Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: agent.ruo oder bei mir: kbdqnbfb.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.03.2010, 21:26   #1
Fonzy
 
agent.ruo oder bei mir: kbdqnbfb.dll - Icon32

agent.ruo oder bei mir: kbdqnbfb.dll



Hallo,
wie einigen anderen hat es auch meinen PC erwischt und er wurde vom agent.ruo Trojaner befallen.
Antivir konnte keine Lösung des Problems erbringen.
Die Datei dazu, kbdqnbfb.dll, befindet sich im system32-Ordner.

Danke schonmal für eure Hilfe

Hier der log von OSAM:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:14:24 on 28.03.2010

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"EasyShare Registration Task.job" - "Eastman Kodak Company" - D:\DOKUME~1\ALLUSE~1\ANWEND~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.50.2.sxt
"GoogleUpdateTaskUserS-1-5-21-790525478-1326574676-725345543-1003Core.job" - "Google Inc." - D:\Dokumente und Einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"javacpl.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Nero BurnRights" - "Ahead Software AG" - D:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - D:\WINDOWS\System32\DRIVERS\AegisP.sys
"atksgt" (atksgt) - ? - D:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"AVG Anti-Spyware Clean Driver" (AvgAsCln) - "GRISOFT, s.r.o." - D:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
"AVG Anti-Spyware Driver" (AVG Anti-Spyware Driver) - ? - D:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys (File not found)
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys
"Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys (File not found)
"d347bus" (d347bus) - " " - D:\WINDOWS\System32\DRIVERS\d347bus.sys
"d347prt" (d347prt) - " " - D:\WINDOWS\System32\Drivers\d347prt.sys
"drhard" (drhard) - "Licensed for Gebhard Software" - D:\WINDOWS\system32\drivers\drhard.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - D:\WINDOWS\system32\DRIVERS\ENTECH.sys
"giveio" (giveio) - ? - D:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"InCD Reader" (InCDRm) - ? - D:\WINDOWS\System32\drivers\InCDRm.sys (File not found)
"InCDPass" (InCDPass) - ? - D:\WINDOWS\System32\drivers\InCDPass.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - D:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - D:\WINDOWS\System32\drivers\npf.sys
"PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - D:\WINDOWS\System32\Drivers\PxHelp20.sys
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - D:\WINDOWS\System32\speedfan.sys
"srescan" (srescan) - "Zone Labs, LLC" - D:\WINDOWS\System32\ZoneLabs\srescan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"VClone" (VClone) - "Elaborate Bytes AG" - D:\WINDOWS\System32\DRIVERS\VClone.sys
"vsdatant" (vsdatant) - "Zone Labs, LLC" - D:\WINDOWS\System32\vsdatant.sys
"WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"winebe" (winebe) - "Microsoft Corporation" - D:\WINDOWS\system32\drivers\winebe.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - D:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - D:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office\OFFICE11\msohev.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{6B3A1F0C-C382-40d6-AA13-33B0AB46EEAA} "ShellExt.BatchResultContextMenu" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{82C62DC5-1A4B-43ac-92C8-571410996B45} "ShellExt.CommandShellExtension" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - D:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? - (File not found | COM-object registry key not found)
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - D:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - D:\WINDOWS\system32\uxtuneup.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - D:\Programme\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "ZLAVShExt Class" - "Zone Labs, LLC" - D:\Programme\ZoneAlarm\zlavscan.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / file://D:\WINDOWS\Java\classes\dajava.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://D:\WINDOWS\Java\classes\xmldso.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - ? - D:\Programme\ICQLite\ICQLite.exe (File not found)
"ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Hama Wireless LAN Utility.lnk" - "Hama GmbH & Co KG" - D:\Programme\Hama\Common\RaUI.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\Andy\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"ZoneAlarm Client" - "Zone Labs, LLC" - "D:\Programme\ZoneAlarm\zlclient.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - D:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AccSys WLAN Control Service" (accvssvc) - "AccSys GmbH" - D:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - D:\WINDOWS\system32\ati2sgag.exe
"AVG Anti-Spyware Guard" (AVG Anti-Spyware Guard) - "GRISOFT s.r.o." - D:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - D:\Programme\NOS\bin\getPlus_Helper.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - D:\WINDOWS\system32\IoctlSvc.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - D:\WINDOWS\System32\uxtuneup.dll
"Volumeschattenkopie" (VSS) - ? - D:\WINDOWS\System32\vssvc.exe (File not found)

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "John Walker" - D:\WINDOWS\Earth.scr
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

Alt 29.03.2010, 20:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



Hallo und

Code:
ATTFilter
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"winebe" (winebe) - "Microsoft Corporation" - D:\WINDOWS\system32\drivers\winebe.sys
         
Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM und lass die Dateien


D:\WINDOWS\system32\drivers\winebe.sys
D:\WINDOWS\system32\drivers\wdica.sys


bei Virustotal auswerten. Bitte dann die Ergebnislinks jeder Datei posten.
__________________

__________________

Alt 30.03.2010, 16:54   #3
Fonzy
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



D:\WINDOWS\system32\drivers\winebe.sys
Virustotallink: https://www.virustotal.com/de/analisis/55e128a1bdb2b4356cc8b71bd89cc54934df56d082dc10e494ebc503596fe793-1269963057

D:\WINDOWS\system32\drivers\wdica.sys
diese Datei ist bereits gelöscht, zumindest finde ich sie nicht mehr

der zweite osam-log:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:53:10 on 30.03.2010

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-790525478-1326574676-725345543-1003Core.job" - "Google Inc." - D:\Dokumente und Einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
(Disabled) "EasyShare Registration Task.job" - "Eastman Kodak Company" - D:\DOKUME~1\ALLUSE~1\ANWEND~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.50.2.sxt

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"javacpl.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Nero BurnRights" - "Ahead Software AG" - D:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - D:\WINDOWS\System32\DRIVERS\AegisP.sys
"AVG Anti-Spyware Clean Driver" (AvgAsCln) - "GRISOFT, s.r.o." - D:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
"AVG Anti-Spyware Driver" (AVG Anti-Spyware Driver) - ? - D:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys (File not found)
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys
"Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys (File not found)
"d347bus" (d347bus) - " " - D:\WINDOWS\System32\DRIVERS\d347bus.sys
"d347prt" (d347prt) - " " - D:\WINDOWS\System32\Drivers\d347prt.sys
"drhard" (drhard) - "Licensed for Gebhard Software" - D:\WINDOWS\system32\drivers\drhard.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - D:\WINDOWS\system32\DRIVERS\ENTECH.sys
"i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"InCD Reader" (InCDRm) - ? - D:\WINDOWS\System32\drivers\InCDRm.sys (File not found)
"InCDPass" (InCDPass) - ? - D:\WINDOWS\System32\drivers\InCDPass.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"pavboot" (pavboot) - "Panda Security, S.L." - D:\WINDOWS\System32\drivers\pavboot.sys
"PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - D:\WINDOWS\System32\Drivers\PxHelp20.sys
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - D:\WINDOWS\System32\speedfan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"VClone" (VClone) - "Elaborate Bytes AG" - D:\WINDOWS\System32\DRIVERS\VClone.sys
"vsdatant" (vsdatant) - "Check Point Software Technologies LTD" - D:\WINDOWS\System32\vsdatant.sys
(Disabled) "atksgt" (atksgt) - ? - D:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
(Disabled) "giveio" (giveio) - ? - D:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information)
(Disabled) "lirsgt" (lirsgt) - ? - D:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
(Disabled) "NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - D:\WINDOWS\System32\drivers\npf.sys
(Disabled) "WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys (File not found)
(Disabled) "winebe" (winebe) - "Microsoft Corporation" - D:\WINDOWS\system32\drivers\winebe.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - D:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - D:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office\OFFICE11\msohev.dll
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found)
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{6B3A1F0C-C382-40d6-AA13-33B0AB46EEAA} "ShellExt.BatchResultContextMenu" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{82C62DC5-1A4B-43ac-92C8-571410996B45} "ShellExt.CommandShellExtension" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - D:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? - (File not found | COM-object registry key not found)
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - D:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - D:\WINDOWS\system32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
(Disabled) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
(Disabled) {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - D:\Programme\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information)
(Disabled) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / file://D:\WINDOWS\Java\classes\dajava.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://D:\WINDOWS\Java\classes\xmldso.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - ? - D:\Programme\ICQLite\ICQLite.exe (File not found)
"ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Hama Wireless LAN Utility.lnk" - "Hama GmbH & Co KG" - D:\Programme\Hama\Common\RaUI.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\Andy\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"ZoneAlarm Client" - "Check Point Software Technologies LTD" - "D:\Programme\Zone Labs2\ZoneAlarm\zlclient.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - D:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AccSys WLAN Control Service" (accvssvc) - "AccSys GmbH" - D:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - D:\WINDOWS\system32\ati2sgag.exe
"AVG Anti-Spyware Guard" (AVG Anti-Spyware Guard) - "GRISOFT s.r.o." - D:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - D:\Programme\NOS\bin\getPlus_Helper.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - D:\WINDOWS\system32\IoctlSvc.exe
"TrueVector Internet Monitor" (vsmon) - "Check Point Software Technologies LTD" - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - D:\WINDOWS\System32\uxtuneup.dll
(Disabled) "Volumeschattenkopie" (VSS) - ? - D:\WINDOWS\System32\vssvc.exe (File not found)

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "John Walker" - D:\WINDOWS\Earth.scr
-----( HKCU\Control Panel\IOProcs )-----
(Disabled) "MVB" - ? - mvfs32.dll (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
__________________

Alt 30.03.2010, 17:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



Zitat:
(Disabled) "atksgt" (atksgt) - ? - D:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
(Disabled) "giveio" (giveio) - ? - D:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information)
(Disabled) "lirsgt" (lirsgt) - ? - D:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
(Disabled) "NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - D:\WINDOWS\System32\drivers\npf.sys
(Disabled) "WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys (File not found)
(Disabled) "winebe" (winebe) - "Microsoft Corporation" - D:\WINDOWS\system32\drivers\winebe.sys
Hast Du noch mehr außer den zwei von mir genannten deaktiviert?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.03.2010, 18:18   #5
Fonzy
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



Zitat:
Zitat von cosinus Beitrag anzeigen
Hast Du noch mehr außer den zwei von mir genannten deaktiviert?
(Disabled) "atksgt" (atksgt) - ? - D:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
(Disabled) "giveio" (giveio) - ? - D:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information)
(Disabled) "lirsgt" (lirsgt) - ? - D:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
(Disabled) "NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - D:\WINDOWS\System32\drivers\npf.sys

ja, diese 4,
bei letzten (npf.sys) erschien der Zusatz "Risk" (?)

soll ich sie wieder aktivieren?


Alt 30.03.2010, 18:20   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



Ich hab Dir nur zwei genannt, wieso deaktivierst Du gleich irgendwelche anderen?
__________________
--> agent.ruo oder bei mir: kbdqnbfb.dll

Alt 30.03.2010, 18:30   #7
Fonzy
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



entschuldigung, ich war etwas übereifrig

hier nun der Log, nach Reaktivierung der 4

Deaktivierung der beiden von dir genannten und Neustart:

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 19:28:40 on 30.03.2010

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-790525478-1326574676-725345543-1003Core.job" - "Google Inc." - D:\Dokumente und Einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
(Disabled) "EasyShare Registration Task.job" - "Eastman Kodak Company" - D:\DOKUME~1\ALLUSE~1\ANWEND~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.50.2.sxt

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"javacpl.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Nero BurnRights" - "Ahead Software AG" - D:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - D:\WINDOWS\System32\DRIVERS\AegisP.sys
"AVG Anti-Spyware Clean Driver" (AvgAsCln) - "GRISOFT, s.r.o." - D:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
"AVG Anti-Spyware Driver" (AVG Anti-Spyware Driver) - ? - D:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys (File not found)
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys
"Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys (File not found)
"d347bus" (d347bus) - " " - D:\WINDOWS\System32\DRIVERS\d347bus.sys
"d347prt" (d347prt) - " " - D:\WINDOWS\System32\Drivers\d347prt.sys
"drhard" (drhard) - "Licensed for Gebhard Software" - D:\WINDOWS\system32\drivers\drhard.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - D:\WINDOWS\system32\DRIVERS\ENTECH.sys
"i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"InCD Reader" (InCDRm) - ? - D:\WINDOWS\System32\drivers\InCDRm.sys (File not found)
"InCDPass" (InCDPass) - ? - D:\WINDOWS\System32\drivers\InCDPass.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"pavboot" (pavboot) - "Panda Security, S.L." - D:\WINDOWS\System32\drivers\pavboot.sys
"PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - D:\WINDOWS\System32\Drivers\PxHelp20.sys
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - D:\WINDOWS\System32\speedfan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"VClone" (VClone) - "Elaborate Bytes AG" - D:\WINDOWS\System32\DRIVERS\VClone.sys
"vsdatant" (vsdatant) - "Check Point Software Technologies LTD" - D:\WINDOWS\System32\vsdatant.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - D:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - D:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office\OFFICE11\msohev.dll
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found)
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{6B3A1F0C-C382-40d6-AA13-33B0AB46EEAA} "ShellExt.BatchResultContextMenu" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{82C62DC5-1A4B-43ac-92C8-571410996B45} "ShellExt.CommandShellExtension" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - D:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? - (File not found | COM-object registry key not found)
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - D:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - D:\WINDOWS\system32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / file://D:\WINDOWS\Java\classes\dajava.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://D:\WINDOWS\Java\classes\xmldso.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - ? - D:\Programme\ICQLite\ICQLite.exe (File not found)
"ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Hama Wireless LAN Utility.lnk" - "Hama GmbH & Co KG" - D:\Programme\Hama\Common\RaUI.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\Andy\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"ZoneAlarm Client" - "Check Point Software Technologies LTD" - "D:\Programme\Zone Labs2\ZoneAlarm\zlclient.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - D:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AccSys WLAN Control Service" (accvssvc) - "AccSys GmbH" - D:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - D:\WINDOWS\system32\ati2sgag.exe
"AVG Anti-Spyware Guard" (AVG Anti-Spyware Guard) - "GRISOFT s.r.o." - D:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - D:\Programme\NOS\bin\getPlus_Helper.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - D:\WINDOWS\system32\IoctlSvc.exe
"TrueVector Internet Monitor" (vsmon) - "Check Point Software Technologies LTD" - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - D:\WINDOWS\System32\uxtuneup.dll
(Disabled) "Volumeschattenkopie" (VSS) - ? - D:\WINDOWS\System32\vssvc.exe (File not found)

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "John Walker" - D:\WINDOWS\Earth.scr
-----( HKCU\Control Panel\IOProcs )-----
(Disabled) "MVB" - ? - mvfs32.dll (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

Alt 30.03.2010, 18:51   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



Ok. Agent.ruo dürfte jetzt nicht mehr aufpoppen.


Bitte nun diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! )

Falls Du Probleme mit Malwarebytes hast (startet nicht, Updates laden nicht etc.), das hier beachten > http://www.trojaner-board.de/82699-m...tet-nicht.html

Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen!


Falls RSIT nicht startet: im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen

Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.03.2010, 18:14   #9
Fonzy
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



hier die verschiedenen logs in einer .rar Datei

viel Erfolg damit und Danke

w*w.file-upload.net/download-2395846/logs.rar.html

Alt 06.04.2010, 17:52   #10
Fonzy
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



push

ist alles in Ordnung mit den Logs oder muss ich noch etwas einstellen/entfernen??

MfG Fonzy

Alt 06.04.2010, 18:18   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



Sry, hab Deinen Strang voll übersehen. Ich seh mir die Logs gleich an!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.04.2010, 18:39   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



Die Logs sind imho okay. mach aber bitte noch nen Vollscan mit Malwarebytes (vorher die Datenbanken/Signaturen aktualisieren), Du hattest da nur nen Quickscan gemacht.

Agent.ruo wird nicht mehr gemeldet?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.04.2010, 18:44   #13
Fonzy
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



agent.ruo hat sich nicht mehr gemeldet, zum Glück

den Scan mit Malwarebytes führe ich sofort durch

danke schön

Alt 06.04.2010, 20:37   #14
Fonzy
 
agent.ruo oder bei mir: kbdqnbfb.dll - Standard

agent.ruo oder bei mir: kbdqnbfb.dll



Malwarebytes' Anti-Malware 1.45
Malwarebytes

Datenbank Version: 3960

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

06.04.2010 21:34:23
mbam-log-2010-04-06 (21-34-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|Q:\|)
Durchsuchte Objekte: 279482
Laufzeit: 1 Stunde(n), 43 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\System Volume Information\_restore{E3DB6B87-9E92-4C59-9E2B-B4F7F2A92FC1}\RP347\A0083805.sys (Rootkit.Agent) -> No action taken.

Antwort

Themen zu agent.ruo oder bei mir: kbdqnbfb.dll
7-zip, adobe, agent.ruo, antivir guard, antivirus, autorun, avg, avgnt.exe, avira, browser, components, desktop, desktop.ini, document, einstellungen, explorer, firefox, helper, internet, internet explorer, logfile, malware, mozilla, plug-in, registry, registry key, rundll, shortcut, software, trojaner, windows, windows xp, wireless lan, wlan



Ähnliche Themen: agent.ruo oder bei mir: kbdqnbfb.dll


  1. InstallShield Update Service Agent deinstallieren oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 09.02.2014 (3)
  2. Pud.Adware.Agent entfernt oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (2)
  3. Antivir zeigt dauernd: TR/Spy.Farko.lw oder TR/Rogue.kdv.651759 oder TR/Spy.Agent.ccfd usw.
    Log-Analyse und Auswertung - 08.07.2012 (1)
  4. RKIT/Agent.biiu entfernt oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (1)
  5. FIREFOX und IE8 stürzen ab oder Vista fährt herunter. (JAVA/Agent.M.1?)
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (22)
  6. Sauber oder nicht (Trojan.Generic/Backdoor.Win32.Agent.afqs)
    Plagegeister aller Art und deren Bekämpfung - 21.04.2009 (0)
  7. Virus oder Trojaner evtl. Trojan Agent oderUserinti.exe
    Log-Analyse und Auswertung - 09.03.2009 (1)
  8. trojan dropper.SEH oder W32/Agent.HZTR
    Plagegeister aller Art und deren Bekämpfung - 01.03.2009 (47)
  9. Hab ich den Trojan.Agent oder Antivirus 2008 oder 2009
    Plagegeister aller Art und deren Bekämpfung - 26.02.2009 (1)
  10. AntiVir findet Virus oder unerwünschtes Programm TR/Agent.105720
    Plagegeister aller Art und deren Bekämpfung - 25.02.2009 (3)
  11. Wurm Worm.Win32.AutoRun.vmq oder TR/Dldr.Agent.jag
    Plagegeister aller Art und deren Bekämpfung - 21.01.2009 (0)
  12. wurde ein Virus oder unerwünschtes Programm 'BDS/Agent.elw'
    Log-Analyse und Auswertung - 18.02.2008 (2)
  13. AW: TR/Drop.Agent.dgo.8 oder ...dgo.42 oder ...dgo.21
    Mülltonne - 14.01.2008 (0)
  14. TR/Drop.Agent.dgo.8 oder ...dgo.42 oder ...dgo.21
    Plagegeister aller Art und deren Bekämpfung - 12.01.2008 (61)
  15. Hatte auch JS/Downloader.agent oder habe noch
    Plagegeister aller Art und deren Bekämpfung - 03.11.2007 (6)
  16. BDS/Agent.AY befall (oder auch: Frau braucht hilfe!!!)
    Log-Analyse und Auswertung - 17.11.2004 (8)
  17. about blank oder Troj-agent.ac - noch einen Tipp?
    Log-Analyse und Auswertung - 21.06.2004 (1)

Zum Thema agent.ruo oder bei mir: kbdqnbfb.dll - Hallo, wie einigen anderen hat es auch meinen PC erwischt und er wurde vom agent.ruo Trojaner befallen. Antivir konnte keine Lösung des Problems erbringen. Die Datei dazu, kbdqnbfb.dll, befindet sich - agent.ruo oder bei mir: kbdqnbfb.dll...
Archiv
Du betrachtest: agent.ruo oder bei mir: kbdqnbfb.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.