Trojaner: TR/dldr.Swizzor.Gen - Wie loswerden?

#16 Report von SDFix:


SDFix: Version 1.159

Run by B on 19.03.2008 at 10:53

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 11:01:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
"khjeh"=hex:20,02,00,00,3b,e6,95,ad,b9,fe,9e,a1,07,2e,01,55,f2,4f,88,64,46,..
"hj34z0"=hex:06,7b,6b,da,a8,73,17,21,e6,02,9f,10,d7,fa,ba,2d,75,a7,22,74,2c,..
"hj34z1"=hex:89,7b,6b,da,d0,73,17,21,e7,02,9e,10,d6,fa,ba,2d,75,a7,22,74,4c,..
"hj34z2"=hex:89,7b,6b,da,d0,73,17,21,e7,02,9e,10,d6,fa,ba,2d,75,a7,22,74,4c,..
"hj34z3"=hex:89,7b,6b,da,d0,73,17,21,e7,02,9e,10,d6,fa,ba,2d,75,a7,22,74,4c,..
"hj34z4"=hex:89,7b,6b,da,d0,73,17,21,e7,02,9e,10,d6,fa,ba,2d,75,a7,22,74,4c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43]
"khjeh"=hex:20,02,00,00,30,27,08,66,0e,e8,f1,fb,99,cc,67,87,c8,cc,0f,51,cb,..

scanning hidden registry entries ...

scanning hidden files ...

C:\Dokumente und Einstellungen\B\Desktop\Blatt 6\Lösungen Blatt6 : ***** u *****.zip 1046 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Azureus\\Azureus.exe"="C:\\Programme\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Programme\\PPStream\\PPStream.exe"="C:\\Programme\\PPStream\\PPStream.exe:*:EnabledPStream"
"C:\\Downloads\\Strems\\ppmate.exe"="C:\\Downloads\\Strems\\ppmate.exe:*:EnabledPMate"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe"="C:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe"="C:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Programme\\AOL 9.0\\waol.exe"="C:\\Programme\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Programme\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe"
Fri 5 May 2006 4,348 ..SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Mon 23 Oct 2006 401 ..SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv12.bak"

Finished!



Würdet ihr denn jetzt sagen, dass der Trojaner weg is? Habe zumindest bis jetzt keine weitere Meldung erhalten...
Also vielen Dank Euch!