TR/Patched BD.136 bitte um HighjackThis-Logfile-Auswertung



Hilfe ! Antivir meldet Trojaner(TR/Patched BD.136),kann ihn aber nicht löschen.
Spybot S&D (nach infektion installiert) hat TR/Patched BD.136 nicht erkannt !
Infiziert ist die Datei C/Windows/System32/sens.dll

Was soll ich tun ?

Vielen Dank im Voraus !!
Hier mein Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 14:55:09, on 23.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Programme\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Programme\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_S80.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099467877859
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Programme\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


MfG
BobbyOne
 

sens.dll hatten wir schon
http://forum.hijackthis.de/showthread.php?p=190084

nur kennt nun Antivir das auch mal

also lösche den Kram

ComboFix 08-04-28.2 - Lorenz 2008-04-29 13:53:15.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.204 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Lorenz\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((   Dateien erstellt von 2008-03-28 bis 2008-04-29  ))))))))))))))))))))))))))))))
.

2008-04-29 12:33 . 2008-04-29 12:33   <DIR>   d--------   C:\Programme\Malwarebytes' Anti-Malware
2008-04-29 12:33 . 2008-04-29 12:33   <DIR>   d--------   C:\Dokumente und Einstellungen\Lorenz\Anwendungsdaten\Malwarebytes
2008-04-29 12:33 . 2008-04-29 12:33   <DIR>   d--------   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-04-29 12:30 . 2008-04-29 12:30   <DIR>   d--------   C:\_OTMoveIt
2008-04-25 09:47 . 2008-04-25 09:54   <DIR>   d--------   C:\Programme\Unlocker
2008-04-18 20:20 . 2008-04-20 12:06   <DIR>   d-a------   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-04-18 20:12 . 2008-04-20 12:18   <DIR>   d--------   C:\Programme\Google
2008-04-18 14:44 . 2008-04-18 14:44   <DIR>   d--------   C:\Programme\Spybot - Search & Destroy
2008-04-18 14:44 . 2008-04-18 15:12   <DIR>   d--------   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-04-10 12:01 . 2008-04-10 12:01   33,846   --a------   C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.bmp
2008-04-10 12:01 . 2008-04-10 12:01   2,339   --a------   C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 10:45   ---------   d-----w   C:\Programme\Feurio
2008-04-23 12:32   ---------   d-----w   C:\Programme\FlashGet
2008-04-20 21:27   ---------   d-----w   C:\Programme\Java
2008-04-20 10:44   ---------   d-----w   C:\Programme\Gemeinsame Dateien\Adobe
2008-04-10 10:01   131,072   ----a-w   C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-23 18:14   ---------   d--h--w   C:\Programme\InstallShield Installation Information
2008-03-23 18:14   ---------   d-----w   C:\Programme\TrekStor
2008-03-23 18:13   ---------   d-----w   C:\Programme\Gemeinsame Dateien\InstallShield
2008-03-07 16:27   ---------   d-----w   C:\Programme\Zylom Games
.

------- Sigcheck -------

2005-05-25 21:07  359936  63fdfea54eb53de2d863ee454937ce1e   C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 19:07  360448  5562cc0a47b2aef06d3417b733f3c195   C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2002-08-29 02:58  332928  244a2f9816bc9b593957281ef577d976   C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 21:04  359808  88763a98a4c26c409741b4aa162720c9   C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28  359808  583e063fdc888ca30d05c2724b0d7ef4   C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2004-08-04 00:14  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 13:51  359808  1dbf125862891817f374f407626967f4   C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 13:51  359808  b4e29943b4b04bd5e7381546848e6669   C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:57 15360]
"RemoteCenter"="C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 10:33 135168]
"RemoteControl"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 09:52 94208]
"Creative MediaSource Go"="C:\Programme\Creative\MediaSource\Go\CTCMSGo.exe" [2003-02-20 11:30 126976]
"EPSON Stylus D78 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.exe" [2006-09-22 04:01 139264]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18 49152]
"CTHelper"="CTHELPER.EXE" [2002-12-19 08:59 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 01:58 12288 C:\WINDOWS\system32\regsvr32.exe]
"SBDrvDet"="C:\Programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"CTStartup"="C:\Programme\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 02:04 49152]
"PCTVOICE"="pctspk.exe" [2002-03-14 04:07 163840 C:\WINDOWS\system32\pctspk.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-01-10 11:02 4239360]
"nwiz"="nwiz.exe" [2003-01-10 11:02 315392 C:\WINDOWS\system32\nwiz.exe]
"RemoteCenter"="" []
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 23:51 262401]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"basicsmssmenu"="C:\Programme\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 17:21 169328]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"UnlockerAssistant"="C:\Programme\Unlocker\UnlockerAssistant.exe" [2008-02-27 18:33 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:57 15360]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Programme\\FlashGet\\flashget.exe"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2008-04-14 23:51]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 21:27]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-04-14 23:51]
R2 Basics Service;Basics Service;C:\Programme\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 17:21]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2003-01-06 09:24]
S3 StMp3Rec;Treiber für Player-Wiederherstellungsgerät;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-02-15 15:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42f231fb-a007-11dc-be97-001109818930}]
\Shell\AutoRun\command - H:\Launch.exe /run

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2008-03-19 19:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 13:55:12
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTStartup = "C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE" /run??Z??wd???*??w????h?@?x???wD???sx??s,????y??w?@@@?|D@@??>??w????p93?H???|???|?|L(?sp93???/?s??D?(+?s@@@?D???`|?w???@

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-04-29 13:56:45
ComboFix-quarantined-files.txt  2008-04-29 11:56:30

               9 Verzeichnis(se),  6,768,414,720 Bytes frei
              11 Verzeichnis(se),  8,646,008,832 Bytes frei

121