Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   bds agent/ay bitte helfen!!! (https://www.trojaner-board.de/10807-bds-agent-ay-bitte-helfen.html)

holterdiepolter 15.12.2004 19:12

bds agent/ay bitte helfen!!!
 
hallo!

bekomme seit einigen tagen immer wieder meldungen von meinem avguard, dass folgende dateien eine signatur des backdoorprogramms bds agent/ay enthält, nach dem löschen der dateien ist eine zeitlang ruhe, doch nächsten tag ists das gleiche spiel

E:\PROGRAMME\GEMEINSAME DATEIEN\PNNNDHPT\NTPJABDR\HFBRJBPL.EXE

E:\PROGRAMME\GEMEINSAME DATEIEN\PNNNDHPT\PHCJLJTNFC\PPBTJAFPT.EXE

E:\RECYCLER\NPROTECT\00013356.EXE

E:\RECYCLER\NPROTECT\00013380.EXE

E:\SYSTEM VOLUME INFORMATION\_RESTORE{18801312-D1C5-429D-B1C3-C40488504CEB}\RP138\A0030057.EXE

E:\SYSTEM VOLUME INFORMATION\_RESTORE{18801312-D1C5-429D-B1C3-C40488504CEB}\RP138\A0030058.EXE

E:\SYSTEM VOLUME INFORMATION\_RESTORE{18801312-D1C5-429D-B1C3-C40488504CEB}\RP138\A0031034.EXE

E:\SYSTEM VOLUME INFORMATION\_RESTORE{18801312-D1C5-429D-B1C3-C40488504CEB}\RP138\A0031036.EXE


habe mittlerweile schon ein hijackthis log:


Logfile of HijackThis v1.99.0
Scan saved at 19:04:56, on 15.12.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Programme\QuickTime\qttask.exe
E:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
E:\Programme\DelFin\PromulGate\PgMonitr.exe
E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
E:\WINDOWS\system32\RunDll32.exe
E:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
F:\Programme\ICQ\NDetect.exe
E:\WINDOWS\system32\rundll32.exe
F:\Programme\Winamp\winampa.exe
F:\Programme\Network Associates\VirusScan\SHSTAT.EXE
F:\Programme\Network Associates\Common Framework\UpdaterUI.exe
E:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
E:\NONAME\PROGRAMME\AVIR\AVGNT.EXE
E:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe
F:\Programme\mozilla.org\Mozilla\Mozilla.exe
E:\Programme\Gemeinsame Dateien\GMT\GMT.exe
E:\WINDOWS\System32\P2P Networking\P2P Networking.exe
E:\NONAME\PROGRAMME\AVIR\AVGUARD.EXE
E:\NONAME\PROGRAMME\AVIR\AVWUPSRV.EXE
E:\WINDOWS\System32\gearsec.exe
F:\Programme\Network Associates\Common Framework\FrameworkService.exe
F:\Programme\Network Associates\VirusScan\Mcshield.exe
F:\Programme\Network Associates\VirusScan\VsTskMgr.exe
f:\programme\norton utilities\NPROTECT.EXE
f:\programme\Speed Disk\nopdb.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
C:\downloaded programs\hijackthis199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-sea...=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-sea...=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - E:\Programme\se\v11\se.DLL
O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - E:\Programme\se\v11\se.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - E:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - E:\Programme\Recommended Hotfix - 421701D\v15\RH.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - E:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - E:\Programme\NewDotNet\newdotnet6_38.dll
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - E:\Programme\MediaLoads Enhanced\ME2.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - E:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\NONAME\PROGRAMME\ALK\DRAGDIAG.EXE" /ICON
O4 - HKLM\..\Run: [iTunesHelper] E:\NONAME\PROGRAMME\ITUNES\ITUNESHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MediaLoads Installer] "E:\Programme\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [PromulGate] "E:\Programme\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [updmgr] E:\Programme\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [CMESys] "E:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Search-Exe] "E:\Programme\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [Mirabilis ICQ] F:\Programme\ICQ\NDetect.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [WinampAgent] F:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "F:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "F:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "E:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] E:\NONAME\PROGRAMME\AVIR\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "f:\Programme\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = E:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = F:\Programme\norton utilities\SYSDOC32.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - F:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - F:\Programme\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {D34151C8-0C6C-4A7D-B677-4FCC9552E957} (snConnect Class) - http://www.bcnx.com/SunInfoConnect_w...com_medium.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.download-url.de/install/StarInstall.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FCE3D9D-9EFD-43AB-B79A-A2C14E18090E}: NameServer = 131.130.1.11,131.130.1.12
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - E:\NONAME\PROGRAMME\AVIR\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - E:\NONAME\PROGRAMME\AVIR\AVWUPSRV.EXE
O23 - Service: Gear Security Service - GEAR Software - E:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - E:\Programme\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework-Dienst - Network Associates, Inc. - F:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - F:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - F:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - f:\programme\norton utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - f:\programme\Speed Disk\nopdb.exe


mit der bitte um hilfe
holterdiepolter

Cidre 15.12.2004 19:19

Hallo

Arbeite dich hier durch: http://www.trojaner-board.de/search.php?searchid=132852


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131