Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   bds agent/ay bitte helfen!!! (https://www.trojaner-board.de/10807-bds-agent-ay-bitte-helfen.html)

holterdiepolter 15.12.2004 19:12
bds agent/ay bitte helfen!!!
 
hallo!

bekomme seit einigen tagen immer wieder meldungen von meinem avguard, dass folgende dateien eine signatur des backdoorprogramms bds agent/ay enthält, nach dem löschen der dateien ist eine zeitlang ruhe, doch nächsten tag ists das gleiche spiel

E:\PROGRAMME\GEMEINSAME DATEIEN\PNNNDHPT\NTPJABDR\HFBRJBPL.EXE

E:\PROGRAMME\GEMEINSAME DATEIEN\PNNNDHPT\PHCJLJTNFC\PPBTJAFPT.EXE

E:\RECYCLER\NPROTECT\00013356.EXE

E:\RECYCLER\NPROTECT\00013380.EXE

E:\SYSTEM VOLUME INFORMATION\_RESTORE{18801312-D1C5-429D-B1C3-C40488504CEB}\RP138\A0030057.EXE

E:\SYSTEM VOLUME INFORMATION\_RESTORE{18801312-D1C5-429D-B1C3-C40488504CEB}\RP138\A0030058.EXE

E:\SYSTEM VOLUME INFORMATION\_RESTORE{18801312-D1C5-429D-B1C3-C40488504CEB}\RP138\A0031034.EXE

E:\SYSTEM VOLUME INFORMATION\_RESTORE{18801312-D1C5-429D-B1C3-C40488504CEB}\RP138\A0031036.EXE


habe mittlerweile schon ein hijackthis log:


Logfile of HijackThis v1.99.0
Scan saved at 19:04:56, on 15.12.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Programme\QuickTime\qttask.exe
E:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
E:\Programme\DelFin\PromulGate\PgMonitr.exe
E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
E:\WINDOWS\system32\RunDll32.exe
E:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
F:\Programme\ICQ\NDetect.exe
E:\WINDOWS\system32\rundll32.exe
F:\Programme\Winamp\winampa.exe
F:\Programme\Network Associates\VirusScan\SHSTAT.EXE
F:\Programme\Network Associates\Common Framework\UpdaterUI.exe
E:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
E:\NONAME\PROGRAMME\AVIR\AVGNT.EXE
E:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe
F:\Programme\mozilla.org\Mozilla\Mozilla.exe
E:\Programme\Gemeinsame Dateien\GMT\GMT.exe
E:\WINDOWS\System32\P2P Networking\P2P Networking.exe
E:\NONAME\PROGRAMME\AVIR\AVGUARD.EXE
E:\NONAME\PROGRAMME\AVIR\AVWUPSRV.EXE
E:\WINDOWS\System32\gearsec.exe
F:\Programme\Network Associates\Common Framework\FrameworkService.exe
F:\Programme\Network Associates\VirusScan\Mcshield.exe
F:\Programme\Network Associates\VirusScan\VsTskMgr.exe
f:\programme\norton utilities\NPROTECT.EXE
f:\programme\Speed Disk\nopdb.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
C:\downloaded programs\hijackthis199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-sea...=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-sea...=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - E:\Programme\se\v11\se.DLL
O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - E:\Programme\se\v11\se.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - E:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - E:\Programme\Recommended Hotfix - 421701D\v15\RH.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - E:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - E:\Programme\NewDotNet\newdotnet6_38.dll
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - E:\Programme\MediaLoads Enhanced\ME2.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - E:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\NONAME\PROGRAMME\ALK\DRAGDIAG.EXE" /ICON
O4 - HKLM\..\Run: [iTunesHelper] E:\NONAME\PROGRAMME\ITUNES\ITUNESHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MediaLoads Installer] "E:\Programme\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [PromulGate] "E:\Programme\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [updmgr] E:\Programme\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [CMESys] "E:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Search-Exe] "E:\Programme\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [Mirabilis ICQ] F:\Programme\ICQ\NDetect.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [WinampAgent] F:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "F:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "F:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "E:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] E:\NONAME\PROGRAMME\AVIR\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "f:\Programme\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = E:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = F:\Programme\norton utilities\SYSDOC32.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - F:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - F:\Programme\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {D34151C8-0C6C-4A7D-B677-4FCC9552E957} (snConnect Class) - http://www.bcnx.com/SunInfoConnect_w...com_medium.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.download-url.de/install/StarInstall.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FCE3D9D-9EFD-43AB-B79A-A2C14E18090E}: NameServer = 131.130.1.11,131.130.1.12
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - E:\NONAME\PROGRAMME\AVIR\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - E:\NONAME\PROGRAMME\AVIR\AVWUPSRV.EXE
O23 - Service: Gear Security Service - GEAR Software - E:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - E:\Programme\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework-Dienst - Network Associates, Inc. - F:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - F:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - F:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - f:\programme\norton utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - f:\programme\Speed Disk\nopdb.exe


mit der bitte um hilfe
holterdiepolter

Cidre 15.12.2004 19:19
Hallo

Arbeite dich hier durch: http://www.trojaner-board.de/search.php?searchid=132852


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:36 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19