TR/Dldr.Swizzor.Gen --> was tun?

chilly-vanilly · 20.01.2008, 23:18

mein virenprogramm zeigt mir seit neustem den fund des trojaners TR/Dldr.Swizzor.Gen... wie bekomm ich ihn wieder weg?? hab nicht besonders viel ahnung im umgang mit so etwas...

hier mein HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:47, on 20.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
d:\NetScreen\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
F:\Creative Suite\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\NetScreen\IPSecMon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
D:\FIREFOX\FIREFOX.EXE
F:\Creative Suite\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
D:\TrueImage\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
D:\Cinergy 600 TV\TTTVRC.exe
C:\WINDOWS\System32\TTTimer.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
D:\Logitech\iTouch\iTouch.exe
D:\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Logitech\MouseWare\system\em_exec.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
F:\Creative Suite\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
F:\Creative Suite\Adobe Acrobat 7.0\Distillr\Acrotray.exe
D:\Programme\ICQLite\ICQLite.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Logitech\Gaming Software\LWEMon.exe
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\DAEMON Tools\daemon.exe
D:\Bluetooth Software\BTTray.exe
D:\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\InterVideo\WinDVR\WinScheduler.exe
D:\Programme\NETGEAR\WPN111\wpn111.exe
D:\NetScreen\SafeCfg.exe
D:\Bluetooth Software\btsendto_explorer.exe
C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
D:\Cinergy 600 TV\TerraTV App.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Firefox\firefox.exe
d:\WinRAR\WinRAR.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
d:\WinRAR\WinRAR.exe
C:\Dokumente und Einstellungen\****\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.euro.dell.com/countries/de/deu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.euro.dell.com/countries/de/deu/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 198.3.128.10:80
O1 - Hosts: 212.227.126.13 lyra
O1 - Hosts: 212.227.126.5 lyra2
O1 - Hosts: 212.227.126.12 mapibe02
O1 - Hosts: 212.227.126.14 mapibe03
O1 - Hosts: 212.227.126.2 mapibe04
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Creative Suite\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Creative Suite\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Creative Suite\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] d:\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] d:\Cinergy 600 TV\TTTVRC.exe
O4 - HKLM\..\Run: [TerraTec Scheduler] C:\WINDOWS\System32\TTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "F:\Creative Suite\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "F:\Creative Suite\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ICQ Lite] "D:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Date Army Wma Spam] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Peak ooze date army\browse bind.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [COPYCHIC] C:\DOKUME~1\Sebi\ANWEND~1\PLAYMU~1\Sixth Setup Road.exe
O4 - HKCU\..\Run: [DAEMON Tools] "d:\DAEMON Tools\daemon.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = D:\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Lexware Info Service.lnk = C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: NetScreen-Remote.lnk = D:\NetScreen\SafeCfg.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://F:\Creative Suite\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://F:\Creative Suite\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://F:\Creative Suite\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://F:\Creative Suite\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://F:\Creative Suite\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://F:\Creative Suite\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://F:\Creative Suite\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://F:\Creative Suite\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\PartyPoker\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\PartyPoker\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://80.146.244.90/vdesk/cachecleaner.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - h
h**ps://80.146.244.90/vdesk/terminal/urxvpn.cab#version=5400,0,50316,1
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - h**ps://80.146.244.90/vdesk/terminal/urTermProxy.cab#version=5400,0,50412,1
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.schuelervz.net/photouploader/ImageUploader4.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/vod/dmd/WMDownload.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://80.146.244.90/vdesk/terminal/urxshost.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - h**ps://80.146.244.90/vdesk/terminal/urxhost.cab#version=5400,0,50316,1
O17 - HKLM\System\CCS\Services\Tcpip\..\{928E3DC6-F977-4F74-8681-BD2B1F4A2E79}: NameServer = 192.168.120.252,192.168.120.253
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - F:\Creative Suite\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - d:\NetScreen\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - d:\NetScreen\IreIKE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - d:\VNC4\WinVNC4.exe (file missing)

--
End of file - 15257 bytes

KarlKarl · 21.01.2008, 02:02

Hi,

Hier ist die Anleitung zum entfernen von Swizzor. auf deinem System geht es um folgende Verzeichnisse:

Code:

ATTFilter

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Peak ooze date army
C:\DOKUME~1\Sebi\ANWEND~1\PLAYMU~1

Danach stell bitte ein neues Log rein.

Gruß, Karl

21.01.2008, 02:02	#2
KarlKarl /// Helfer-Team	TR/Dldr.Swizzor.Gen --> was tun? Hi, Hier ist die Anleitung zum entfernen von Swizzor. auf deinem System geht es um folgende Verzeichnisse: Code: ATTFilter C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Peak ooze date army C:\DOKUME~1\Sebi\ANWEND~1\PLAYMU~1 Danach stell bitte ein neues Log rein. Gruß, Karl __________________

TR/Dldr.Swizzor.Gen --> was tun?

Mülltonne: TR/Dldr.Swizzor.Gen --> was tun?

TR/Dldr.Swizzor.Gen --> was tun?

TR/Dldr.Swizzor.Gen --> was tun?

Ähnliche Themen: TR/Dldr.Swizzor.Gen --> was tun?