Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Agent.ruo in C:\Windows\system32\ntnluj.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.03.2010, 16:51   #1
Boreas
 
TR/Agent.ruo in C:\Windows\system32\ntnluj.dll - Standard

TR/Agent.ruo in C:\Windows\system32\ntnluj.dll



Hallo, ich bin neu hier und habe gesehen, dass mehrere Leute probleme mit dme selben Trojaner haben, aber in anderen dateien ... wie auch einige der Vorposter hoffe ich daher, dass es in Ordnung ist, dass ich meinen eigenen Thread eröffne...

wie in diesem Thread beschrieben http://www.trojaner-board.de/69886-a...-beachten.html habe ich eine analyse meines systems ausgeführt und alles gelöscht:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3923
Windows 6.0.6000
Internet Explorer 7.0.6000.16890

28.03.2010 16:40:08
mbam-log-2010-03-28 (16-40-08).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 111370
Laufzeit: 6 minute(s), 50 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8f67e146-fb6c-418f-9fe5-37aa2206d92e} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.


Und dann noch ein Scan mit OSAM:


Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:49:42 on 28.03.2010
OS: Windows Vista Home Premium Edition (Build 6000), 32-bit
Default Browser: Opera Software Opera Internet Browser 10.51

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries
Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "Google Software Updater.job" "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "BDEADMIN.CPL" C:\Windows\system32\BDEADMIN.CPL File exists
|||||| "PhysX.cpl" "NVIDIA Corporation" C:\Windows\system32\PhysX.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Nero BurnRights" "Nero AG" C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl File exists
|||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists
|| "ToSysCnf" "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToSysCnf.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "atksgt" (atksgt) C:\Windows\System32\DRIVERS\atksgt.sys File found, but it contains no detailed information
|||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists
"avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists
"avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists
"EagleNT" (EagleNT) C:\Windows\system32\drivers\EagleNT.sys File not found
|||||| "Hamachi Network Interface" (hamachi) "LogMeIn, Inc." C:\Windows\System32\DRIVERS\hamachi.sys File exists
|||||| "HH9Help.sys" (HH9Help.sys) "H+H Software GmbH" C:\Windows\system32\drivers\HH9Help.sys File exists
"IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found
"IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
"IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
|||||| "ISO DVD/CD-ROM Device Driver" (ISODrive) "EZB Systems, Inc." C:\Program Files\UltraISO\drivers\ISODrive.sys File exists
"kbdqgmj" (kbdqgmj) "Microsoft Corporation" C:\Windows\system32\drivers\kbdqgmj.sys File exists
|||||| "lirsgt" (lirsgt) C:\Windows\System32\DRIVERS\lirsgt.sys File found, but it contains no detailed information
|||||| "MBAMSwissArmy" (MBAMSwissArmy) "Malwarebytes Corporation" C:\Windows\system32\drivers\mbamswissarmy.sys File exists
"mdxgthkn" (mdxgthkn) C:\Users\CHRIST~1\AppData\Local\Temp\mdxgthkn.sys File not found
|||||| "MIINPazX NDIS Protocol Driver" (MIINPazX) "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS File exists
|||||| "MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS File exists
|||||| "REDLIGHT" (REDLIGHT) "BufferZone" C:\Windows\System32\drivers\REDLIGHT.SYS File exists
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked
"ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists
|||||| "StarForce Protection Environment Driver v6" (prodrv06) "Protection Technology" C:\Windows\System32\drivers\prodrv06.sys File exists
|||||| "StarForce Protection Helper Driver" (sfhlp01) "Protection Technology" C:\Windows\System32\drivers\sfhlp01.sys File exists
|||||| "StarForce Protection Helper Driver v2" (prohlp02) "Protection Technology" C:\Windows\System32\drivers\prohlp02.sys File exists
|||||| "StarForce Protection Synchronization Driver v1" (prosync1) "Protection Technology" C:\Windows\System32\drivers\prosync1.sys File exists
|||||| "StyleXPHelper" (StyleXPHelper) "Windows (R) 2000 DDK provider" C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe File exists
|||||| "vdrv9000" (vdrv9000) "H+H Software GmbH" C:\Windows\System32\DRIVERS\vdrv9000.sys Hidden registry entry, rootkit activity | File signed by Microsoft
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists
|||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File exists
|||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found
|||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Program Files\7-Zip\7-zip.dll File exists
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found
|||||| {E2958773-ACDB-4553-A069-A1EEB4AFBA0F} "BufferZone context menu" C:\Windows\system32\RlShellExt.dll File exists
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found
|||||| {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" C:\PROGRA~1\FREEM4~1\m4a_menu.dll File found, but it contains no detailed information
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found
{00020d75-0000-0000-c000-000000000046} "lnkfile" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists
|||||| {37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF} "SxBufferZoneOverlay" C:\Windows\system32\RlShellExt.dll File exists
|||||| {F594B094-8768-4632-8143-12852EBBD688} "SxConfidentialOverlay" C:\Windows\system32\RlShellExt.dll File exists
|||||| {F1A1DA12-E651-4AD0-A1A0-6214546B2F9D} "SxForbiddenOverlay" C:\Windows\system32\RlShellExt.dll File exists
|||||| {E4FC4B31-8A4F-45E6-BDAC-28F612371FE3} "SxUnknownOverlay" C:\Windows\system32\RlShellExt.dll File exists
|||||| {AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" "EZB Systems, Inc." C:\Program Files\UltraISO\isoshell.dll File exists
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Program Files\WinRAR\rarext.dll File found, but it contains no detailed information
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
"ITBar7Layout" File not found | COM-object registry key not found
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_15.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File exists
|||| "ICQ6" "ICQ, LLC." C:\Program Files\ICQ6.5\ICQ.exe File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||| "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE Shortcut exists | File exists
|||||| "desktop.ini" C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|| "T-Online_Software_6\WLAN-Access Finder" "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
"avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|| "FreePDF Assistant" "shbox.de" C:\Program Files\FreePDF_XP\fpassist.exe File exists
|||| "NeroFilterCheck" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File exists
|||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists
|||| "StartCCC" c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File found, but it contains no detailed information
|| "ToADiMon.exe" "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
|||||| "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "PDFConverter" C:\Windows\system32\pdfmonnt.dll File found, but it contains no detailed information
|||||| "PDFCreator" C:\Windows\system32\pdfcmnnt.dll File found, but it contains no detailed information
|||||| "Redirected Port" C:\Windows\system32\redmonnt.dll File found, but it contains no detailed information
|||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) "Symantec Corporation" C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe File exists
"Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists
"Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists
|||||| "Cyberlink RichVideo Service(CRVS)" (RichVideo) C:\Program Files\CyberLink\Shared Files\RichVideo.exe File exists
|||||| "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) "MAGIX®" D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe File exists
|||||| "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) "Fujitsu Siemens Computers" C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe File exists
|||| "getPlus(R) Helper" (getPlus(R) Helper) "NOS Microsystems Ltd." C:\Program Files\NOS\bin\getPlus_HelperSvc.exe File exists
|||| "Google Software Updater" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||| "Google Update Service (gupdate1c9907fa83fb576)" (gupdate1c9907fa83fb576) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe File exists
|||||| "LiveUpdate" (LiveUpdate) "Symantec Corporation" C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File exists
|| "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) "LogMeIn Inc." C:\Program Files\LogMeIn Hamachi\hamachi-2.exe File exists
|||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File exists
"nProtect GameGuard Service" (npggsvc) "INCA Internet Co., Ltd." C:\Windows\system32\GameMon.des File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "PnkBstrA" (PnkBstrA) C:\Windows\system32\PnkBstrA.exe File found, but it contains no detailed information
|||||| "StyleXPService" (StyleXPService) C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe File exists
"Symantec Lic NetConnect service" (CLTNetCnService) "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon File not found
|||||| "Virtual CD v9 Management Service" (VC9SecS) "H+H Software GmbH" C:\Program Files\Virtual CD v9\System\VC9SecS.exe File exists


If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 29.03.2010, 14:36   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.ruo in C:\Windows\system32\ntnluj.dll - Standard

TR/Agent.ruo in C:\Windows\system32\ntnluj.dll



Hallo und

- mit Malwarebytes solltest Du ein Vollscan machen
- poste bitte RSIT Logfiles
__________________

__________________

Alt 29.03.2010, 20:21   #3
Boreas
 
TR/Agent.ruo in C:\Windows\system32\ntnluj.dll - Standard

TR/Agent.ruo in C:\Windows\system32\ntnluj.dll



Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3923
Windows 6.0.6000
Internet Explorer 7.0.6000.16890

29.03.2010 20:08:23
mbam-log-2010-03-29 (20-08-23).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 332926
Laufzeit: 1 hour(s), 33 minute(s), 50 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




Logfile of random's system information tool 1.06 (written by random/random)
Run by Christian at 2010-03-29 20:10:26
Microsoft® Windows Vista™ Home Premium
System drive C: has 29 GB (20%) free of 146 GB
Total RAM: 2046 MB (6% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:55, on 29.03.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Christian\Desktop\RSIT.exe
C:\Program Files\trend micro\Christian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized (User 'Default user')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9907fa83fb576) (gupdate1c9907fa83fb576) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\VC9SecS.exe

--
End of file - 8291 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{63A92369-401C-4AB5-9774-BDD26B9FDE26}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-27 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-08-20 1006264]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]
"FreePDF Assistant"=C:\Program Files\FreePDF_XP\fpassist.exe [2007-06-26 312320]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"ToADiMon.exe"=C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [2007-02-15 282624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"T-Online_Software_6\WLAN-Access Finder"=C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe [2007-07-25 671796]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-03-16 1232896]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
D:\Program Files\MAGIX\Filme_fuer_unterwegs_3\TrayServer.exe [2008-01-17 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58de99aa-3433-11df-9e8c-00030d796ac9}]
shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72a97bb0-03e8-11dd-a257-00030d796ac9}]
shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7703a64b-75c7-11de-936e-00030d796ac9}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bUiqI.Exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0569010-156c-11df-9aff-00030d796ac9}]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba6169ac-b585-11dd-bf49-00030d796ac9}]
shell\AutoRun\command - F:\Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de60ab26-0a5d-11df-b4fc-00030d796ac9}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bUIqI.eXE


======List of files/folders created in the last 1 months======

2010-03-29 20:10:30 ----D---- C:\Program Files\trend micro
2010-03-29 20:10:26 ----D---- C:\rsit
2010-03-28 16:39:28 ----D---- C:\Program Files\Common Files\Online Solutions Shared
2010-03-28 16:30:47 ----D---- C:\Users\Christian\AppData\Roaming\Malwarebytes
2010-03-28 16:30:40 ----D---- C:\ProgramData\Malwarebytes
2010-03-25 10:07:36 ----D---- C:\Users\Christian\AppData\Roaming\Avira
2010-03-18 00:18:29 ----D---- C:\Program Files\RealVNC
2010-03-02 22:02:11 ----D---- C:\Program Files\LogMeIn Hamachi

======List of files/folders modified in the last 1 months======

2010-03-29 20:10:38 ----D---- C:\Windows\Temp
2010-03-29 20:10:35 ----D---- C:\Windows\Prefetch
2010-03-29 20:10:30 ----RD---- C:\Program Files
2010-03-29 20:09:31 ----D---- C:\Users\Christian\AppData\Roaming\Skype
2010-03-29 19:34:23 ----D---- C:\Users\Christian\AppData\Roaming\teamspeak2
2010-03-29 16:01:12 ----D---- C:\Users\Christian\AppData\Roaming\skypePM
2010-03-29 13:49:25 ----D---- C:\Windows\Tasks
2010-03-29 13:49:19 ----D---- C:\ProgramData\Google Updater
2010-03-29 10:47:46 ----D---- C:\Windows\System32
2010-03-29 10:47:09 ----D---- C:\Program Files\Mozilla Firefox
2010-03-29 10:45:59 ----D---- C:\Windows\inf
2010-03-29 10:45:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-29 02:00:18 ----SHD---- C:\System Volume Information
2010-03-28 16:52:53 ----D---- C:\Windows\793CFFC9A72F431D9C742E9361E67D04.TMP
2010-03-28 16:52:52 ----D---- C:\Windows\system32\drivers
2010-03-28 16:39:33 ----SHD---- C:\Windows\Installer
2010-03-28 16:39:28 ----D---- C:\Program Files\Common Files
2010-03-28 16:31:12 ----A---- C:\Windows\NeroDigital.ini
2010-03-28 16:30:40 ----RHD---- C:\ProgramData
2010-03-28 10:42:27 ----D---- C:\Windows\system32\catroot2
2010-03-28 02:26:54 ----D---- C:\Windows\Minidump
2010-03-28 02:26:54 ----D---- C:\Windows
2010-03-28 02:06:51 ----D---- C:\Program Files\Warcraft III
2010-03-28 01:31:38 ----D---- C:\ProgramData\FreePDF
2010-03-25 10:41:05 ----D---- C:\Program Files\Mozilla Thunderbird
2010-03-25 10:14:07 ----D---- C:\Program Files\Opera
2010-03-25 09:59:02 ----D---- C:\Windows\winsxs
2010-03-24 14:36:49 ----D---- C:\Users\Christian\AppData\Roaming\dvdcss
2010-03-24 00:56:00 ----D---- C:\Users\Christian\AppData\Roaming\uTorrent
2010-03-23 13:36:03 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-20 17:58:22 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-03-19 16:05:24 ----D---- C:\Users\Christian\AppData\Roaming\FileZilla
2010-03-19 00:09:25 ----D---- C:\Users\Christian\AppData\Roaming\ICQ
2010-03-13 00:32:08 ----D---- C:\Users\Christian\AppData\Roaming\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe [2005-10-31 10880]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-11 281760]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-11 25888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-11 2589696]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-03-16 14208]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-09-02 176128]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-03-16 11264]
S1 kbdqgmj;kbdqgmj; \??\C:\Windows\system32\drivers\kbdqgmj.sys [2006-11-02 497664]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HH9Help.sys;HH9Help.sys; \??\C:\Windows\system32\drivers\HH9Help.sys [2006-09-20 11392]
S3 mdxgthkn;mdxgthkn; \??\C:\Users\CHRIST~1\AppData\Local\Temp\mdxgthkn.sys []
S3 MIINPazX;MIINPazX NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 17152]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 nvatabus;nvatabus; C:\Windows\system32\drivers\nvatabus.sys [2006-07-14 105088]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-03-31 100992]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-04-11 593920]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-08 75064]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R2 VC9SecS;Virtual CD v9 Management Service; C:\Program Files\Virtual CD v9\System\VC9SecS.exe [2009-04-17 132424]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate1c9907fa83fb576;Google Update Service (gupdate1c9907fa83fb576); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 183280]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-10-05 3375952]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2010-03-29 20:11:02

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.1.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
AFPL Ghostscript 8.54-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Airline Tycoon Evolution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E43D5F-5296-4D53-B303-9D951AFE510F}\setup.exe"
Airport Tycoon 3-->"C:\Program Files\Modern Games\Airport Tycoon 3\unins000.exe"
ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\Setup.exe" -runfromtemp -l0x0007 -removeonly
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Applian FLV Player-->"C:\Windows\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
Auslogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AVI MPEG Converter 3-->D:\Program Files\Xilisoft\AVI MPEG Converter 3\Uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BCL easyPDF Printer Driver 5.1-->MsiExec.exe /I{8D7574B1-49D7-41E6-9C2E-6B49A8619E64}
BufferZone-->MsiExec.exe /X{793CFFC9-A72F-431D-9C74-2E9361E67D04}
Building & Co-->K:\Games\Building&Co\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CIB pdf brewer 2.5.22-->C:\Program Files\InstallShield Installation Information\{F0312AC6-988B-11DA-9C49-000476F770CC}\setup.exe -runfromtemp -l0x0007 anything -removeonly
CINEMA 4D Release 9 XL Bundle-->C:\Windows\unvise32.exe C:\Program Files\MAXON\CINEMA 4D R9\uninstal_C4D.log
Command & Conquer™ Alarmstufe Rot 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"C:\Program Files\THQ\Company of Heroes\Uninstall_German.exe"
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19
DEUTSCHLAND SPIELT GAME CENTER-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" UInstAllGPAndDS
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
Die Wiege Roms-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" ScriptUInst "C:\Program Files\OXXOGames\GPlayer\Install\\Game_AwemDieWiegeRoms.log"
Disketch CD Label Software-->C:\Program Files\NCH Software\Disketch\uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1031
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
FFOLKES Unlocks123 mod v1.4.1-->C:\Program Files\EA GAMES\Battlefield 2\Uninstall_Unlocks123_mod.exe
FileZilla Client 3.0.11-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Firebird SQL Server - MAGIX Edition-->D:\Program Files\MAGIX\Common\Database\unwise.exe
FirstSteps Diagnostics-->MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}
FlorensiaEU 1.08.17-->K:\Netts\uninst.exe
Free M4a to MP3 Converter 6.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
Free PS Convert driver 8.15-->"C:\Program Files\psconvert\unins000.exe"
FreePDF XP (Remove only)-->C:\Program Files\FreePDF_XP\fpsetup.exe /r
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Google SketchUp Pro 7-->MsiExec.exe /I{E1C256F5-58C6-44E9-939A-E1189C8126E2}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Gothic III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x7 -removeonly
GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Indeo® software-->C:\Windows\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu"
IsoBuster 2.0-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
JAlbum 7.4-->C:\Program Files\JAlbumWin\Uninstall.exe
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kane and Lynch: Dead Men-->MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C}
Knights Of Honor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7911C404-9AFA-4BB2-B9B7-E47423D87528}\setup.exe" -l0x7
Kreuzworträtsel Freeware-->C:\Windows\unin0407.exe -f"C:\Program Files\p.i.c.s.\Kreuzworträtsel Freeware\DeIsL1.isu" -c"C:\Program Files\p.i.c.s.\Kreuzworträtsel Freeware\_ISREG32.DLL"
LanChat2 TBX 1.3-->"C:\Program Files\LanChat2 TBX\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {067EC517-9731-43FD-B4D5-296EE0027BBB} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{067EC517-9731-43FD-B4D5-296EE0027BBB}
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x7 UNINSTALL
MAGIX Filme für unterwegs 3 3.0.0.11 (D)-->D:\Program Files\MAGIX\Filme_fuer_unterwegs_3\unwise.exe
MAGIX Online Druck Service 2.3.2.0 (D)-->D:\Program Files\MAGIX\Online_Druck_Service\unwise.exe
MAGIX Screenshare 4.3.6.1987 (D)-->D:\Program Files\MAGIX\PCVisit\unwise.exe
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MAXON Language Set 9.0-->C:\Windows\unvise32.exe C:\Program Files\MAXON\CINEMA 4D R9\Language_90.log
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}
Microsoft XNA Framework Redistributable 1.0 Refresh-->MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.24)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 7 Essentials-->MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571031}
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Opera 10.51-->MsiExec.exe /X{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}
OSAM: Online Solutions Autorun Manager v5.0-->MsiExec.exe /I{EF63577B-0CF5-4865-9B61-28B3250D6A17}
Paint.NET v3.22-->MsiExec.exe /X{96C267DA-0926-4C11-B4E7-4D3EF85130D0}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Pharao-->C:\Windows\IsUn0407.exe -fC:\SIERRA\Pharao\Uninst.isu
PharaoAufbauPack_BestSeller-->C:\SIERRA\Pharao\UNWISE.EXE C:\SIERRA\Pharao\INSTALL.LOG
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
PowerDV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RagTime Privat-->C:\Windows\IsUn0407.exe -f"C:\Program Files\RagTime Privat\Uninst.isu"
Realtek Ethernet Controller Driver For Windows Vista and Later-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RedMon - Redirection Port Monitor-->C:\Windows\system32\unredmon.exe
Ricky`s Restaurant-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" ScriptUInst "C:\Program Files\OXXOGames\GPlayer\Install\\Game_AlwRickysRestaurant.log"
Rome - Total War-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x7 -removeonly
Secured eMule-->C:\PROGRA~1\SECURE~1\UNWISE.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG
Siedler3-->C:\Windows\IsUn0407.exe -fd:\BlueByte\Siedler3\DeIsL1.isu -x -c"d:\BlueByte\Siedler3\Install\ITools.dll"
Silent Hunter 4 Wolves of the Pacific-->C:\Program Files\InstallShield Installation Information\{0D005F09-A5F4-473B-A901-5735C6AF5628}\setup.exe -runfromtemp -l0x0007 -removeonly
Skat 7.0-->MsiExec.exe /I{A669C87E-3F31-4709-BB90-129979F3A841}
Skat 7.1.2-->MsiExec.exe /I{DD88E7D8-F606-4822-9983-F44A3E5019CC}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0007 -removeonly
Star Wars Galactic Battlegrounds: Clone Campaigns-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0314ED3D-26A7-4F62-86A2-6B23353445E8}\Setup.exe"
StyleXP (remove only)-->"C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Super Nautica (VOLLVERSION)-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" ScriptUInst "C:\Program Files\OXXOGames\GPlayer\Install\\Game_OxxoGSCD.log"
Superpower 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CFB9F7A0-A7ED-43A9-9551-EC1F319F971A}
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
Titan Quest Immortal Throne-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x7 -removeonly
Titan Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x7 -removeonly
T-Online 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\Setup.exe" CPAS
T-Online WLAN-Access Finder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}\Setup.exe" -L0x7
UltraISO Premium V9.3-->"C:\Program Files\UltraISO\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Virtual CD v9-->C:\Program Files\InstallShield Installation Information\{98A64C75-BFD6-4212-8746-8BADC7ABA79E}\setup.exe -runfromtemp -l0x0007 -removeonly
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VNC Free Edition 4.1.3-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
WinCorder-->C:\Windows\UnHyCam.bat
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Zattoo 3.3.4 Beta-->C:\Program Files\Zattoo\uninst.exe

======Security center information======

AV: AntiVir Desktop
AS: AntiVir Desktop
AS: Windows-Defender

======System event log======

Computer Name: Christian-PC
Event Code: 7036
Message: Dienst "Volumeschattenkopie" befindet sich jetzt im Status "Beendet".
Record Number: 673649
Source Name: Service Control Manager
Time Written: 20100329104353.000000-000
Event Type: Informationen
User:

Computer Name: Christian-PC
Event Code: 7036
Message: Dienst "Microsoft-Softwareschattenkopie-Anbieter" befindet sich jetzt im Status "Beendet".
Record Number: 673650
Source Name: Service Control Manager
Time Written: 20100329104653.000000-000
Event Type: Informationen
User:

Computer Name: Christian-PC
Event Code: 7036
Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Ausgeführt".
Record Number: 673651
Source Name: Service Control Manager
Time Written: 20100329114902.000000-000
Event Type: Informationen
User:

Computer Name: Christian-PC
Event Code: 7036
Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Beendet".
Record Number: 673652
Source Name: Service Control Manager
Time Written: 20100329115016.000000-000
Event Type: Informationen
User:

Computer Name: Christian-PC
Event Code: 8003
Message: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARTINLAPTOP-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1860803F-4D7B-4272-828C-EA-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Record Number: 673653
Source Name: bowser
Time Written: 20100329123027.720000-000
Event Type: Fehler
User:

=====Application event log=====

Computer Name: Christian-PC
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 177331443
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100329084600.000000-000
Event Type: Informationen
User:

Computer Name: Christian-PC
Event Code: 4113
Message: AntiVir erkannte in der Datei C:\Windows\System32\ntnluj.dll verdächtigen Code mit der Bezeichnung 'TR/Agent.ruo'!
Record Number: 177331444
Source Name: Avira AntiVir
Time Written: 20100329084708.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: Christian-PC
Event Code: 8224
Message: Der VSS-Dienst wird aufgrund eines Leerlaufzeitlimits heruntergefahren.
Record Number: 177331445
Source Name: VSS
Time Written: 20100329104353.000000-000
Event Type: Informationen
User:

Computer Name: Christian-PC
Event Code: 0
Message:
Record Number: 177331446
Source Name: gusvc
Time Written: 20100329114901.000000-000
Event Type: Informationen
User:

Computer Name: Christian-PC
Event Code: 0
Message:
Record Number: 177331447
Source Name: gusvc
Time Written: 20100329115016.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: Christian-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: CHRISTIAN-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-20
Kontoname: NETZWERKDIENST
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e4
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x290
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 125521
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100226112844.525695-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Christian-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-20
Kontoname: NETZWERKDIENST
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e4

Berechtigungen: SeAuditPrivilege
SeImpersonatePrivilege
SeAssignPrimaryTokenPrivilege
Record Number: 125522
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100226112844.525695-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Christian-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: CHRISTIAN-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x290
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 125523
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100226112844.588095-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Christian-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: CHRISTIAN-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x290
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 125524
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100226112844.588095-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Christian-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 125525
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100226112844.588095-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\;D:\PROGRA~1\ThriXXX\3D SexVilla;C:\Program Files\CIB software GmbH\CIB pdf brewer;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
__________________

Alt 29.03.2010, 20:45   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.ruo in C:\Windows\system32\ntnluj.dll - Standard

TR/Agent.ruo in C:\Windows\system32\ntnluj.dll



Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:



3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
ATTFilter
files to delete:
C:\Windows\system32\drivers\kbdqgmj.sys
C:\Windows\system32\drivers\EagleNT.sys
C:\Windows\system32\drivers\HH9Help.sys
C:\Users\CHRIST~1\AppData\Local\Temp\mdxgthkn.sys

drivers to delete:
kbdqgmj
EagleNT
HH9Help.sys
mdxgthkn
         
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken

9.) Frisches Logfile mit OSAM erstellen + posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.04.2010, 09:29   #5
Boreas
 
TR/Agent.ruo in C:\Windows\system32\ntnluj.dll - Standard

TR/Agent.ruo in C:\Windows\system32\ntnluj.dll



h**p://www.file-upload.net/download-2417661/backup.zip.html


Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Windows\system32\drivers\kbdqgmj.sys" not found!
Deletion of file "C:\Windows\system32\drivers\kbdqgmj.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\drivers\EagleNT.sys" not found!
Deletion of file "C:\Windows\system32\drivers\EagleNT.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\drivers\HH9Help.sys" deleted successfully.

Error: file "C:\Users\CHRIST~1\AppData\Local\Temp\mdxgthkn.sys" not found!
Deletion of file "C:\Users\CHRIST~1\AppData\Local\Temp\mdxgthkn.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\kbdqgmj" not found!
Deletion of driver "kbdqgmj" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "EagleNT" deleted successfully.
Driver "HH9Help.sys" deleted successfully.
Driver "mdxgthkn" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

__________________________

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:33:38 on 08.04.2010

OS: Windows Vista Home Premium Edition (Build 6000), 32-bit
Default Browser: Opera Software Opera Internet Browser 10.51

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"ToSysCnf" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToSysCnf.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"ISO DVD/CD-ROM Device Driver" (ISODrive) - "EZB Systems, Inc." - C:\Program Files\UltraISO\drivers\ISODrive.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"REDLIGHT" (REDLIGHT) - "BufferZone" - C:\Windows\System32\drivers\REDLIGHT.SYS
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\Windows\System32\drivers\prodrv06.sys
"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp01.sys
"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\Windows\System32\drivers\prohlp02.sys
"StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\Windows\System32\drivers\prosync1.sys
"StyleXPHelper" (StyleXPHelper) - "Windows (R) 2000 DDK provider" - C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
"vdrv9000" (vdrv9000) - "H+H Software GmbH" - C:\Windows\System32\DRIVERS\vdrv9000.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{E2958773-ACDB-4553-A069-A1EEB4AFBA0F} "BufferZone context menu" - ? - C:\Windows\system32\RlShellExt.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF} "SxBufferZoneOverlay" - ? - C:\Windows\system32\RlShellExt.dll
{F594B094-8768-4632-8143-12852EBBD688} "SxConfidentialOverlay" - ? - C:\Windows\system32\RlShellExt.dll
{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D} "SxForbiddenOverlay" - ? - C:\Windows\system32\RlShellExt.dll
{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3} "SxUnknownOverlay" - ? - C:\Windows\system32\RlShellExt.dll
{AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" - "EZB Systems, Inc." - C:\Program Files\UltraISO\isoshell.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"T-Online_Software_6\WLAN-Access Finder" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (File found, but it contains no detailed information)
"ToADiMon.exe" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFConverter" - ? - C:\Windows\system32\pdfmonnt.dll (File found, but it contains no detailed information)
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
"getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9907fa83fb576)" (gupdate1c9907fa83fb576) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information)
"StyleXPService" (StyleXPService) - ? - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found)
"Virtual CD v9 Management Service" (VC9SecS) - "H+H Software GmbH" - C:\Program Files\Virtual CD v9\System\VC9SecS.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


Geändert von Boreas (08.04.2010 um 09:34 Uhr)

Alt 08.04.2010, 09:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.ruo in C:\Windows\system32\ntnluj.dll - Standard

TR/Agent.ruo in C:\Windows\system32\ntnluj.dll



Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
--> TR/Agent.ruo in C:\Windows\system32\ntnluj.dll

Alt 08.04.2010, 13:09   #7
Boreas
 
TR/Agent.ruo in C:\Windows\system32\ntnluj.dll - Standard

TR/Agent.ruo in C:\Windows\system32\ntnluj.dll



Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 6.0.6000
Internet Explorer 7.0.6000.16890

08.04.2010 10:15:36
mbam-log-2010-04-08 (10-15-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 102709
Laufzeit: 10 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

_________________________________


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/08/2010 at 01:03 PM

Application Version : 4.35.1002

Core Rules Database Version : 4781
Trace Rules Database Version: 2593

Scan type : Complete Scan
Total Scan Time : 02:41:34

Memory items scanned : 798
Memory threats detected : 0
Registry items scanned : 7898
Registry threats detected : 0
File items scanned : 204772
File threats detected : 5

Adware.Tracking Cookie
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@statcounter[1].txt
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@ar.atwola[1].txt
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@doubleclick[1].txt
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@atwola[1].txt

Virus.DirectX
C:\WINDOWS\INSTALLER\{CFB9F7A0-A7ED-43A9-9551-EC1F319F971A}\DIRECTX.EXE

Alt 08.04.2010, 13:19   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.ruo in C:\Windows\system32\ntnluj.dll - Standard

TR/Agent.ruo in C:\Windows\system32\ntnluj.dll



Die Funde von SUPERAntiSpyware bitte entfernen.

Zitat:
Datenbank Version: 3930
ich hab extra drauf hingewiesen, Du solltest Die Datenbanken (Signaturen) in Malwarebytes updaten. Mach das und starten einen Vollscan.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.04.2010, 16:01   #9
Boreas
 
TR/Agent.ruo in C:\Windows\system32\ntnluj.dll - Standard

TR/Agent.ruo in C:\Windows\system32\ntnluj.dll



Mal wieder nur die hälfte gemacht...



Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3968

Windows 6.0.6000
Internet Explorer 7.0.6000.16890

08.04.2010 16:00:37
mbam-log-2010-04-08 (16-00-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 304701
Laufzeit: 1 Stunde(n), 43 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 08.04.2010, 16:30   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.ruo in C:\Windows\system32\ntnluj.dll - Standard

TR/Agent.ruo in C:\Windows\system32\ntnluj.dll



Aber auch da keine Funde
Die in SUPERAntiSpyware bitte entfernen lassen (falls noch nicht erfolgt)

Wenn wieder soweit alles ok ist, bitte Updates prüfen:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TR/Agent.ruo in C:\Windows\system32\ntnluj.dll
7-zip, adware.playmp3z, antivir, antivir guard, autorun, avgnt.exe, avira, desktop, desktop.ini, device driver, diagnostics, explorer, gupdate, home premium, internet browser, local\temp, magix, malware.trace, pdfconverter, pdfcreator, programdata, registry, registry key, server, software, start menu, symantec, system, tr/agent.ruo, trojan.fbrowsingadvisor, trojaner, tunnel, vista, windows, windows vista home



Ähnliche Themen: TR/Agent.ruo in C:\Windows\system32\ntnluj.dll


  1. TR/Agent.ruo in C:\Windows\system32\ntnmdm.dll
    Plagegeister aller Art und deren Bekämpfung - 31.05.2010 (55)
  2. Drop.Agent.amh in C:\Windows\System32\help.txt
    Plagegeister aller Art und deren Bekämpfung - 15.05.2010 (2)
  3. TR/Agent.ruo C:\Windows\System32\ntnzwdg.dll
    Plagegeister aller Art und deren Bekämpfung - 15.04.2010 (23)
  4. TR/Agent.RUO.3 in der Datei 'C:\Windows\System32\wineon.dll' und DR/Agent.ruo ...
    Plagegeister aller Art und deren Bekämpfung - 14.04.2010 (6)
  5. TR/Agent.ruo in C:/WINDOWS/System32/winevpn.dll
    Plagegeister aller Art und deren Bekämpfung - 07.04.2010 (32)
  6. TR/Agent.RUO.4 in 'C:\Windows\System32\d3dshtr.dll'
    Plagegeister aller Art und deren Bekämpfung - 03.04.2010 (11)
  7. TR/Agent.ruo in C:\Windows\system32\winepnb.dll
    Mülltonne - 01.04.2010 (1)
  8. Tr/Agent.ruo in C:\WINDOWS\System32\ntnltk.dll
    Plagegeister aller Art und deren Bekämpfung - 31.03.2010 (5)
  9. TR/Agent.ruo in in C:\Windows\system32\d3dsnpq.dll
    Plagegeister aller Art und deren Bekämpfung - 31.03.2010 (10)
  10. tr/agent.ruo in C:\Windows\System32\winexxqd.dll
    Plagegeister aller Art und deren Bekämpfung - 30.03.2010 (10)
  11. TR/Agent.ruo in Windows System32 d3dszdmd.dll
    Plagegeister aller Art und deren Bekämpfung - 29.03.2010 (3)
  12. TR/Agent.ruo C:\WINDOWS\system32\ntnbk.dll
    Plagegeister aller Art und deren Bekämpfung - 29.03.2010 (1)
  13. TR/Agent.ruo C:\WINDOWS\system32\ntnaeu.dll
    Plagegeister aller Art und deren Bekämpfung - 29.03.2010 (26)
  14. TR/Agent.ruo in in C:\Windows\system32\wineayy.dll
    Plagegeister aller Art und deren Bekämpfung - 29.03.2010 (4)
  15. TR/Agent.ruo in C:\Windows\System32\d3dsmnpb.dll
    Plagegeister aller Art und deren Bekämpfung - 29.03.2010 (2)
  16. TR/agent.ruo in C:WINDOWS\System32\ntnyjop.dll
    Plagegeister aller Art und deren Bekämpfung - 29.03.2010 (1)
  17. Tr/Agent.ruo in: C\Windows\System32\wineqd.dll
    Plagegeister aller Art und deren Bekämpfung - 28.03.2010 (3)

Zum Thema TR/Agent.ruo in C:\Windows\system32\ntnluj.dll - Hallo, ich bin neu hier und habe gesehen, dass mehrere Leute probleme mit dme selben Trojaner haben, aber in anderen dateien ... wie auch einige der Vorposter hoffe ich daher, - TR/Agent.ruo in C:\Windows\system32\ntnluj.dll...
Archiv
Du betrachtest: TR/Agent.ruo in C:\Windows\system32\ntnluj.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.