TR/Dldr.Agent.td.52

Dieses Thema TR/Dldr.Agent.td.52 im Forum "Windows XP Forum" wurde erstellt von ..martin??, 26. Dez. 2005.

Thema: TR/Dldr.Agent.td.52 kann mir jemand helfen ? ich habe immer wieder obenstehenden trojaner auf meinem rechner trotz Norten und AV  :-\...

  1. kann mir jemand helfen ? ich habe immer wieder obenstehenden trojaner auf meinem rechner trotz Norten und AV  :-\

    Logfile of HijackThis v1.99.1
    Scan saved at 19:54:31, on 26.12.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\DeTeWe\OpenDimension\winsuite\strtfx.exe
    C:\Programme\DeTeWe\OpenDimension\winsuite\sndml.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\PROGRA~1\TCMCOM~1\PS2USBKBDDrv.exe
    C:\PROGRA~1\TCMCOM~1\MouseDrv.exe
    C:\Programme\Online-Dienste\Software\T-DSL SpeedManager\SpeedMgr.exe
    C:\WINDOWS\system32\d3ni32.exe
    C:\DOKUME~1\a\LOKALE~1\Temp\9.tmp.exe
    C:\DOKUME~1\a\LOKALE~1\Temp\D.tmp.exe
    C:\Programme\AVPersonal\AVGNT.EXE
    C:\Programme\DeTeWe\OpenDimension\winsuite\TrayLaunch.exe
    C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Programme\DeTeWe\OpenDimension\driver\Capictrl.exe
    C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\addkp.exe
    C:\Programme\AVPersonal\AVGUARD.EXE
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\Programme\Norton AntiVirus\navapsvc.exe
    C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Programme\Online-Dienste\Software\T-DSL SpeedManager\tsmsvc.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\alles mögliche\hijackthis_199\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uhryl.dll/sp.html#53142%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\uhryl.dll/sp.html#53142%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uhryl.dll/sp.html#53142%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uhryl.dll/sp.html#53142%resultposition.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uhryl.dll/sp.html#53142%resultposition.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uhryl.dll/sp.html#53142%resultposition.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Class - {08B37597-543F-3682-9CE8-5399FDD1AF1B} - C:\WINDOWS\ielp.dll
    O2 - BHO: Class - {4849CC41-E5B8-C97A-A0FB-FF6DEB5992B1} - C:\WINDOWS\system32\mfcqe.dll
    O2 - BHO: Class - {9434255B-D282-E431-E0E7-8744033717AD} - C:\WINDOWS\system32\winpb.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Class - {D033B853-9148-9372-30B3-265A478B1228} - C:\WINDOWS\winzc32.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.2607.0\de\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [strtfx] C:\Programme\DeTeWe\OpenDimension\winsuite\strtfx.exe
    O4 - HKLM\..\Run: [sndml] C:\Programme\DeTeWe\OpenDimension\winsuite\sndml.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [TCMKeyboard ] C:\PROGRA~1\TCMCOM~1\PS2USBKBDDrv.exe
    O4 - HKLM\..\Run: [TCMMouse ] C:\PROGRA~1\TCMCOM~1\MouseDrv.exe
    O4 - HKLM\..\Run: [T-DSL SpeedMgr] C:\Programme\Online-Dienste\Software\T-DSL SpeedManager\SpeedMgr.exe
    O4 - HKLM\..\Run: [gcasServ] C:\Programme\Microsoft AntiSpyware\gcasServ.exe
    O4 - HKLM\..\Run: [NAVNet] C:\Dokumente und Einstellungen\a\Startmenü\Programme\Autostart\ms.exe /m
    O4 - HKLM\..\Run: [d3ni32.exe] C:\WINDOWS\system32\d3ni32.exe
    O4 - HKLM\..\Run: [9.tmp] C:\DOKUME~1\a\LOKALE~1\Temp\9.tmp.exe
    O4 - HKLM\..\Run: [D.tmp] C:\DOKUME~1\a\LOKALE~1\Temp\D.tmp.exe
    O4 - HKLM\..\Run: [9.tmp.exe] C:\DOKUME~1\a\LOKALE~1\Temp\9.tmp.exe
    O4 - HKLM\..\Run: [D.tmp.exe] C:\DOKUME~1\a\LOKALE~1\Temp\D.tmp.exe
    O4 - HKLM\..\Run: [B.tmp] C:\DOKUME~1\a\LOKALE~1\Temp\B.tmp.exe
    O4 - HKLM\..\Run: [B.tmp.exe] C:\DOKUME~1\a\LOKALE~1\Temp\B.tmp.exe
    O4 - HKLM\..\Run: [C.tmp] C:\DOKUME~1\a\LOKALE~1\Temp\C.tmp.exe
    O4 - HKLM\..\Run: [19.tmp] C:\DOKUME~1\a\LOKALE~1\Temp\19.tmp.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [19.tmp.exe] C:\DOKUME~1\a\LOKALE~1\Temp\19.tmp.exe
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
    O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:eek:s_startup
    O4 - HKCU\..\Run: [LauncherStart] C:\Programme\DeTeWe\OpenDimension\winsuite\TrayLaunch.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
    O4 - Startup: CAPIControl.lnk = ?
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra->Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
    O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup_deu.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5C2A9DD2-09EE-480C-80FC-5A14A9A64E70}: NameServer = 217.237.151.225 217.237.150.225
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5C2A9DD2-09EE-480C-80FC-5A14A9A64E70}: NameServer = 217.237.151.225 217.237.150.225
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5C2A9DD2-09EE-480C-80FC-5A14A9A64E70}: NameServer = 217.237.151.225 217.237.150.225
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll (file missing)
    O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addkp.exe
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    O23 - Service: GhostStartService - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE (file missing)
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\Online-Dienste\Software\T-DSL SpeedManager\tsmsvc.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
     
  2. Ich kenn mich zwar mit deinen progs nicht aus, aber hast du vll eine Regel zu einem Programm erstellt die zulääst das die mit dem inet conenctet?
    vll bezieht der imemrweider den gleichen Trojaner
     
  3. du hast ne Menge Mist drauf

    schon mal über eine Neuinstallation gedacht? :-X

    pan_fee