Trojaner-Board - Habe den TR/Spy.Gen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Habe den TR/Spy.Gen (https://www.trojaner-board.de/60774-habe-tr-spy-gen.html)

Danke für deine ganze Zeit und Mühe. :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:24, on 01.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Programme\Fingerprint Sensor\ATSwpNav.exe
C:\Programme\Gemeinsame Dateien\AOL\1212203783\ee\AOLSoftware.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Fighters\spywarefighter\SpywarefighterUser.exe
C:\APPS\SMP\SmpSys.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Fighters\configservice.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Fighters\licenseservice.exe
C:\Programme\Fighters\updateservice.exe
C:\Programme\Fighters\ScannerService.exe
c:\programme\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Programme\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1212203783\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programme\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.15/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PTK License-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\configservice.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7263 bytes

clean :daumenhoc

was du noch mach kannst:

Bitte besuche die Windows Update Seite und lade Dir alle Updates,die Dir über die Schaltfläche "Benutzerdefiniert" angeboten werden.Insbesondere den IE7.

Besuche bitte diese Seite: Scan Now - Online (OSI) - Vulnerability Scanning - Secunia.com
klicke auf "Start Now"
lass dein System scannnen
kopiere den Scan Report
ziehe dir alle Updates

Clean...was für ein schönes und beruhigendes Wort. :D
Ich hoffe du meintest jetzt diese Auswertung:

Detection Statistics:

12Applications Detected in Total
8 Insecure Versions Detected
4 Patched Versions Detected

Running For:
1 Minute, 28 Seconds

Errors with the scan:
0 Errors Detected, scan result should be correct
Enable thorough system inspection
Enable the Secunia Online Software Inspector to search for software installed in non-default locations.
Status / Currently Processing:

Detection completed successfully

Programs / Result Version Detected Status
Microsoft Windows XP Professional Service Pack 3

Adobe Reader 7.x 7.0.8.218
This installation of Adobe Reader 7.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 7.0.8.218, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 7.1.0.

Update Instructions:
Download

Installed on Your System in:
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
Apple QuickTime 7.x 7.50.51.0
This installation of Apple QuickTime 7.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 7.50.51.0, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 7.55.0.0.

Update Instructions:
Download

Installed on Your System in:
C:\Programme\QuickTime\QuickTimePlayer.exe
Microsoft Internet Explorer 7.x 7.0.6000.16705

Microsoft Outlook Express 6 6.00.2900.5512

Microsoft Windows Media Player 10.x 10.00.00.3802

Adobe Flash Player 9.x 9.0.45.0
This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 9.0.45.0, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0.

Update Instructions:
Download

Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash9c.ocx
Macromedia Flash Player 7.x 7.0.19.0
This installation of Macromedia Flash Player 7.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 7.0.19.0, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0.

Update Instructions:
Download

Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash.ocx
Sun Java JRE 1.5.x / 5.x 5.0.40.5
This installation of Sun Java JRE 1.5.x / 5.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 5.0.40.5, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 5.0.160.2.

Update Instructions:
Download

Installed on Your System in:
C:\Programme\Java\jre1.5.0_04\bin\java.exe
Apple QuickTime 7.x 7.50.61.0
This installation of Apple QuickTime 7.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 7.50.61.0, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 7.55.0.0.

Update Instructions:
Download

Installed on Your System in:
C:\WINDOWS\system32\QuickTime.qts
Macromedia Flash Player 6.x 6.0.80.0
This installation of Macromedia Flash Player 6.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 6.0.80.0, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 6.0.88.0.

Update Instructions:
Update to version 6.0.88.0 or 9.0.47.0.
http://www.macromedia.com/go/getflash

NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in Secunia advisory SA22467 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Installed on Your System in:
C:\Programme\Gemeinsame Dateien\aol\Flasha.ocx
Sun Java JRE 1.5.x / 5.x 5.0.40.5
This installation of Sun Java JRE 1.5.x / 5.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 5.0.40.5, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 5.0.160.2.

Update Instructions:
Download

Installed on Your System in:
C:\WINDOWS\system32\java.exe

zieh alle updates.

mit clean meinte ich deinen rechner ;) :)

Das du dich mit clean auf meinen Rechner bezogen hast, habe ich verstanden. :)

Ich bräuchte bitte noch einmal deinen Rat Schrauber.

In meiner Quarantäne von "AviraAntiVir" sind noch alte Funde des TR/Spy.Gen gefangen.
Darf ich die jetzt ohne bedenken löschen? Oder soll ich die einfach dort ruhen lassen?

die kannst du ruhig löschen :)

Habe nochmal eine vollständige Systemprüfung mit AviraAntiVir gemacht.
Keine weiteren Funde mehr aufgetaucht. :party:

Jetzt möchte ich gerne noch eine Sache losswerden, die mir persönlich am Herzen liegt.
Für mich ist zwar mein Rechner eher ein Mysterium, aber ich habe in den letzten Tagen sehr viel im Netz über TR/Spy.Gen gelesen.
Dadurch habe ich den Hauch einer Ahnung, welche Meisterleistung du hier ausgearbeitet hast Schrauber. :)
Die meisten Themen zum TR/Spy.Gen im Netz enden mit folgendem Satz "Da hilft nur, Rechner platt machen und neu installieren".

Ich bin dir unendlich dankbar für deine Hilfe...:aplaus: