Trojaner 'TR/Dldr.Small.dxm.3' - Paules-PC-Forum.de

Joschel · 20.02.2009, 12:31

Ich habe nicht viel Ahnung von so Virenkram - deshalb die Frage an euch. Hoffentlich könnt Ihr mir helfen...

Habe mit Antivir mal den Computer durchsuchen lassen und es hat folgende Datei gefunden : 'TR/Dldr.Small.dxm.3' - ein Trojaner
jetzt warnt mich Antivir ständig und ich muss es erst aussschalten um überhaupt irgendetwas machen zu können...
Ich habe eure Anleitungen befolgt und den PC Cleaner runtergeladen und auch mal durchlaufen lassen...
Dann hab ich auch das Malwarebytes - programm durchlaufen lassen.
Später dann noch HIJAckthis nach einem Neustart...

So sieht der Bericht aus (bevor ich den Computer neu gestartet habe):

Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1780
Windows 5.1.2600

20.02.2009 12:50:07
mbam-log-2009-02-20 (12-50-07).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 130607
Laufzeit: 55 minute(s), 3 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 16
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 13
Infizierte Verzeichnisse: 5
Infizierte Dateien: 78

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\bhonew.bhoapp (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bhoapp.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\c3.bho3 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\c3.bho3.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{35b576b9-5a0f-43d7-8174-2ac714dc3ad2} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0cb66ba8-5e1f-4963-93d1-e1d6b78fe9a2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{58fb2cbb-c874-45fc-a1c9-b62cc9e3bed9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bbd0d9e0-ee99-4c66-ac1e-2e77d40fe7c9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{y479c6d0-otrw-u5gh-s1ee-e0ac10b4e666} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0cb66ba8-5e1f-4963-93d1-e1d6b78fe9a2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58fb2cbb-c874-45fc-a1c9-b62cc9e3bed9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Helper (Spyware.Banker) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\ntos.exe -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Disa bleTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesk top\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\N oSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\N oActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.68 85.255.112.118 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{37ef2a84-f9ad-4dce-a378-a6203b0c8971}\NameServer (Trojan.DNSChanger) -> Data: 192.168.1.1,85.255.112.118 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.68 85.255.112.118 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{37 ef2a84-f9ad-4dce-a378-a6203b0c8971}\NameServer (Trojan.DNSChanger) -> Data: 192.168.1.1,85.255.112.118 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.68 85.255.112.118 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{37 ef2a84-f9ad-4dce-a378-a6203b0c8971}\NameServer (Trojan.DNSChanger) -> Data: 192.168.1.1,85.255.112.118 -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\Programme\AntiVirusPro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Programme\AntiVirusPro\Quarantine (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\xpdx.sys (Rootkit.Rustock) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rc.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christine\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Christine\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\n.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gtv_sd.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\din.ip (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cookie.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alog.txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\bg_bg.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\blank.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\box_1.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\box_2.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\box_3.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\button_buynow.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\button_freescan.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cell_bg.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cell_footer.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cell_header_block.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cell_header_remove.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cell_header_scan.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\close_ico.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\detect.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\download_box.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\download_btn.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\download_now_btn.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\footer_back.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_1.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_2.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_3.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_4.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_red_bg.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_red_free_scan.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\icon_warning_big.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\infected.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\main_back.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\product_1_header.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\product_1_name_small.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\product_2_header.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\product_2_name_small.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\product_3_header.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\product_3_name_small.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\product_features.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\pt.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rating.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\remove_spyware_header.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\s_detect.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\screenshot.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\sep_hor.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\sep_vert.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\shadow.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\shadow_bg.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spacer.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spy_away_box.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spyware_detected.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\star.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\star_gray.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\star_gray_small.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\star_small.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\style.css (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\v.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\warning_ico.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\warning_icon.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\win_logo.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\x.gif (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif (Malware.Trace) -> Quarantined and deleted successfully.

HijackThis Bericht ist folgender :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:57, on 20.02.2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.20
F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Programme\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: Editor plugin - {72B2F3C0-E640-432b-AA0C-5796C6BED160} - ramtask.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Programme\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - E:\CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSN RAV - Unknown owner - C:\WINDOWS\system\msnrav.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: ola0kic4sczeb - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

--
End of file - 5842 bytes

markusg · 20.02.2009, 12:54

hallo, keine servicepacks kein nichts. das ding muss formatiert werden. ich möchte aber noch ein combofix-log sehen falls neue dateien drauf sind, die wir antivirenherstellern zukommen lassen müssen!
Combofix

markusg · 20.02.2009, 13:11

das hier:
C:\WINDOWS\ServicePackFiles\services.exe
hier abkopieren und scannen:
VirusTotal - Free Online Virus and Malware Scan
wenn kommt, datei bereits analysiert, klicke erneut analysieren.

Joschel · 20.02.2009, 15:04

C:\WINDOWS\ServicePackFiles\services.exe

existiert gar nicht auf meinem PC.

markusg · 20.02.2009, 15:25

wie siehts aus mit formatieren? möchte aber combofix sehen.
betreibst du online banking oder so was?

Joschel · 20.02.2009, 16:05

bevor ich formatiere, möchte ich erstmal die Daten auf meine externe Festplatte sichern...bei Combofix steht das 1 von 100 Rechner das nicht durchsteht....bin schon am Daten sichern

Joschel · 20.02.2009, 16:12

..also wenigstens die Fotos...Programme sind mir egal. Onlinebanking mach ich nich. Ist das gefährlich..ich meine : zieht man sich, wenn man seine Fotos auf die Festplatte zieht, den Trojaner mit rüber ? Wie gesagt, kann mir das alles gar nicht vorstellen...

markusg · 20.02.2009, 16:18

ist deine platte in letzter zeit dran gewesen? wenn ja schließe sie jetzt mit an und füre combofix aus. wenn nein füre combofix ohne externe platte aus.

Joschel · 20.02.2009, 16:23

nee, die is ganz neu und unverbraucht...ich würde dann combofix ausführen , wenn alle fotos auf der Externen Festplatte sind, und die dann aber auch abmachen...

markusg · 20.02.2009, 16:25

nein, außer du möchtest vllt was auf deiner festplatte haben, erst combofix dann (wenn ihc dir sage) festplatte ranmachen.

Joschel · 20.02.2009, 16:31

wie "wenn ich dir sage" ? .. ich habe Angst um meine Daten wenn ich Combofix jetzt starte, und ALLES weg ist....Deshalb erst auf die externe Festplatte..

markusg · 20.02.2009, 16:33

mach wie du denkst wenn du dann evtl. einen virus auf deiner externen hast, komm dann aber nicht un beschwer dich!
combofix legt back ups an mehrere wenn du den anweisung richtig folge leistest und die rettungskonsole instalierst
deine systemwiderherstellung wird wohl auch aktivirt sein und da kann man auch zurücksetzen

Joschel · 20.02.2009, 16:38

ja, das hab ich mir auch schon gedacht, dass ich dann wohl pech habe. Aber ich machs jetzt so : Fotos auf Festplatte, Festplatte ab, Combofix start. Bericht an euch, Festplatte mit Antivir durchsuchen ...wenn Virus drauf pech gehabt.
Und dann muss ich noch formatieren.

markusg · 20.02.2009, 16:41

das sit zwar umständlich und (sorry) sinnlos aber mach das so

und wenn du diesmal windows neu aufspielst, dann mit servicepacks und updates das antivir und der rest der software noch oder überhaupt läuft ist eigendlich komisch...

20.02.2009, 12:31	#1 (Direktlink)
Joschel Erfolgreich angemeldet Registriert seit: 20.02.2009 Beiträge: 7	Trojaner 'TR/Dldr.Small.dxm.3' Ich habe nicht viel Ahnung von so Virenkram - deshalb die Frage an euch. Hoffentlich könnt Ihr mir helfen... Habe mit Antivir mal den Computer durchsuchen lassen und es hat folgende Datei gefunden : 'TR/Dldr.Small.dxm.3' - ein Trojaner jetzt warnt mich Antivir ständig und ich muss es erst aussschalten um überhaupt irgendetwas machen zu können... Ich habe eure Anleitungen befolgt und den PC Cleaner runtergeladen und auch mal durchlaufen lassen... Dann hab ich auch das Malwarebytes - programm durchlaufen lassen. Später dann noch HIJAckthis nach einem Neustart... So sieht der Bericht aus (bevor ich den Computer neu gestartet habe): Malwarebytes' Anti-Malware 1.34 Datenbank Version: 1780 Windows 5.1.2600 20.02.2009 12:50:07 mbam-log-2009-02-20 (12-50-07).txt Scan-Methode: Vollständiger Scan (C:\\|E:\\|) Durchsuchte Objekte: 130607 Laufzeit: 55 minute(s), 3 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 16 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 13 Infizierte Verzeichnisse: 5 Infizierte Dateien: 78 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\bhonew.bhoapp (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bhonew.bhoapp.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\c3.bho3 (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\c3.bho3.1 (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{35b576b9-5a0f-43d7-8174-2ac714dc3ad2} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0cb66ba8-5e1f-4963-93d1-e1d6b78fe9a2} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{58fb2cbb-c874-45fc-a1c9-b62cc9e3bed9} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{bbd0d9e0-ee99-4c66-ac1e-2e77d40fe7c9} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{y479c6d0-otrw-u5gh-s1ee-e0ac10b4e666} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0cb66ba8-5e1f-4963-93d1-e1d6b78fe9a2} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58fb2cbb-c874-45fc-a1c9-b62cc9e3bed9} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Helper (Spyware.Banker) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\ntos.exe -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Disa bleTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesk top\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\N oSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\N oActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.68 85.255.112.118 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{37ef2a84-f9ad-4dce-a378-a6203b0c8971}\NameServer (Trojan.DNSChanger) -> Data: 192.168.1.1,85.255.112.118 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.68 85.255.112.118 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{37 ef2a84-f9ad-4dce-a378-a6203b0c8971}\NameServer (Trojan.DNSChanger) -> Data: 192.168.1.1,85.255.112.118 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.68 85.255.112.118 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{37 ef2a84-f9ad-4dce-a378-a6203b0c8971}\NameServer (Trojan.DNSChanger) -> Data: 192.168.1.1,85.255.112.118 -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot. C:\Programme\AntiVirusPro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully. C:\Programme\AntiVirusPro\Quarantine (Rogue.AntiVirusPro) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\xpdx.sys (Rootkit.Rustock) -> Delete on reboot. C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot. C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ps1.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rc.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Christine\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Christine\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\n.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gtv_sd.bin (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\din.ip (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ps.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cookie.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\alog.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\bg_bg.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\blank.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\box_1.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\box_2.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\box_3.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\button_buynow.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\button_freescan.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\cell_bg.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\cell_footer.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\cell_header_block.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\cell_header_remove.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\cell_header_scan.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\close_ico.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\detect.htm (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\download_box.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\download_btn.jpg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\download_now_btn.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\footer_back.jpg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\header_1.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\header_2.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\header_3.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\header_4.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\header_red_bg.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\header_red_free_scan.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\icon_warning_big.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\infected.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\main_back.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\product_1_header.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\product_1_name_small.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\product_2_header.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\product_2_name_small.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\product_3_header.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\product_3_name_small.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\product_features.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\pt.htm (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\rating.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\remove_spyware_header.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\s_detect.htm (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\screenshot.jpg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\sep_hor.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\sep_vert.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\shadow.jpg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\shadow_bg.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\spacer.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\spy_away_box.jpg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\spyware_detected.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\star.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\star_gray.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\star_gray_small.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\star_small.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\style.css (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\v.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\warning_ico.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\warning_icon.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\win_logo.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\x.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\yellow_warning_ico.gif (Malware.Trace) -> Quarantined and deleted successfully. HijackThis Bericht ist folgender : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:04:57, on 20.02.2009 Platform: Windows XP (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.20 F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\services.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Programme\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O2 - BHO: Editor plugin - {72B2F3C0-E640-432b-AA0C-5796C6BED160} - ramtask.dll (file missing) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Programme\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - E:\CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing) O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSN RAV - Unknown owner - C:\WINDOWS\system\msnrav.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: ola0kic4sczeb - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing) O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing) -- End of file - 5842 bytes

20.02.2009, 12:54	#2 (Direktlink)
markusg Malware-Team Registriert seit: 30.03.2008 Alter: 25 Beiträge: 8.612	hallo, keine servicepacks kein nichts. das ding muss formatiert werden. ich möchte aber noch ein combofix-log sehen falls neue dateien drauf sind, die wir antivirenherstellern zukommen lassen müssen! Combofix __________________ >>>Supporter des Jahres, jede stimme zählt.<<< http://twitter.com/markusg11 liebermann_frank@yahoo.de

20.02.2009, 13:11	#3 (Direktlink)
markusg Malware-Team Registriert seit: 30.03.2008 Alter: 25 Beiträge: 8.612	das hier: C:\WINDOWS\ServicePackFiles\services.exe hier abkopieren und scannen: VirusTotal - Free Online Virus and Malware Scan wenn kommt, datei bereits analysiert, klicke erneut analysieren. __________________ >>>Supporter des Jahres, jede stimme zählt.<<< http://twitter.com/markusg11 liebermann_frank@yahoo.de

20.02.2009, 15:25	#5 (Direktlink)
markusg Malware-Team Registriert seit: 30.03.2008 Alter: 25 Beiträge: 8.612	wie siehts aus mit formatieren? möchte aber combofix sehen. betreibst du online banking oder so was? __________________ >>>Supporter des Jahres, jede stimme zählt.<<< http://twitter.com/markusg11 liebermann_frank@yahoo.de

20.02.2009, 16:18	#8 (Direktlink)
markusg Malware-Team Registriert seit: 30.03.2008 Alter: 25 Beiträge: 8.612	ist deine platte in letzter zeit dran gewesen? wenn ja schließe sie jetzt mit an und füre combofix aus. wenn nein füre combofix ohne externe platte aus. __________________ >>>Supporter des Jahres, jede stimme zählt.<<< http://twitter.com/markusg11 liebermann_frank@yahoo.de

20.02.2009, 15:04	#4 (Direktlink)
Joschel Erfolgreich angemeldet Registriert seit: 20.02.2009 Beiträge: 7	C:\WINDOWS\ServicePackFiles\services.exe existiert gar nicht auf meinem PC.

20.02.2009, 16:05	#6 (Direktlink)
Joschel Erfolgreich angemeldet Registriert seit: 20.02.2009 Beiträge: 7	bevor ich formatiere, möchte ich erstmal die Daten auf meine externe Festplatte sichern...bei Combofix steht das 1 von 100 Rechner das nicht durchsteht....bin schon am Daten sichern

20.02.2009, 16:12	#7 (Direktlink)
Joschel Erfolgreich angemeldet Registriert seit: 20.02.2009 Beiträge: 7	..also wenigstens die Fotos...Programme sind mir egal. Onlinebanking mach ich nich. Ist das gefährlich..ich meine : zieht man sich, wenn man seine Fotos auf die Festplatte zieht, den Trojaner mit rüber ? Wie gesagt, kann mir das alles gar nicht vorstellen...

20.02.2009, 16:23	#9 (Direktlink)
Joschel Erfolgreich angemeldet Registriert seit: 20.02.2009 Beiträge: 7	nee, die is ganz neu und unverbraucht...ich würde dann combofix ausführen , wenn alle fotos auf der Externen Festplatte sind, und die dann aber auch abmachen...

20.02.2009, 16:25	#10 (Direktlink)
markusg Malware-Team Registriert seit: 30.03.2008 Alter: 25 Beiträge: 8.612	nein, außer du möchtest vllt was auf deiner festplatte haben, erst combofix dann (wenn ihc dir sage) festplatte ranmachen. __________________ >>>Supporter des Jahres, jede stimme zählt.<<< http://twitter.com/markusg11 liebermann_frank@yahoo.de

20.02.2009, 16:31	#11 (Direktlink)
Joschel Erfolgreich angemeldet Registriert seit: 20.02.2009 Beiträge: 7	wie "wenn ich dir sage" ? .. ich habe Angst um meine Daten wenn ich Combofix jetzt starte, und ALLES weg ist....Deshalb erst auf die externe Festplatte..

20.02.2009, 16:33	#12 (Direktlink)
markusg Malware-Team Registriert seit: 30.03.2008 Alter: 25 Beiträge: 8.612	mach wie du denkst wenn du dann evtl. einen virus auf deiner externen hast, komm dann aber nicht un beschwer dich! combofix legt back ups an mehrere wenn du den anweisung richtig folge leistest und die rettungskonsole instalierst deine systemwiderherstellung wird wohl auch aktivirt sein und da kann man auch zurücksetzen __________________ >>>Supporter des Jahres, jede stimme zählt.<<< http://twitter.com/markusg11 liebermann_frank@yahoo.de

20.02.2009, 16:38	#13 (Direktlink)
Joschel Erfolgreich angemeldet Registriert seit: 20.02.2009 Beiträge: 7	ja, das hab ich mir auch schon gedacht, dass ich dann wohl pech habe. Aber ich machs jetzt so : Fotos auf Festplatte, Festplatte ab, Combofix start. Bericht an euch, Festplatte mit Antivir durchsuchen ...wenn Virus drauf pech gehabt. Und dann muss ich noch formatieren.

20.02.2009, 16:41	#14 (Direktlink)
markusg Malware-Team Registriert seit: 30.03.2008 Alter: 25 Beiträge: 8.612	das sit zwar umständlich und (sorry) sinnlos aber mach das so und wenn du diesmal windows neu aufspielst, dann mit servicepacks und updates das antivir und der rest der software noch oder überhaupt läuft ist eigendlich komisch... __________________ >>>Supporter des Jahres, jede stimme zählt.<<< http://twitter.com/markusg11 liebermann_frank@yahoo.de

Themen-Optionen
Druckbare Version zeigen Jemanden per E-Mail auf dieses Thema hinweisen
Ansicht
Linear-Darstellung Zur Hybrid-Darstellung wechseln Zur Baum-Darstellung wechseln

Ähnliche Themen
Thema	Autor	Forum	Antworten	Letzter Beitrag
Trojaner TR/dldr.conhook.gen HILFE!!!	bionic	Viren-Forum	12	24.12.2007 19:47
Trojanische Pferd TR/Agent.AFGS.30, TR/Dldr.Small.fvv	ingrid	Viren-Forum	2	14.10.2007 10:23
Trojaner TR/dldr.ConHook.gen	torti	Viren-Forum	0	17.02.2007 08:51
Hartnäckiger Trojaner ( TR/Dldr.Tiny.BW.1 )	Suprastar	Viren-Forum	1	11.12.2006 21:43
Trojaner TR Small GS2	Albany303	Software - Allgemein	10	14.11.2004 12:18