSERVER - Posteingang.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

Mein HiJackThis-Log:

Code:



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:30:30, on 17.09.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal
 

Running processes:

\plato\sys\PUBLIC\uti\Spacemon\Spacemon.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\dpmw32.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\WINDOWS\stsystra.exe

C:\Programme\Apoint\Apoint.exe

C:\WINDOWS\system32\iprntctl.exe

C:\WINDOWS\system32\iprntlgn.exe

C:\Programme\FreePDF_XP\fpassist.exe

C:\Programme\Apoint\ApMsgFwd.exe

C:\Programme\Apoint\HidFind.exe

C:\Programme\Apoint\Apntex.exe

C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

C:\Programme\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Skype\Phone\Skype.exe

C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programme\Sophos\AutoUpdate\ALMon.exe

C:\Programme\Novell\ZENworks\NalAgent.exe

C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Programme\Palm\Hotsync.exe

C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Programme\Windows Desktop Search\WindowsSearch.exe

C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Programme\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Programme\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Programme\Skype\Plugin Manager\skypePM.exe

C:\Programme\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fnsr%3D1%26ui%3Dhtml%26zy%3Dl&ltmpl=googlemail

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tsb/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Asz.Citavi.IEAddon.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\WINDOWS\system32\mscoree.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll

O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe

O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE

O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe

O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe

O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON

O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe

O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Application Explorer.lnk = C:\Programme\Novell\ZENworks\NalView.exe

O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: HotSync Manager.lnk = C:\Programme\Palm\Hotsync.exe

O4 - Global Startup: VPN Client.lnk = ?

O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Citavi Picker... - file://C:\Programme\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\WINDOWS\system32\mscoree.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programme\Novell\ZENworks\AxNalServer.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2250E64F-E626-4AC4-9708-50089EB99693}: NameServer = 130.75.1.32,130.75.1.40

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = phil.uni-hannover.de

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = phil.uni-hannover.de

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = phil.uni-hannover.de

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programme\Novell\ZENworks\nalntsrv.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Plc - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Programme\Sophos\AutoUpdate\ALsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programme\SigmaTel\C-Major Audio\WDM\StacSV.exe

O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe

O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programme\Novell\ZENworks\wm.exe
 

--

End of file - 10913 bytes