TR/Dldr.Swizzor.Gen - Hilfe!

the-spider · 06.05.2007, 19:18

Hallo,
ich habe mir leider den Trojaner TR/Dldr.Swizzor.Gen eingefangen, wie kann ich den am Besten wieder entfernen?

Zitat:

Logfile of HijackThis v1.99.1
Scan saved at 20:05:24, on 06.05.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\EMCSoftware\EMCSI.exe
C:\WINNT\System32\Hummbird\inetd32.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\SYSTEM32\Rpcnet.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINNT\system32\Atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\EMCSoftware\EMCSIUser.exe
C:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Documents and Settings\musteh\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.deu.chello.at/ssi/welcom...e.php?url=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by chello broadband n.v.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEHlprObj Class - {35EB9C91-1CA6-11d5-8B2B-00C04F779127} - C:\PROGRA~1\INS\VITALA~1\Program\VAIEHE~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [BeepJunkLicenseBags] C:\Documents and Settings\All Users\Application Data\First Base Beep Junk\slowcorn.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [for locks] C:\DOCUME~1\musteh\APPLIC~1\shimhole\Slow Meow.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\ipsecdialer.exe
O4 - Global Startup: EMCSI.lnk = C:\EMCSoftware\EMCSIUser.exe
O4 - Global Startup: VitalAgent.lnk = C:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.deu.chello.at/ssi/welcome/welcome.php?url=home
O16 - DPF: {8C28EFD7-767B-11D1-8400-000000000000} - http://irco1bqy1/components/Brio.Insight.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.emc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{09E286D1-C3AA-448B-8227-50DFB87C5244}: NameServer = 195.34.133.21,195.34.133.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{5231088A-C735-41A9-93DA-B47438C8D0F6}: NameServer = 212.19.48.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.emc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = corp.emc.com,isus.emc.com,lss.emc.com,eng.emc.com,webo.dg.com,us.dg.com,rtp.dg.com,emc.com,legato.com,documentum.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{09E286D1-C3AA-448B-8227-50DFB87C5244}: NameServer = 195.34.133.21,195.34.133.22
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.emc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = corp.emc.com,isus.emc.com,lss.emc.com,eng.emc.com,webo.dg.com,us.dg.com,rtp.dg.com,emc.com,legato.com,documentum.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{09E286D1-C3AA-448B-8227-50DFB87C5244}: NameServer = 195.34.133.21,195.34.133.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.emc.com,isus.emc.com,lss.emc.com,eng.emc.com,webo.dg.com,us.dg.com,rtp.dg.com,emc.com,legato.com,documentum.com
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: EMC Software Install Manager (EMCSI) - EMC - C:\EMCSoftware\EMCSI.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINNT\System32\Hummbird\inetd32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Navisphere Agent (Navisphere_Agent) - Unknown owner - C:\Program Files\Emc\Navisphere Agent\NaviAgent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINNT\SYSTEM32\Rpcnet.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Ich bitte um Hilfe, da ich ratlos bin - Danke

Gruß
Thomas

Achja: Er liegt im Verzeichnis C:/DOCUME~1/musteh/.../Slow Meow.exe

irrlicht · 06.05.2007, 22:01

Hallo,
arbeite das hier ab :http://www.trojaner-board.de/28388-a...ntfernung.html

Wichtig für dich ist :

Zitat:

O4 - HKLM\..\Run: [BeepJunkLicenseBags] C:\Documents and Settings\All Users\Application Data\First Base Beep Junk\slowcorn.exe

Zitat:

O2 - BHO: IEHlprObj Class - {35EB9C91-1CA6-11d5-8B2B-00C04F779127} - C:\PROGRA~1\INS\VITALA~1\Program\VAIEHE~1.DLL

Irrlicht

TR/Dldr.Swizzor.Gen - Hilfe!

Plagegeister aller Art und deren Bekämpfung: TR/Dldr.Swizzor.Gen - Hilfe!

TR/Dldr.Swizzor.Gen - Hilfe!

TR/Dldr.Swizzor.Gen - Hilfe!

Ähnliche Themen: TR/Dldr.Swizzor.Gen - Hilfe!