Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe: TR/Agent.Bl.95 (https://www.trojaner-board.de/25086-hilfe-tr-agent-bl-95-a.html)

Fauchie23 30.12.2005 11:43
Hilfe: TR/Agent.Bl.95
 
Kann mir jemand bei einem Trojaner-Problem behilflich sein?

Hier meine Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 11:43:14, on 30.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\AV Personal\AVGNT.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Mixer.exe
D:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMME\AV PERSONAL\AVGUARD.EXE
D:\Programme\AV Personal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
F:\Antivirus\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - d:\programme\WS_FTP Pro\wsbho2k0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AVGCtrl] "D:\Programme\AV Personal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "d:\games\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Free Software - D:\Programme\Cool Web Scrollbars\hh.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094289871569
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAMME\AV PERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AV Personal\AVWUPSRV.EXE

hoerni26 30.12.2005 11:46
hallo,

welches problem hast du denn genau??
ich kann in deinem log nämlich nix auffälliges finden.

Fauchie23 30.12.2005 11:54
Antivir bringt mir ständig meldungen über einen Trojaner TR/Agent.Bl.95, vorallem wenn ich spybot oder Adaware laufen lasse.

Kannst du mir vielleicht eine gute (kostenlose) Firewall empfehlen? (hab aber einen router)

hoerni26 30.12.2005 11:56
ok dann mach folgendes...
mache bitte Hier einen Online scan und poste das ergebniss.

Fauchie23 30.12.2005 12:06
ok, bin dabei...dauer aber wie´s scheint ein bisschen...hoffe du hast zeit ;) (da wär ich dir dankbar)

hoerni26 30.12.2005 12:09
ja kein problem..
halbe stunde hab ich noch..

Fauchie23 30.12.2005 12:31
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, December 30, 2005 12:33:35
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 30/12/2005
Kaspersky Anti-Virus database records: 158068
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\

Scan Statistics:
Total number of scanned objects: 16864
Number of viruses found: 3
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 529 sec

Infected Object Name - Virus Name
C:\WINDOWS\combit.ini:olrhrl:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\combit.ini:tmdwur:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\DtcInstall.log:ksgxzt:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\explorer.scf:zmcroy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\Feder.bmp:ctzkue:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\GetServer.ini:xbjwtk:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\hhs.url:qbcbwu:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\KB887742.log:mdoofn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB890046.log:noefvk:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\winamp.ini:rvpdob:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\wmprfhun.prx:ntwke:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\wmprfptb.prx:yvhvbi:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\wmprfsky.prx:rvridt:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\_default.pif:tueui:$DATA Infected: Trojan-Downloader.Win32.Agent.td

Scan process completed.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131