Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Agent.ruo (2 mal D:)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.04.2010, 20:56   #1
Rosswurst
 
TR/Agent.ruo (2 mal D:) - Standard

TR/Agent.ruo (2 mal D:)



Ich bin neu hier, und habe ein problem ich habe 2 viren des typs TR/Agent.ruo im verzeichnis
C:\WINDOWS\System32\ntngb.dll und
C:\WINDOWS\System32\drivers\sysakmdl.sys
ich habe mal ein logfile gemacht

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:44:59 on 02.04.2010
OS: Windows Vista Home Premium Edition (Build 6000), 32-bit
Default Browser: Mozilla Corporation Firefox 3.0.18

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "nvcpl.cpl" "NVIDIA Corporation" C:\Windows\system32\nvcpl.cpl File exists
|||||| "PhysX.cpl" "NVIDIA Corporation" C:\Windows\system32\PhysX.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Adobe Gamma" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "artr1ms7" (artr1ms7) "Microsoft Corporation" C:\Windows\system32\drivers\artr1ms7.sys Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "atksgt" (atksgt) C:\Windows\System32\DRIVERS\atksgt.sys File found, but it contains no detailed information
|||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists
|||||| "FssFltr" (fssfltr) "Microsoft Corporation" C:\Windows\System32\DRIVERS\fssfltr.sys File exists
|||||| "Hamachi Network Interface" (hamachi) "LogMeIn, Inc." C:\Windows\System32\DRIVERS\hamachi.sys File exists
"IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found
"IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
"IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
"ISO DVD/CD-ROM Device Driver" (ISODrive) "EZB Systems, Inc." C:\Program Files\UltraISO\drivers\ISODrive.sys File exists
|||||| "lirsgt" (lirsgt) C:\Windows\System32\DRIVERS\lirsgt.sys File found, but it contains no detailed information
|||||| "PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver" (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) "PC-Doctor, Inc." C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms File exists
"PnkBstrK" (PnkBstrK) C:\Windows\system32\drivers\PnkBstrK.sys File found, but it contains no detailed information
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists
"Symantec Network Security Intermediate Filter Service" (SymIM) C:\Windows\System32\DRIVERS\SymIM.sys File not found
"SymIMMP" (SymIMMP) C:\Windows\System32\DRIVERS\SymIM.sys File not found
"sysakmdl" (sysakmdl) C:\Windows\system32\drivers\sysakmdl.sys File not found
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
|||||| {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found
|||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Program Files\7-Zip\7-zip.dll File exists
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found
|||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found
|||||| {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll File exists
|||||| {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" "NVIDIA Corporation" C:\Windows\system32\nvcpl.dll File exists
|||||| {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll File exists
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found
{00020d75-0000-0000-c000-000000000046} "lnkfile" File not found | COM-object registry key not found
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" "NVIDIA Corporation" C:\Windows\system32\nvshext.dll File exists
|||||| {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" "NVIDIA Corporation" C:\Windows\system32\nvcpl.dll File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" "XSS" C:\Windows\System32\ShellvRTF.dll File exists
|||||| {30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll File exists
|||||| {30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll File exists
|||||| {30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll File exists
|||||| {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll File exists
|||||| {3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll File exists
|||||| {3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll File exists
|||||| {3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll File exists
|||||| {3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll File exists
|||||| {3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll File exists
|||||| {3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll File exists
|||||| {30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll File exists
|||||| {C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll File exists
|||||| {C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll File exists
|||||| {C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll File exists
|||||| {C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll File exists
|||||| {C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll File exists
|||||| {C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll File exists
|||||| {C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll File exists
|||||| {C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll File exists
|||||| {C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" "hxxp://tortoisesvn.net" C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll File exists
|||||| {AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" "EZB Systems, Inc." C:\Program Files\UltraISO\isoshell.dll File exists
|||||| {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Program Files\WinRAR\rarext.dll File exists
|||||| {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "&Windows Live Toolbar" "Microsoft Corporation" C:\Program Files\Windows Live\Toolbar\wltcore.dll File exists
"AOL Toolbar" "AOL LLC" C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File exists
"Ask Toolbar" "Ask.com" C:\Program Files\Ask.com\GenericAskToolbar.dll File exists
|| "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVD1.dll File exists
"ITBar7Layout" File not found | COM-object registry key not found
|| "PHPNukeDE Toolbar" "Conduit Ltd." C:\Program Files\PHPNukeDE\tbPHPN.dll File exists
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
|| {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVD1.dll File exists
|||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File exists
|| {c9508125-4747-4733-b048-e4b82dc9716d} "PHPNukeDE Toolbar" "Conduit Ltd." C:\Program Files\PHPNukeDE\tbPHPN.dll File exists
{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" "Ask.com" C:\Program Files\Ask.com\GenericAskToolbar.dll File exists
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_18.dll File exists
|||| {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class"
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab "Husdawg, LLC" C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll File exists
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}"
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
|||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" "AOL LLC" C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File exists
"BitComet" res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 File not found
{E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" "kikin" C:\Program Files\kikin\ie_kikin.dll File exists
|||| "ICQ6" "ICQ, LLC." C:\Program Files\ICQ6.5\ICQ.exe File exists
|||| {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" "Microsoft Corporation" C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| "&Windows Live Toolbar" "Microsoft Corporation" C:\Program Files\Windows Live\Toolbar\wltcore.dll File exists
{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" "AOL LLC" C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File exists
"Ask Toolbar" "Ask.com" C:\Program Files\Ask.com\GenericAskToolbar.dll File exists
|| {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVD1.dll File exists
|||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File exists
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" File not found | COM-object registry key not found
|| {c9508125-4747-4733-b048-e4b82dc9716d} "PHPNukeDE Toolbar" "Conduit Ltd." C:\Program Files\PHPNukeDE\tbPHPN.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} "AOL Toolbar Launcher" "AOL LLC" C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File exists
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" "Ask.com" C:\Program Files\Ask.com\GenericAskToolbar.dll File exists
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} "BitComet Helper" "BitComet" C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll File exists
|| {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVD1.dll File exists
|||| {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" C:\Program Files\Free Download Manager\iefdm2.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
{E601996F-E400-41CA-804B-CD6373A7EEE2} "kikin Plugin" "kikin" C:\Program Files\kikin\ie_kikin.dll File exists
|| {c9508125-4747-4733-b048-e4b82dc9716d} "PHPNukeDE Toolbar" "Conduit Ltd." C:\Program Files\PHPNukeDE\tbPHPN.dll File exists
|| {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" "Microsoft Corporation" C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
|||| {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" "Microsoft Corporation" C:\Program Files\Windows Live\Toolbar\wltcore.dll File exists
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" File not found | COM-object registry key not found
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" File not found | COM-object registry key not found
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||| "Adobe Gamma.lnk" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Shortcut exists | File exists
|||||| "desktop.ini" C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
"McAfee Security Scan Plus.lnk" "McAfee, Inc." C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "DAEMON Tools Lite" "DT Soft Ltd" "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun File exists
"EA Core" "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
|||| "Free Download Manager" "FreeDownloadManager.ORG" C:\Program Files\Free Download Manager\fdm.exe -autorun File exists
|||||| "HPADVISOR" "Hewlett-Packard" C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY File exists
|||| "ICQ" "ICQ, LLC." "C:\Program Files\ICQ6.5\ICQ.exe" silent File exists
|||| "msnmsgr" "Microsoft Corporation" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File exists
|||| "Skype" "Skype Technologies S.A." "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File exists
"Steam" "Valve Corporation" "c:\program files\steam\steam.exe" -silent File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
|||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists
"HP Health Check Scheduler" [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
|||| "HP Software Update" "Hewlett-Packard" C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File exists
|||||| "hpsysdrv" "Hewlett-Packard Company" c:\hp\support\hpsysdrv.exe File exists
|||| "IAAnotif" "Intel Corporation" "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" File exists
|| "KBD" C:\HP\KBD\KbdStub.EXE File found, but it contains no detailed information
"LogMeIn Hamachi Ui" "LogMeIn Inc." "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start File exists
|||| "OsdMaestro" "OsdMaestro" "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "Adobe LM Service" (Adobe LM Service) "Adobe Systems" C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists
|| "GameConsoleService" (GameConsoleService) "WildTangent, Inc." C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||||| "HP Health Check Service" (HP Health Check Service) "Hewlett-Packard" c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe File exists
|||| "ICQ Service" (ICQ Service) C:\Program Files\ICQ6Toolbar\ICQ Service.exe File exists
|||||| "Intel(R) Matrix Storage Event Monitor" (IAANTMON) "Intel Corporation" C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe File exists
|||||| "LightScribeService Direct Disc Labeling Service" (LightScribeService) "Hewlett-Packard Company" C:\Program Files\Common Files\LightScribe\LSSrvc.exe File exists
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) "LogMeIn Inc." C:\Program Files\LogMeIn Hamachi\hamachi-2.exe File exists
"McAfee Security Scan Component Host Service" (McComponentHostService) "McAfee, Inc." C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe File exists
|||||| "NVIDIA Display Driver Service" (nvsvc) "NVIDIA Corporation" C:\Windows\system32\nvvsvc.exe File exists
|||||| "PnkBstrA" (PnkBstrA) C:\Windows\system32\PnkBstrA.exe File found, but it contains no detailed information
|||||| "PnkBstrB" (PnkBstrB) C:\Windows\system32\PnkBstrB.exe File found, but it contains no detailed information
|||||| "SeaPort" (SeaPort) "Microsoft Corporation" C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe File exists
"Shockvoice Service" (Shockvoice Service) C:\Program Files\Shockvoice Server\shockvoice_service.exe File exists
"Steam Client Service" (Steam Client Service) "Valve Corporation" C:\Program Files\Common Files\Steam\SteamService.exe File exists
|||||| "TeamViewer 5" (TeamViewer5) "TeamViewer GmbH" C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe File exists
|||||| "Windows Live Family Safety-Dienst" (fsssvc) "Microsoft Corporation" C:\Program Files\Windows Live\Family Safety\fsssvc.exe File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 03.04.2010, 16:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.ruo (2 mal D:) - Standard

TR/Agent.ruo (2 mal D:)



Hallo und

Code:
ATTFilter
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"sysakmdl" (sysakmdl) C:\Windows\system32\drivers\sysakmdl.sys File not found
         
Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM und lass die Datei (falls noch vorhanden)


C:\Windows\system32\drivers\sysakmdl.sys


bei https://www.Virustotal.com auswerten. Bitte dann den Ergebnislink posten.
__________________

__________________

Antwort

Themen zu TR/Agent.ruo (2 mal D:)
7-zip, adobe, antivir, antivir guard, ask toolbar, ask.com, autorun, avgntflt.sys, avira, bho, browser, conduit, desktop, desktop.ini, device driver, firefox, free download, gupdate, helper, home, home premium, jusched.exe, logfile, malware, monitor, mozilla, plug-in, problem, programdata, registry, registry key, seaport.exe, security, security scan, server, skype.exe, software, sptd.sys, start menu, symantec, system, systray, tunnel, viren, vista, windows, windows vista home



Ähnliche Themen: TR/Agent.ruo (2 mal D:)


  1. Avira Funde: TR/Spy.Agent.1246416 und TR/Spy.Agent.1793892
    Plagegeister aller Art und deren Bekämpfung - 09.10.2015 (17)
  2. Sefnit-HU, Agent-ASEB, Agent-ARQX von Avast gefunden...
    Plagegeister aller Art und deren Bekämpfung - 20.11.2013 (23)
  3. Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun?
    Log-Analyse und Auswertung - 05.03.2013 (18)
  4. Antivir findet ADWARE/Agent.Gaba.peg und TR/Agent.370144
    Log-Analyse und Auswertung - 09.07.2012 (5)
  5. TR/Agent.379392.F, TR/Drop.Agent.dil, TR/Crypt.ZPACK.Gen2 bei AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (43)
  6. mehrere Trojaner gefunden: Spy.Agent.OGS, Spy.Banker.Gen2, Graftor.9201.6, Agent.237568.6
    Log-Analyse und Auswertung - 20.12.2011 (23)
  7. pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (3)
  8. Trojanische Pferde (3) mit AVIRA gefunden: TR/Agent.ccg TR/Dropper.Gen TR/Agent.98816.14.B
    Plagegeister aller Art und deren Bekämpfung - 27.10.2010 (21)
  9. offenes system? TR/Agent.bfpp HTML/Ydergda.B TR/Riner.ZK TR/Riern.H.7 JAVA/Agent.BH
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (1)
  10. RKIT/agent.biiu, TR/agent.ruo, TR/Crypt.ZPACK.Gen alle guten Dinge sind drei hahahaha
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (25)
  11. TR/Dldr.MSIL.Agent.ON - TR/Agent.204800.BH - noch mehr?
    Plagegeister aller Art und deren Bekämpfung - 09.07.2010 (29)
  12. Verseuchter Rechner mit TR/Click.Agent.AC, TR/Dlder.Mediket.A, ADSPY/Agent.L usw.
    Plagegeister aller Art und deren Bekämpfung - 08.07.2010 (23)
  13. Trojanerr Epidemie- Agent.AN260, 261, 262, Agent.dyur, Bubnix.S
    Plagegeister aller Art und deren Bekämpfung - 20.05.2010 (25)
  14. TR/Agent.RUO.3 in der Datei 'C:\Windows\System32\wineon.dll' und DR/Agent.ruo ...
    Plagegeister aller Art und deren Bekämpfung - 13.04.2010 (6)
  15. 5 Trojaner ( u.a. TR/Agent.25600.24, TR/Agent.38400.6...) + Rootkit
    Plagegeister aller Art und deren Bekämpfung - 01.03.2010 (1)
  16. BDS/Agent.rfw ; BDS/Agent.rfv ; TR/Agent.wyn ; TR/Dldr.FraudLoad.vbxt
    Log-Analyse und Auswertung - 13.10.2009 (1)
  17. 3 Trojaner: Agent NBU / Agent.BI und WinShow.NAL - kriegs nicht gelöscht :(
    Log-Analyse und Auswertung - 20.03.2005 (1)

Zum Thema TR/Agent.ruo (2 mal D:) - Ich bin neu hier, und habe ein problem ich habe 2 viren des typs TR/Agent.ruo im verzeichnis C:\WINDOWS\System32\ntngb.dll und C:\WINDOWS\System32\drivers\sysakmdl.sys ich habe mal ein logfile gemacht Report of OSAM : - TR/Agent.ruo (2 mal D:)...
Archiv
Du betrachtest: TR/Agent.ruo (2 mal D:) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.