Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan-Dropper.Win32.Agent.dsm

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.01.2008, 08:48   #1
Babs12345
 
Trojan-Dropper.Win32.Agent.dsm - Standard

Trojan-Dropper.Win32.Agent.dsm



Hallo, also GData hat den Trojaner Trojan-Dropper.Win32.Agent.dsm gefunden, und ich habe in den letzen MOnaten immer wieder Trojaner gehabt. ( Virusscan war immer aktiv und aktuell, ebenso Spybot etc.).

Was muss ich tun dass i die Plagegeister wegbekomme, wenn möglich ohne den Comp neu aufzusetzen. nachdem immer wieder nach den HijackThis log file gefragt wird, poste ich das gleich mit :-)

Logfile of HijackThis v1.99.1
Scan saved at 08:40:42, on 21.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programme\G DATA AntiVirus\AVK\AVKWCtl.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\G DATA AntiVirus\AVK\AVK.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\DOKUME~1\****\LOKALE~1\Temp\Temporäres Verzeichnis 3 für hijackthis_199[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.gmx.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA AntiVirus\Webfilter\AVKWebIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA AntiVirus\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Programme\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Übertragen mit Image Converter 2 Plus - C:\Programme\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - h**p://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - h**p://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - h**p://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167681568875
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photoup...eUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\G DATA AntiVirus\AVK\AVKService.exe (file missing)
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirus\AVK\AVKWCtl.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe




Vielen Dank, lg
Babs

Geändert von Babs12345 (21.01.2008 um 09:08 Uhr)

Alt 21.01.2008, 10:52   #2
Chris4You
 
Trojan-Dropper.Win32.Agent.dsm - Standard

Trojan-Dropper.Win32.Agent.dsm



Hi,

bitte folgendes durchführen: Combofix & silentrunner
combofix:
Lade es von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.

Silentrunner:
Ziparchive in ein Verzeichnis auspacken, mit Doppelklick starten, "ja" auswählen.
Die erstellte Datei findet sich im gleichen Verzeichnis wo das Script hinkopiert wurde, bitte in Editor laden und posten.
http://www.silentrunners.org/Silent%20Runners.zip

chris
__________________

__________________

Alt 21.01.2008, 23:42   #3
Babs12345
 
Trojan-Dropper.Win32.Agent.dsm - Standard

Trojan-Dropper.Win32.Agent.dsm



Danke für die rasche Antwort und Hilfe :-)


Also die Scanlogs:

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"VAIO Update 3" = ""C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary" ["Sony Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0124123D-61B4-456f-AF86-78C53A0790C5}\(Default) = "G DATA WebFilter Class"
-> {HKLM...CLSID} = "G DATA WebFilter"
\InProcServer32\(Default) = "C:\Programme\G DATA AntiVirus\Webfilter\AVKWebIE.dll" ["G DATA Software AG"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~2\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}\(Default) = "Browser Address Error Redirector"
-> {HKLM...CLSID} = "CBrowserHelperObject Object"
\InProcServer32\(Default) = "C:\PROGRA~1\GOOGLE~1\BAE.dll" ["Sony Corp."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{ED58A35B-B554-42AF-A26C-6F3D424200D3}" = "Sony Power Management Extensiond"
-> {HKLM...CLSID} = "SPMPanel"
\InProcServer32\(Default) = "C:\Programme\Sony\VAIO Power Management\SPMPanel.dll" ["Sony Corporation"]
"{C6643EC0-49AC-4c15-A455-04104DB900A9}" = "Image Converter context menu extension"
-> {HKLM...CLSID} = "Image Converter context menu"
\InProcServer32\(Default) = "C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll" [" "]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> VESWinlogon\DLLName = "VESWinlogon.dll" ["Sony Corporation"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"
-> {HKLM...CLSID} = "AVK9ContextMenue"
\InProcServer32\(Default) = "C:\Programme\G DATA AntiVirus\AVK\ShellExt.dll" ["G DATA Software AG"]
ImageConverter2\(Default) = "{C6643EC0-49AC-4c15-A455-04104DB900A9}"
-> {HKLM...CLSID} = "Image Converter context menu"
\InProcServer32\(Default) = "C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll" [" "]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
ImageConverter2\(Default) = "{C6643EC0-49AC-4c15-A455-04104DB900A9}"
-> {HKLM...CLSID} = "Image Converter context menu"
\InProcServer32\(Default) = "C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll" [" "]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"
-> {HKLM...CLSID} = "AVK9ContextMenue"
\InProcServer32\(Default) = "C:\Programme\G DATA AntiVirus\AVK\ShellExt.dll" ["G DATA Software AG"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoCDBurning" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
{unrecognized setting}

"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Babsi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{0124123D-61B4-456F-AF86-78C53A0790C5}" = "G DATA WebFilter"
-> {HKLM...CLSID} = "G DATA WebFilter"
\InProcServer32\(Default) = "C:\Programme\G DATA AntiVirus\Webfilter\AVKWebIE.dll" ["G DATA Software AG"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~2\SDHelper.dll" ["Safer Networking Limited"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Active File Monitor V4, AdobeActiveFileMonitor4.0, "C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe" [null data]
AVK Wächter, AVKWCtl, "C:\Programme\G DATA AntiVirus\AVK\AVKWCtl.exe" ["G DATA Software AG"]
G DATA AntiVirus Proxy, AVKProxy, ""C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe"" ["G DATA Software AG"]
Intel(R) PROSet/Wireless Event Log, EvtEng, "C:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Service, S24EventMonitor, "C:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]
lxcz_device, lxcz_device, "C:\WINDOWS\system32\lxczcoms.exe -service" [" "]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Media Center-Planerdienst, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
MSSQL$VAIO_VEDB, MSSQL$VAIO_VEDB, "C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB" [null data]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
VAIO Entertainment Database Service, VzCdbSvc, ""C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe"" ["Sony Corporation"]
VAIO Entertainment File Import Service, VzFw, "C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe" ["Sony Corporation"]
VAIO Entertainment UPnP Client Adapter, Vcsw, "C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM" ["Sony Corporation"]
VAIO Event Service, VAIO Event Service, "C:\Programme\Sony\VAIO Event Service\VESMgr.exe" ["Sony Corporation"]
Viewpoint Manager Service, Viewpoint Manager Service, ""C:\Programme\Viewpoint\Common\ViewpointService.exe"" ["Viewpoint Corporation"]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
1200 Series Port\Driver = "lxczlmpm.dll" [" "]
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
hpzsnt08\Driver = "hpzsnt08.dll" ["HP"]
Lexmark Print-2-Fax Port\Driver = "LXPRMON.DLL" [empty string]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Toshiba Bluetooth Monitor\Driver = "tbtmon.dll" ["Toshiba America Business Solutions, Inc."]


---------- (launch time: 2008-01-21 23:35:30)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 24 seconds.
---------- (total run time: 65 seconds)



ComboFix 08-01-20.1 - Babsi 2008-01-21 23:24:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.399 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Babsi\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((( Dateien erstellt von 2007-12-21 bis 2008-01-21 ))))))))))))))))))))))))))))))
.

2008-01-21 23:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 02:47 . 2008-01-17 02:47 <DIR> d-------- C:\Programme\Zortam Mp3 Media Studio
2008-01-17 02:47 . 2008-01-17 02:47 <DIR> d-------- C:\Programme\Netflix
2008-01-17 02:47 . 2008-01-17 02:47 <DIR> d-------- C:\Programme\MP3Find
2008-01-17 02:47 . 2008-01-17 02:47 <DIR> d-------- C:\Programme\Lavasoft
2008-01-17 02:47 . 2008-01-17 02:47 <DIR> d-------- C:\Programme\IObit
2008-01-17 02:47 . 2008-01-17 02:47 <DIR> d-------- C:\Programme\Inode
2008-01-17 02:47 . 2008-01-17 02:47 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype
2008-01-15 20:45 . 2003-03-11 10:04 266,240 --a------ C:\WINDOWS\system32\hpdj3600
2008-01-15 20:44 . 2007-01-15 16:35 142,720 --a------ C:\WINDOWS\hpdj3600.hi1
2008-01-15 20:44 . 2007-01-15 16:35 7,314 --a------ C:\WINDOWS\hpdj3600.bu1
2008-01-15 09:11 . 2008-01-17 02:43 <DIR> d-------- C:\Programme\Messenger(2)
2008-01-15 09:11 . 2007-06-26 11:41 9,271,864 -----c--- C:\WINDOWS\system32\dllcache\ehcir.ird
2008-01-15 09:10 . 2008-01-15 09:10 <DIR> d-------- C:\WINDOWS\l2schemas
2008-01-15 09:10 . 2008-01-15 09:10 <DIR> d-------- C:\Programme\msn(2)
2008-01-15 09:05 . 2008-01-15 09:11 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-15 09:00 . 2006-12-29 20:02 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-01-15 09:00 . 2006-12-29 20:21 64,352 --------- C:\WINDOWS\system32\drivers\ativmc20.cod
2008-01-15 08:58 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002940_.tmp
2008-01-15 07:35 . 2008-01-17 02:45 <DIR> d-------- C:\Programme\Canon
2008-01-15 07:26 . 2008-01-15 07:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Canon
2008-01-14 21:39 . 2007-03-08 16:36 579,072 --a------ C:\WINDOWS\system32\user32.dll
2008-01-14 21:39 . 2007-03-08 16:36 579,072 -----c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-01-14 06:24 . 2008-01-17 02:46 <DIR> d-------- C:\Programme\Spybot - Search & Destroy(2)
2008-01-11 05:20 . 2008-01-17 02:46 <DIR> d-------- C:\Programme\Netflix(2)
2008-01-07 10:21 . 2008-01-07 10:21 <DIR> d-------- C:\Dokumente und Einstellungen\Babsi\.thumbnails
2008-01-07 10:18 . 2008-01-17 02:47 <DIR> d-------- C:\Dokumente und Einstellungen\Babsi\.gimp-2.4
2008-01-07 10:16 . 2008-01-17 02:47 <DIR> d-------- C:\Programme\GIMP-2.0
2008-01-04 21:13 . 2008-01-17 01:53 <DIR> d-------- C:\Dokumente und Einstellungen\Babsi\Anwendungsdaten\skypePM
2008-01-04 21:13 . 2008-01-04 21:13 32 --a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2007-12-26 20:23 . 2007-12-26 20:23 <DIR> d-------- C:\Dokumente und Einstellungen\Babsi\Anwendungsdaten\Viewpoint

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 05:37 --------- d-----w C:\Dokumente und Einstellungen\Babsi\Anwendungsdaten\Skype
2008-01-17 03:14 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-01-17 01:58 --------- d-----w C:\Programme\Me-on.net
2008-01-17 01:56 --------- d-----w C:\Programme\Google
2008-01-17 01:48 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-01-17 01:41 --------- d-----w C:\Programme\Hewlett-Packard
2008-01-12 00:53 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2007-11-30 07:53 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
2007-11-30 07:11 --------- d-----w C:\Programme\Sony
2007-11-28 17:37 47,184 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2007-11-28 17:37 41,928 ----a-w C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2007-11-28 17:37 31,432 ----a-w C:\WINDOWS\system32\drivers\HookCentre.sys
2007-11-28 17:36 --------- d-----w C:\Programme\Gemeinsame Dateien\G DATA
2007-11-28 17:36 --------- d-----w C:\Programme\G DATA AntiVirus
2007-11-28 17:33 --------- d-----w C:\Dokumente und Einstellungen\Babsi\Anwendungsdaten\InstallShield
2007-11-07 09:27 729,600 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:35 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,293,312 ----a-w C:\WINDOWS\system32\quartz(2).dll
2007-10-25 16:42 8,501,248 ----a-w C:\WINDOWS\system32\shell32(2).dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-12-29 18:48 0 ----a-w C:\Dokumente und Einstellungen\Babsi\Anwendungsdaten\wklnhst.dat
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 02:50 7561216]
"VAIO Update 3"="C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 19:41 546936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 13:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

R2 AVKProxy;G DATA AntiVirus Proxy;"C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe" [2007-08-15 08:50]
R2 AVKWCtl;AVK Wächter;C:\Programme\G DATA AntiVirus\AVK\AVKWCtl.exe [2007-07-16 23:45]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-11-28 18:37]
R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-08 23:50]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 16:55]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Programme\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
R3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-11-28 18:37]
R3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-11-28 18:37]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 10:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-01-24 13:46]
S2 AVKService;AVK Service;C:\Programme\G DATA AntiVirus\AVK\AVKService.exe []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Programme\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 18:10]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 16:23]

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 23:27:36
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-01-21 23:28:08
.
2007-11-14 08:47:43 --- E O F ---
__________________

Alt 22.01.2008, 07:37   #4
Chris4You
 
Trojan-Dropper.Win32.Agent.dsm - Standard

Trojan-Dropper.Win32.Agent.dsm



Hi,

weder das Silentrunner noch das combofix-Log geben was auffälliges her...
Hast Du Gdata-Antivirus oder GData-Internetsecurity?
Beim ersten würde ich noch eine zusätzliche Firewall empfehlen, wenn Gdata über keine Verfügt...

Machen wir noch einen Scan mit Prevx:
http://www.prevx.com/freescan.asp
Falls PrevX was findet, poste das Log...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Trojan-Dropper.Win32.Agent.dsm
adobe, antivirus, bho, browser, converter, error, excel, g data, gdata, google, helper, hijack, hijackthis, hijackthis log, immer wieder, internet, internet explorer, log file, monitor, mssql, photoshop, registry, rundll, server, software, system, trojaner, windows, windows xp



Ähnliche Themen: Trojan-Dropper.Win32.Agent.dsm


  1. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  2. "trojan-dropper.win32.Agent.dglg" und "trojan.Win32.Autohit.wh"
    Log-Analyse und Auswertung - 03.02.2011 (10)
  3. Trojan-Dropper.Win32.Agent.dw - Wie Löschen?
    Plagegeister aller Art und deren Bekämpfung - 14.01.2011 (1)
  4. Mehrere Viren u.a. Trojan-Dropper.Win32.FrauDrop.bdq, Trojan.Win32.Generic
    Log-Analyse und Auswertung - 13.09.2010 (5)
  5. antivir 2010 runtergeladen inkl. trojanern, würmern etc. - Trojan-Dropper.Win32.Agent
    Plagegeister aller Art und deren Bekämpfung - 17.01.2010 (1)
  6. Trojan.Win32.Agent.delx ; Trojan-Downloader.Win32.Agent.bvst; HackTool.Win32.Kiser.fb
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  7. trojan-dropper.win32.agent.auxc
    Plagegeister aller Art und deren Bekämpfung - 02.07.2009 (3)
  8. Was macht trojan-dropper.win32.agent.aarf ?
    Plagegeister aller Art und deren Bekämpfung - 28.12.2008 (0)
  9. Trojan-Dropper.Win32.Agent.dtk
    Plagegeister aller Art und deren Bekämpfung - 21.03.2008 (1)
  10. ntkrnlpa.exe infiziert von "Trojan-Dropper.Win32.Agent.bwf"
    Plagegeister aller Art und deren Bekämpfung - 17.09.2007 (6)
  11. Trojan-Dropper.Win32.Agent.bip
    Plagegeister aller Art und deren Bekämpfung - 19.08.2007 (5)
  12. Trojan-Dropper.Win32.Agent.apu
    Plagegeister aller Art und deren Bekämpfung - 08.07.2006 (5)
  13. Trojan.Banker.VB.0D9D0998 und Trojan-Dropper.Win32.Agent.wd
    Log-Analyse und Auswertung - 04.10.2005 (2)
  14. Trojan-dropper.win32.Agent.vj
    Log-Analyse und Auswertung - 24.09.2005 (5)
  15. Trojan-Dropper.Win32.Agent.er , soll ich neuaufsetzen?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2005 (5)
  16. Trojan-Dropper.Win32.Agent.dw
    Plagegeister aller Art und deren Bekämpfung - 18.01.2005 (11)
  17. HackTool.Win32.Hidd.c / TrojanSpy.Win32.Agent.w / Trojan-Downloader.Win32.Agent.fy
    Plagegeister aller Art und deren Bekämpfung - 21.12.2004 (3)

Zum Thema Trojan-Dropper.Win32.Agent.dsm - Hallo, also GData hat den Trojaner Trojan-Dropper.Win32.Agent.dsm gefunden, und ich habe in den letzen MOnaten immer wieder Trojaner gehabt. ( Virusscan war immer aktiv und aktuell, ebenso Spybot etc.). Was - Trojan-Dropper.Win32.Agent.dsm...
Archiv
Du betrachtest: Trojan-Dropper.Win32.Agent.dsm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.