![]() |
bds agent/ay bitte helfen!!! hallo! bekomme seit einigen tagen immer wieder meldungen von meinem avguard, dass folgende dateien eine signatur des backdoorprogramms bds agent/ay enthält, nach dem löschen der dateien ist eine zeitlang ruhe, doch nächsten tag ists das gleiche spiel E:\PROGRAMME\GEMEINSAME DATEIEN\PNNNDHPT\NTPJABDR\HFBRJBPL.EXE E:\PROGRAMME\GEMEINSAME DATEIEN\PNNNDHPT\PHCJLJTNFC\PPBTJAFPT.EXE E:\RECYCLER\NPROTECT\00013356.EXE E:\RECYCLER\NPROTECT\00013380.EXE E:\SYSTEM VOLUME INFORMATION\_RESTORE{18801312-D1C5-429D-B1C3-C40488504CEB}\RP138\A0030057.EXE E:\SYSTEM VOLUME INFORMATION\_RESTORE{18801312-D1C5-429D-B1C3-C40488504CEB}\RP138\A0030058.EXE E:\SYSTEM VOLUME INFORMATION\_RESTORE{18801312-D1C5-429D-B1C3-C40488504CEB}\RP138\A0031034.EXE E:\SYSTEM VOLUME INFORMATION\_RESTORE{18801312-D1C5-429D-B1C3-C40488504CEB}\RP138\A0031036.EXE habe mittlerweile schon ein hijackthis log: Logfile of HijackThis v1.99.0 Scan saved at 19:04:56, on 15.12.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\spoolsv.exe E:\Programme\QuickTime\qttask.exe E:\Programme\Java\j2re1.4.2_03\bin\jusched.exe E:\Programme\DelFin\PromulGate\PgMonitr.exe E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe E:\WINDOWS\system32\RunDll32.exe E:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe F:\Programme\ICQ\NDetect.exe E:\WINDOWS\system32\rundll32.exe F:\Programme\Winamp\winampa.exe F:\Programme\Network Associates\VirusScan\SHSTAT.EXE F:\Programme\Network Associates\Common Framework\UpdaterUI.exe E:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe E:\NONAME\PROGRAMME\AVIR\AVGNT.EXE E:\WINDOWS\system32\ctfmon.exe C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe F:\Programme\mozilla.org\Mozilla\Mozilla.exe E:\Programme\Gemeinsame Dateien\GMT\GMT.exe E:\WINDOWS\System32\P2P Networking\P2P Networking.exe E:\NONAME\PROGRAMME\AVIR\AVGUARD.EXE E:\NONAME\PROGRAMME\AVIR\AVWUPSRV.EXE E:\WINDOWS\System32\gearsec.exe F:\Programme\Network Associates\Common Framework\FrameworkService.exe F:\Programme\Network Associates\VirusScan\Mcshield.exe F:\Programme\Network Associates\VirusScan\VsTskMgr.exe f:\programme\norton utilities\NPROTECT.EXE f:\programme\Speed Disk\nopdb.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\wuauclt.exe C:\downloaded programs\hijackthis199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-sea...=sbar1_srchbtn R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-sea...ook=stmpl1&fw= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-sea...ook=stmpl1&fw= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-sea...=sbar1_srchbtn R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-sea...ook=stmpl1&fw= R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-sea...ook=stmpl1&fw= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-sea...ook=stmpl1&fw= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-sea...ook=stmpl1&fw= R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-sea...ook=stmpl1&fw= R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - E:\Programme\se\v11\se.DLL O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - E:\Programme\se\v11\se.DLL O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - E:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - E:\Programme\Recommended Hotfix - 421701D\v15\RH.DLL O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - E:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - E:\Programme\NewDotNet\newdotnet6_38.dll O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - E:\Programme\MediaLoads Enhanced\ME2.DLL O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - E:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\NONAME\PROGRAMME\ALK\DRAGDIAG.EXE" /ICON O4 - HKLM\..\Run: [iTunesHelper] E:\NONAME\PROGRAMME\ITUNES\ITUNESHELPER.EXE O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [MediaLoads Installer] "E:\Programme\DownloadWare\dw.exe" /H O4 - HKLM\..\Run: [PromulGate] "E:\Programme\DelFin\PromulGate\PgMonitr.exe" O4 - HKLM\..\Run: [TkBellExe] "E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [updmgr] E:\Programme\Common files\updmgr\updmgr.exe O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [CMESys] "E:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [Search-Exe] "E:\Programme\se\v11\se.EXE" /H O4 - HKLM\..\Run: [Mirabilis ICQ] F:\Programme\ICQ\NDetect.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [WinampAgent] F:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [ShStatEXE] "F:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "F:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "E:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVGCtrl] E:\NONAME\PROGRAMME\AVIR\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Mozilla Quick Launch] "f:\Programme\mozilla.org\Mozilla\Mozilla.exe" -turbo O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: GStartup.lnk = E:\Programme\Gemeinsame Dateien\GMT\GMT.exe O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Norton System Doctor.lnk = F:\Programme\norton utilities\SYSDOC32.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - F:\Programme\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - F:\Programme\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {D34151C8-0C6C-4A7D-B677-4FCC9552E957} (snConnect Class) - http://www.bcnx.com/SunInfoConnect_w...com_medium.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.download-url.de/install/StarInstall.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{9FCE3D9D-9EFD-43AB-B79A-A2C14E18090E}: NameServer = 131.130.1.11,131.130.1.12 O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - E:\NONAME\PROGRAMME\AVIR\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - E:\NONAME\PROGRAMME\AVIR\AVWUPSRV.EXE O23 - Service: Gear Security Service - GEAR Software - E:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service - Apple Computer, Inc. - E:\Programme\iPod\bin\iPodService.exe O23 - Service: McAfee Framework-Dienst - Network Associates, Inc. - F:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield - Network Associates, Inc. - F:\Programme\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager - Network Associates, Inc. - F:\Programme\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - f:\programme\norton utilities\NPROTECT.EXE O23 - Service: Speed Disk service - Symantec Corporation - f:\programme\Speed Disk\nopdb.exe mit der bitte um hilfe holterdiepolter |
|
Alle Zeitangaben in WEZ +1. Es ist jetzt 09:05 Uhr. |
Copyright ©2000-2025, Trojaner-Board