virus W95/Bumble

#0
14.05.2008, 09:41
Member

Beiträge: 20
#1 Hi!

Heute wollte ich zur zusätzlichen Virenscannung einen Scan mit Panda Active Scan durchführen. Zu meinem Entsetzen wurde noch bei der dafür notwendigen Installation ein Virus angezeigt. Daraufhin habe ich Active Scan sofort abgebrochen. Leider hat mir ein darauf folgender Antivir Scan gezeigt, das der Virus w95/Bumble jetzt auf meinem Rechner ist. AUßerdem wurde der Trojan horse TR/PSW.OnlineGames.acqh gefunden. Könnten Sie mir helfen?

Ich poste hier mal den ANtivir Report und den Hi Jack this file:


Gruß

D.H.

Avira AntiVir Personal
Report file date: Mittwoch, 14. Mai 2008 08:39

Scanning for 1264213 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Boot mode: Normally booted
Username: han
Computer name: HNPC1

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09.04.2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 19.04.2008 18:14:27
AVSCAN.DLL : 8.1.1.0 53505 Bytes 19.04.2008 18:14:27
LUKE.DLL : 8.1.2.9 151809 Bytes 19.04.2008 18:14:28
LUKERES.DLL : 8.1.2.1 12033 Bytes 19.04.2008 18:14:28
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 10:39:52
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07.03.2008 17:47:11
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05.05.2008 18:48:12
ANTIVIR3.VDF : 7.0.4.33 166912 Bytes 13.05.2008 18:46:08
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 19.04.2008 18:14:29
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09.05.2008 18:48:35
AESCN.DLL : 8.1.0.16 119156 Bytes 09.05.2008 18:48:33
AERDL.DLL : 8.1.0.20 418165 Bytes 25.04.2008 10:53:24
AEPACK.DLL : 8.1.1.4 364918 Bytes 29.04.2008 11:13:08
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19.04.2008 18:14:28
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09.05.2008 18:48:32
AEHELP.DLL : 8.1.0.14 115063 Bytes 19.04.2008 18:14:28
AEGEN.DLL : 8.1.0.20 299380 Bytes 09.05.2008 18:48:22
AEEMU.DLL : 8.1.0.6 430451 Bytes 09.05.2008 18:48:20
AECORE.DLL : 8.1.0.28 168310 Bytes 09.05.2008 18:48:17
AVWINLL.DLL : 1.0.0.7 14593 Bytes 19.04.2008 18:14:27
AVPREF.DLL : 8.0.0.1 25857 Bytes 19.04.2008 18:14:27
AVREP.DLL : 7.0.0.1 155688 Bytes 29.04.2007 08:22:07
AVREG.DLL : 8.0.0.0 30977 Bytes 19.04.2008 18:14:27
AVARKT.DLL : 1.0.0.23 307457 Bytes 19.04.2008 18:14:27
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 19.04.2008 18:14:27
SQLITE3.DLL : 3.3.17.1 339968 Bytes 19.04.2008 18:14:28
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 19.04.2008 18:14:28
NETNT.DLL : 8.0.0.1 7937 Bytes 19.04.2008 18:14:28
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 19.04.2008 18:14:23
RCTEXT.DLL : 8.0.32.0 86273 Bytes 19.04.2008 18:14:23

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programme\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Mittwoch, 14. Mai 2008 08:39

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'TODslSvc.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'TODslMgr.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'fpassist.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'StopHid.exe' - '1' Module(s) have been scanned
Scan process 'mHotkey.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'cledx.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'StatusClient.exe' - '1' Module(s) have been scanned
Scan process 'delttray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Smc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Dokumente und Einstellungen\han\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\nwh2vbhf.default\Cache\AEFDC12Fd01
[0] Archive type: CAB (Microsoft)
--> pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Bumble
[NOTE] The file was moved to '48708d9f.qua'!
C:\Programme\Free WMA to MP3 Converter\readmedia.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acqh
[NOTE] The file was moved to '488b8fe3.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd0189.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\' <safe>


End of the scan: Mittwoch, 14. Mai 2008 09:29
Used time: 50:13 min

The scan has been done completely.

9889 Scanning directories
325386 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
5 Files cannot be scanned
325384 Files not concerned
1223 Archives were scanned
5 Warnings
2 Notes



Logfile of HijackThis v1.99.1
Scan saved at 09:40:05, on 14.05.2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DeltTray.exe
C:\Programme\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\SyncroSoft\Pos\H2O\cledx.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\StopHid.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\NMSAccessU.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
c:\programme\antivir personaledition classic\avcenter.exe
c:\programme\antivir personaledition classic\avscan.exe
C:\WINDOWS\System32\notepad.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\han\Eigene Dateien\HijackThis.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMIndexStoreSvr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
F1 - win.ini: run= C:\WESTWOOD\ALARM\INSTICON.EXE
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: TBSB05590 - {A3FC7223-752E-495B-9951-CE360FA1180C} - C:\Dokumente und Einstellungen\han\Anwendungsdaten\AD ON Multimedia\Amazon Toolbar\amazon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Amazon Toolbar - {BEBD573C-8315-43A8-9EA0-7028D471CC81} - C:\Dokumente und Einstellungen\han\Anwendungsdaten\AD ON Multimedia\Amazon Toolbar\amazon.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Programme\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Programme\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [H2O] C:\Programme\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [StopHid] StopHid.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\System32\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
Seitenanfang Seitenende