Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.04.2010, 11:41   #1
BRANDT
 
TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys - Standard

TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys



hallo,

immer wenn ich firefox öffne, zeigt mir antivir diesen trojaner an, löscht ihn aber nicht...

ich habe schon mal diesen log erstellen lassen:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:07:47 on 07.04.2010
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "LocalCOM.cpl" "TOSHIBA CORPORATION" C:\WINDOWS\system32\LocalCOM.cpl File exists
|||||| "nvcpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvcpl.cpl File exists
|||||| "nvtuicpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvtuicpl.cpl File exists
|||||| "RTSndMgr.cpl" "Realtek Semiconductor Corp." C:\WINDOWS\system32\RTSndMgr.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
"Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists
|||||| "Nero BurnRights" "Nero AG" C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl File exists
|||||| "QuickTime" "Apple Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "ACEDRV07" (ACEDRV07) "Protect Software GmbH" C:\WINDOWS\system32\drivers\ACEDRV07.sys File exists
|||||| "AEGIS Protocol (IEEE 802.1x) v3.6.0.0" (AegisP) "Meetinghouse Data Communications" C:\WINDOWS\System32\DRIVERS\AegisP.sys File exists
|||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists
"avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists
"avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists
|||||| "axsaki" (axsaki) " " C:\WINDOWS\System32\DRIVERS\axsaki.sys File exists
|||||| "axskbus" (axskbus) " " C:\WINDOWS\System32\DRIVERS\axskbus.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
|||||| "d347bus" (d347bus) " " C:\WINDOWS\System32\DRIVERS\d347bus.sys File exists
|||||| "d347prt" (d347prt) " " C:\WINDOWS\System32\Drivers\d347prt.sys File exists
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
|||||| "InCD File System" (InCDfs) "Nero AG" C:\WINDOWS\System32\drivers\InCDFs.sys File exists
|||||| "InCD Reader" (incdrm) "Nero AG" C:\WINDOWS\System32\drivers\InCDRm.sys File exists
|||||| "InCDPass" (InCDPass) "Nero AG" C:\WINDOWS\System32\drivers\InCDPass.sys File exists
|||||| "InCDrec" (InCDrec) "Nero AG" C:\WINDOWS\system32\drivers\InCDrec.sys File exists
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
"ntnvf" (ntnvf) "Microsoft Corporation" C:\WINDOWS\system32\drivers\ntnvf.sys File is exclusively opened, access blocked
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
"ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists
"Tosrfcom" (Tosrfcom) C:\WINDOWS\system32\drivers\Tosrfcom.sys File not found
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
|||||| "WLAN-Transport" (s24trans) "Intel Corporation" C:\WINDOWS\System32\DRIVERS\s24trans.sys File exists
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" "Microsoft Corporation" C:\WINDOWS\inf\unregmp2.exe /ShowWMP File exists
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL File exists
|||||| {12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\system32\msvidctl.dll File exists
|||||| {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL File exists
|||||| {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\system32\msvidctl.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
|||||| {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {CAE3251E-9B15-4810-B268-852AD9792A59} "InCDShellExt Class" "Nero AG" C:\Programme\Nero\Nero 7\InCD\InCDshx.dll File exists
|||||| {B3D9AEDE-B2C3-406d-A254-6BE07767B08B} "InCDUdfPerm Class" "Nero AG" C:\Programme\Nero\Nero 7\InCD\InCDUP.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office10\msohev.dll File exists
|||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File found, but it contains no detailed information
|||||| {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" "Microsoft Corporation" C:\WINDOWS\system32\wmpshell.dll File exists
|||||| {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" "Microsoft Corporation" C:\WINDOWS\system32\wmpshell.dll File exists
|||||| {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" "Microsoft Corporation" C:\WINDOWS\system32\wmpshell.dll File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
"ITBarLayout" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| "ICQ6" "ICQ, LLC." C:\Programme\ICQ6.5\ICQ.exe File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Video Finder" File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
|||| "Microsoft Office.lnk" "Microsoft Corporation" C:\Programme\Microsoft Office\Office10\OSA.EXE Shortcut exists | File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "Nero AG" "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" File exists
|| "RGSC" "Take-Two Interactive Software, Inc." D:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
"avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "DAEMON Tools-1033" "DAEMON'S HOME" "C:\Programme\D-Tools\daemon.exe" -lang 1033 File exists
|||| "InCD" "Nero AG" C:\Programme\Nero\Nero 7\InCD\InCD.exe File exists
|||||| "IntelWireless" "Intel Corporation" "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless File exists
|||| "IntelZeroConfig" "Intel Corporation" "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" File exists
|||| "Keyboard Manager Utility" "Quanta Computer, INC." "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H File exists
|| "LWBMOUSE" C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe File exists
|||| "NeroFilterCheck" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe File exists
|||| "nwiz" "NVIDIA Corporation" nwiz.exe /install File exists
|||| "QuickTime Task" "Apple Inc." "C:\Programme\QuickTime\QTTask.exe" -atboottime File exists
|||| "SecurDisc" "Nero AG" C:\Programme\Nero\Nero 7\InCD\NBHGui.exe File exists
|||| "WinampAgent" C:\Programme\Winamp\winampa.exe File found, but it contains no detailed information
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Toshiba Bluetooth Monitor" "TOSHIBA CORPORATION." C:\WINDOWS\system32\tbtmon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
|||||| "ASP.NET-Zustandsdienst" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
"Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists
"Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||||| "InCD Helper" (InCDsrv) "Nero AG" C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe File exists
|||||| "Intel(R) PROSet/Wireless Event Log" (EvtEng) "Intel Corporation" C:\Programme\Intel\Wireless\Bin\EvtEng.exe File exists
|||||| "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) "Intel Corporation" C:\Programme\Intel\Wireless\Bin\RegSrvc.exe File exists
|||||| "Intel(R) PROSet/Wireless Service" (S24EventMonitor) "Intel Corporation " C:\Programme\Intel\Wireless\Bin\S24EvMon.exe File exists
|||||| "Intel(R) PROSet/Wireless SSO Service" (WLANKEEPER) "Intel(R) Corporation" C:\Programme\Intel\Wireless\Bin\WLKeeper.exe File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe File exists
|||||| "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) "TOSHIBA CORPORATION" C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|||||| "GinaDLL" "Intel Corporation" C:\WINDOWS\system32\IWPDGINA.DLL File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru




danke im voraus!!!

Alt 07.04.2010, 12:10   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys - Standard

TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys



Hallo und

Code:
ATTFilter
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ntnvf" (ntnvf) "Microsoft Corporation" C:\WINDOWS\system32\drivers\ntnvf.sys File is exclusively opened, access blocked
         
Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM, lass die Datei (falls noch vorhanden)

C:\WINDOWS\system32\drivers\ntnvf.sys

bei https://www.virustotal.com auswerten und poste den Ergebnislink.
__________________

__________________

Alt 07.04.2010, 15:10   #3
BRANDT
 
TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys - Standard

TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys



Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:09:13 on 07.04.2010
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "LocalCOM.cpl" "TOSHIBA CORPORATION" C:\WINDOWS\system32\LocalCOM.cpl File exists
|||||| "nvcpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvcpl.cpl File exists
|||||| "nvtuicpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvtuicpl.cpl File exists
|||||| "RTSndMgr.cpl" "Realtek Semiconductor Corp." C:\WINDOWS\system32\RTSndMgr.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
"Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists
|||||| "Nero BurnRights" "Nero AG" C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl File exists
|||||| "QuickTime" "Apple Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "ACEDRV07" (ACEDRV07) "Protect Software GmbH" C:\WINDOWS\system32\drivers\ACEDRV07.sys File exists
|||||| "AEGIS Protocol (IEEE 802.1x) v3.6.0.0" (AegisP) "Meetinghouse Data Communications" C:\WINDOWS\System32\DRIVERS\AegisP.sys File exists
|||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists
"avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists
"avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists
|||||| "axsaki" (axsaki) " " C:\WINDOWS\System32\DRIVERS\axsaki.sys File exists
|||||| "axskbus" (axskbus) " " C:\WINDOWS\System32\DRIVERS\axskbus.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
|||||| "d347bus" (d347bus) " " C:\WINDOWS\System32\DRIVERS\d347bus.sys File exists
|||||| "d347prt" (d347prt) " " C:\WINDOWS\System32\Drivers\d347prt.sys File exists
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
|||||| "InCD File System" (InCDfs) "Nero AG" C:\WINDOWS\System32\drivers\InCDFs.sys File exists
|||||| "InCD Reader" (incdrm) "Nero AG" C:\WINDOWS\System32\drivers\InCDRm.sys File exists
|||||| "InCDPass" (InCDPass) "Nero AG" C:\WINDOWS\System32\drivers\InCDPass.sys File exists
|||||| "InCDrec" (InCDrec) "Nero AG" C:\WINDOWS\system32\drivers\InCDrec.sys File exists
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
"ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists
"Tosrfcom" (Tosrfcom) C:\WINDOWS\system32\drivers\Tosrfcom.sys File not found
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
|||||| "WLAN-Transport" (s24trans) "Intel Corporation" C:\WINDOWS\System32\DRIVERS\s24trans.sys File exists
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" "Microsoft Corporation" C:\WINDOWS\inf\unregmp2.exe /ShowWMP File exists
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL File exists
|||||| {12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\system32\msvidctl.dll File exists
|||||| {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL File exists
|||||| {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" "Microsoft Corporation" C:\WINDOWS\system32\msvidctl.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
|||||| {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {CAE3251E-9B15-4810-B268-852AD9792A59} "InCDShellExt Class" "Nero AG" C:\Programme\Nero\Nero 7\InCD\InCDshx.dll File exists
|||||| {B3D9AEDE-B2C3-406d-A254-6BE07767B08B} "InCDUdfPerm Class" "Nero AG" C:\Programme\Nero\Nero 7\InCD\InCDUP.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office10\msohev.dll File exists
|||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File found, but it contains no detailed information
|||||| {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" "Microsoft Corporation" C:\WINDOWS\system32\wmpshell.dll File exists
|||||| {8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" "Microsoft Corporation" C:\WINDOWS\system32\wmpshell.dll File exists
|||||| {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" "Microsoft Corporation" C:\WINDOWS\system32\wmpshell.dll File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
"ITBarLayout" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| "ICQ6" "ICQ, LLC." C:\Programme\ICQ6.5\ICQ.exe File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Video Finder" File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
|||| "Microsoft Office.lnk" "Microsoft Corporation" C:\Programme\Microsoft Office\Office10\OSA.EXE Shortcut exists | File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "Nero AG" "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" File exists
|| "RGSC" "Take-Two Interactive Software, Inc." D:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
"avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "DAEMON Tools-1033" "DAEMON'S HOME" "C:\Programme\D-Tools\daemon.exe" -lang 1033 File exists
|||| "InCD" "Nero AG" C:\Programme\Nero\Nero 7\InCD\InCD.exe File exists
|||||| "IntelWireless" "Intel Corporation" "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless File exists
|||| "IntelZeroConfig" "Intel Corporation" "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" File exists
|||| "Keyboard Manager Utility" "Quanta Computer, INC." "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H File exists
|| "LWBMOUSE" C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe File exists
|||| "NeroFilterCheck" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe File exists
|||| "nwiz" "NVIDIA Corporation" nwiz.exe /install File exists
|||| "QuickTime Task" "Apple Inc." "C:\Programme\QuickTime\QTTask.exe" -atboottime File exists
|||| "SecurDisc" "Nero AG" C:\Programme\Nero\Nero 7\InCD\NBHGui.exe File exists
|||| "WinampAgent" C:\Programme\Winamp\winampa.exe File found, but it contains no detailed information
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Toshiba Bluetooth Monitor" "TOSHIBA CORPORATION." C:\WINDOWS\system32\tbtmon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
|||||| "ASP.NET-Zustandsdienst" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
"Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists
"Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||||| "InCD Helper" (InCDsrv) "Nero AG" C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe File exists
|||||| "Intel(R) PROSet/Wireless Event Log" (EvtEng) "Intel Corporation" C:\Programme\Intel\Wireless\Bin\EvtEng.exe File exists
|||||| "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) "Intel Corporation" C:\Programme\Intel\Wireless\Bin\RegSrvc.exe File exists
|||||| "Intel(R) PROSet/Wireless Service" (S24EventMonitor) "Intel Corporation " C:\Programme\Intel\Wireless\Bin\S24EvMon.exe File exists
|||||| "Intel(R) PROSet/Wireless SSO Service" (WLANKEEPER) "Intel(R) Corporation" C:\Programme\Intel\Wireless\Bin\WLKeeper.exe File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe File exists
|||||| "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) "TOSHIBA CORPORATION" C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|||||| "GinaDLL" "Intel Corporation" C:\WINDOWS\system32\IWPDGINA.DLL File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
__________________

Alt 07.04.2010, 15:11   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys - Standard

TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys



Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.04.2010, 14:15   #5
BRANDT
 
TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys - Standard

TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys



Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3968

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

08.04.2010 15:14:13
mbam-log-2010-04-08 (15-14-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 175628
Laufzeit: 39 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{BAC3D06A-DA60-4B35-8AB9-5E20000B0634}\RP144\A0020912.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


Alt 08.04.2010, 18:38   #6
BRANDT
 
TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys - Standard

TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys



SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/08/2010 at 04:38 PM

Application Version : 4.35.1002

Core Rules Database Version : 4781
Trace Rules Database Version: 2593

Scan type : Complete Scan
Total Scan Time : 01:13:49

Memory items scanned : 558
Memory threats detected : 0
Registry items scanned : 5393
Registry threats detected : 0
File items scanned : 78085
File threats detected : 39

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@atdmt[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@apmebf[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@de.at.atwola[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@adtech[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@tradedoubler[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@www.etracker[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@webmasterplan[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@tracking.quisma[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@zbox.zanox[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@yadro[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@at.atwola[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@microsoftwindows.112.2o7[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@adserver.71i[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@adfarm1.adition[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@bs.serving-sys[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@content.yieldmanager[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@atwola[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@serving-sys[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@tracking.mindshare[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@traffictrack[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@himedia.individuad[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@fastclick[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@zanox-affiliate[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@mediaplex[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@advertising[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@sevenoneintermedia.112.2o7[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@ak[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@zanox[2].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@ww251.smartadserver[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@html[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@pcwelt[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@tacoda[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@tele2de.112.2o7[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@rambler[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@tto2.traffictrack[1].txt

Alt 08.04.2010, 18:42   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys - Standard

TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys



SASW fand nur Cookies
Rechner wieder gesund, verhält er sich wieder normal?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.04.2010, 10:16   #8
BRANDT
 
TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys - Standard

TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys



sehr gut!!!

ja läuft wieder wie gewohnt


danke für die schnelle hilfe!!!!!!
echt super

Alt 09.04.2010, 11:08   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys - Standard

TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys



Dann prüf bitte jetzt die Updates! Dir fehlt min. der IE8! Auch wenn Du ihn nicht verwendest auf den IE8 aktualisieren, da es eine Windows-Kernkomponente ist!

Hallo und

Bitte diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! )

Falls Du Probleme mit Malwarebytes hast (startet nicht, Updates laden nicht etc.), das hier beachten > http://www.trojaner-board.de/82699-m...tet-nicht.html

Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen!


Falls RSIT nicht startet: im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen

Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys
administrator, adobe, antivir, antivir guard, antivirus, autorun, avgntflt.sys, avira, browser, computer, desktop, desktop.ini, einstellungen, firefox, fontcache, gupdate, helper, home, malware, mozilla, nvidia, realtek, registry, registry key, rundll, sched.exe, software, system, tr/agent.ruo, trojaner, windows, windows xp, wmpshell.dll




Ähnliche Themen: TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys


  1. Trojaner/Rootkit TR/Agent.37888.248 in C:\WINDOWS\system32\drivers\a127b2c0fb888938.sys
    Log-Analyse und Auswertung - 05.07.2014 (15)
  2. C:\Windows\System32\Drivers\spxi.sys
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (2)
  3. Rootkit Agent in C:\WINDOWS\system32\drivers\lpvmtsvd.sys
    Plagegeister aller Art und deren Bekämpfung - 19.08.2010 (13)
  4. Rootkit in C:\Windows\system32\drivers\afkw4fu9.sys ?
    Log-Analyse und Auswertung - 08.08.2010 (4)
  5. TR/Rootkit.Gen in C:\Windows\System32\drivers\ezokdc.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (6)
  6. Tr/rootkit.gen windows/system32/Drivers.lnuuf.sys (rootkit Agent)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (1)
  7. Rootkit.Agent../System32/Drivers/
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (46)
  8. Tr/Agent.ruo in C:\Windows\System32\drivers\d3dsviob.sys gefunden.
    Plagegeister aller Art und deren Bekämpfung - 25.05.2010 (11)
  9. Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys
    Plagegeister aller Art und deren Bekämpfung - 24.05.2010 (12)
  10. virus in windows/system32/drivers und svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (1)
  11. C:\WINDOWS\system32\drivers\**; befürchte Rootkit
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (18)
  12. Rootkit.Win32.Agent.besn in system32\drivers\aec.sys / syspck32 im Autostart
    Plagegeister aller Art und deren Bekämpfung - 01.04.2010 (8)
  13. Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.04.2010 (6)
  14. Rootkit.Agent im system32\drivers\qkavedba.sys
    Plagegeister aller Art und deren Bekämpfung - 14.03.2010 (1)
  15. TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts
    Plagegeister aller Art und deren Bekämpfung - 12.09.2009 (15)
  16. hartnäckiger Trojaner (TR/Agent.84992.9) in C:\Windows\System32\drivers\
    Plagegeister aller Art und deren Bekämpfung - 25.05.2009 (0)
  17. RKIT/Agent.483856 in C:\WINDOWS\system32\drivers\ntnxf.sys
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (1)

Zum Thema TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys - hallo, immer wenn ich firefox öffne, zeigt mir antivir diesen trojaner an, löscht ihn aber nicht... ich habe schon mal diesen log erstellen lassen: Report of OSAM : Autorun Manager - TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys...
Archiv
Du betrachtest: TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.