| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/agent.ruo hat mich erwischtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.03.2010, 10:57
| #1 |
 |  TR/agent.ruo hat mich erwischt hallo auch mich hat es erwischt. ich habe auch schon osam ausgeführt und den post mit gleich dazu. was muß ich als nächstes machen? Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:52:36 on 30.03.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.2 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Control Panel Objects %SystemRoot%\system32 |||||| "CamCpl.cpl" "Logitech Inc." C:\Windows\system32\CamCpl.cpl File exists |||||| "PhysX.cpl" "NVIDIA Corporation" C:\Windows\system32\PhysX.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL File exists |||||| "Nero BurnRights" "Nero AG" C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl File exists |||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "atksgt" (atksgt) C:\Windows\System32\DRIVERS\atksgt.sys File found, but it contains no detailed information |||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists |||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists |||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists "IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found "IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found "IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found |||||| "lirsgt" (lirsgt) C:\Windows\System32\DRIVERS\lirsgt.sys File found, but it contains no detailed information |||||| "PDNMp50 NDIS Protocol Driver" (PDNMp50) "Printing Communications Assoc., Inc. (PCAUSA)" C:\Windows\system32\drivers\PDNMp50.sys File exists |||||| "PDNSp50 NDIS Protocol Driver" (PDNSp50) "Printing Communications Assoc., Inc. (PCAUSA)" C:\Windows\system32\drivers\PDNSp50.sys File exists |||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked |||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists |||||| "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys File exists "winevr" (winevr) "Microsoft Corporation" C:\Windows\system32\drivers\winevr.sys File exists Explorer HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists |||||| {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks |||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found |||||| {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {B446400D-0030-457b-8F64-422A19605186} "Logitech Gallery" "Logitech Inc." C:\Program Files\Logitech\ImageStudio\NameSpc.dll File exists |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL File exists |||||| {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll File exists |||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists |||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists |||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll File exists |||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL File exists {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found |||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists |||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists |||||| {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll File exists |||||| {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll File exists |||||| {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" "TuneUp Software" C:\Windows\System32\uxtuneup.dll File exists {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists Internet Explorer HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_17.dll File exists |||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab "Adobe Systems, Inc." C:\Windows\system32\Macromed\Flash\Flash10c.ocx File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File exists |||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File exists |||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists |||||| {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" "Safer Networking Limited" C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File exists |||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\Users\Sweetheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists |||| "HP Digital Imaging Monitor.lnk" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Shortcut exists | File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |||| "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "Nero AG" "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File exists "IncrediMail" "IncrediMail, Ltd." C:\Program Files\IncrediMail\bin\IncMail.exe /c File exists |||| "msnmsgr" "Microsoft Corporation" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File exists |||| "PC Suite Tray" "Nokia" "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File exists |||||| "Rainlendar2" C:\Program Files\Rainlendar2\Rainlendar2.exe File exists |||||| "SpybotSD TeaTimer" "Safer Networking Limited" C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File exists "uTorrent" "BitTorrent, Inc." "C:\Program Files\uTorrent\uTorrent.exe" File exists HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists |||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists |||| "GrooveMonitor" "Microsoft Corporation" "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" File exists |||| "HP Software Update" "Hewlett-Packard Co." C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File exists |||| "LogitechGalleryRepair" "Logitech Inc." C:\Program Files\Logitech\ImageStudio\ISStart.exe File exists |||| "LogitechImageStudioTray" "Logitech Inc." C:\Program Files\Logitech\ImageStudio\LogiTray.exe File exists |||| "LVCOMS" "Logitech Inc." C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE File exists |||| "NeroFilterCheck" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File exists "QCDriverInstaller" "Logitech Inc." C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe /addrun /l 1031 /LaunchAtStart File exists |||| "StartCCC" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File found, but it contains no detailed information |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Java\jre6\bin\jusched.exe" File exists |||| "WinampAgent" "Nullsoft, Inc." "C:\Program Files\Winamp\winampa.exe" File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "LIDIL hpzll5ha" "Hewlett-Packard Company" C:\Windows\system32\hpzll5ha.dll File exists |||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) "TuneUp Software" C:\Windows\System32\uxtuneup.dll File exists |||||| "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe File exists |||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists |||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists |||||| "HP CUE DeviceDiscovery Service" (hpqddsvc) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File exists |||||| "hpqcxs08" (hpqcxs08) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File exists |||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists |||||| "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe File exists |||||| "NBService" (NBService) "Nero AG" C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe File exists |||||| "Net Driver HPZ12" (Net Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZinw12.dll File exists |||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File exists "nProtect GameGuard Service" (npggsvc) "INCA Internet Co., Ltd." C:\Windows\system32\GameMon.des File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZipm12.dll File exists |||||| "SBSD Security Center Service" (SBSDWSCService) "Safer Networking Ltd." C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe File exists |||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File exists |||||| "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe File exists Winlogon HKCU\Control Panel\Desktop || "SCRNSAVE.EXE" C:\Windows\LIVING~2.SCR File found, but it contains no detailed information If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
30.03.2010, 15:04
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/agent.ruo hat mich erwischt hallo und
__________________ Code:
ATTFilter [Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"winevr" (winevr) "Microsoft Corporation" C:\Windows\system32\drivers\winevr.sys File exists
C:\Windows\system32\drivers\winevr.sys bei Virustotal.com auswerten. Bitte dann Ergebnislink posten.
__________________ |
|
30.03.2010, 15:38
| #3 |
| | TR/agent.ruo hat mich erwischt so der neue post nach deaktivierung
__________________Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:33:56 on 30.03.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.2 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Control Panel Objects %SystemRoot%\system32 |||||| "CamCpl.cpl" "Logitech Inc." C:\Windows\system32\CamCpl.cpl File exists |||||| "PhysX.cpl" "NVIDIA Corporation" C:\Windows\system32\PhysX.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL File exists |||||| "Nero BurnRights" "Nero AG" C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl File exists |||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "atksgt" (atksgt) C:\Windows\System32\DRIVERS\atksgt.sys File found, but it contains no detailed information |||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists |||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists |||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists "IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found "IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found "IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found |||||| "lirsgt" (lirsgt) C:\Windows\System32\DRIVERS\lirsgt.sys File found, but it contains no detailed information |||||| "PDNMp50 NDIS Protocol Driver" (PDNMp50) "Printing Communications Assoc., Inc. (PCAUSA)" C:\Windows\system32\drivers\PDNMp50.sys File exists |||||| "PDNSp50 NDIS Protocol Driver" (PDNSp50) "Printing Communications Assoc., Inc. (PCAUSA)" C:\Windows\system32\drivers\PDNSp50.sys File exists |||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked |||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists |||||| "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys File exists Explorer HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists |||||| {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks |||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found |||||| {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {B446400D-0030-457b-8F64-422A19605186} "Logitech Gallery" "Logitech Inc." C:\Program Files\Logitech\ImageStudio\NameSpc.dll File exists |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL File exists |||||| {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll File exists |||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists |||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists |||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll File exists |||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL File exists {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found |||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists |||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists |||||| {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll File exists |||||| {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll File exists |||||| {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" "TuneUp Software" C:\Windows\System32\uxtuneup.dll File exists {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists Internet Explorer HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_17.dll File exists |||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab "Adobe Systems, Inc." C:\Windows\system32\Macromed\Flash\Flash10c.ocx File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File exists |||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File exists |||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists |||||| {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" "Safer Networking Limited" C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File exists |||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\Users\Sweetheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists |||| "HP Digital Imaging Monitor.lnk" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Shortcut exists | File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |||| "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "Nero AG" "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File exists "IncrediMail" "IncrediMail, Ltd." C:\Program Files\IncrediMail\bin\IncMail.exe /c File exists |||| "msnmsgr" "Microsoft Corporation" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File exists |||| "PC Suite Tray" "Nokia" "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File exists |||||| "Rainlendar2" C:\Program Files\Rainlendar2\Rainlendar2.exe File exists |||||| "SpybotSD TeaTimer" "Safer Networking Limited" C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File exists "uTorrent" "BitTorrent, Inc." "C:\Program Files\uTorrent\uTorrent.exe" File exists HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists |||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists |||| "GrooveMonitor" "Microsoft Corporation" "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" File exists |||| "HP Software Update" "Hewlett-Packard Co." C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File exists |||| "LogitechGalleryRepair" "Logitech Inc." C:\Program Files\Logitech\ImageStudio\ISStart.exe File exists |||| "LogitechImageStudioTray" "Logitech Inc." C:\Program Files\Logitech\ImageStudio\LogiTray.exe File exists |||| "LVCOMS" "Logitech Inc." C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE File exists |||| "NeroFilterCheck" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File exists "QCDriverInstaller" "Logitech Inc." C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe /addrun /l 1031 /LaunchAtStart File exists |||| "StartCCC" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File found, but it contains no detailed information |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Java\jre6\bin\jusched.exe" File exists |||| "WinampAgent" "Nullsoft, Inc." "C:\Program Files\Winamp\winampa.exe" File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "LIDIL hpzll5ha" "Hewlett-Packard Company" C:\Windows\system32\hpzll5ha.dll File exists |||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) "TuneUp Software" C:\Windows\System32\uxtuneup.dll File exists |||||| "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe File exists |||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists |||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists |||||| "HP CUE DeviceDiscovery Service" (hpqddsvc) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File exists |||||| "hpqcxs08" (hpqcxs08) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File exists |||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists |||||| "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe File exists |||||| "NBService" (NBService) "Nero AG" C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe File exists |||||| "Net Driver HPZ12" (Net Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZinw12.dll File exists |||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File exists "nProtect GameGuard Service" (npggsvc) "INCA Internet Co., Ltd." C:\Windows\system32\GameMon.des File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZipm12.dll File exists |||||| "SBSD Security Center Service" (SBSDWSCService) "Safer Networking Ltd." C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe File exists |||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File exists |||||| "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe File exists Winlogon HKCU\Control Panel\Desktop || "SCRNSAVE.EXE" C:\Windows\LIVING~2.SCR File found, but it contains no detailed information If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
30.03.2010, 15:40
| #4 |
| | TR/agent.ruo hat mich erwischt das ist die auswertung von virustotal Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.03.30 - AhnLab-V3 5.0.0.2 2010.03.30 - AntiVir 7.10.6.4 2010.03.30 - Antiy-AVL 2.0.3.7 2010.03.30 - Authentium 5.2.0.5 2010.03.30 - Avast 4.8.1351.0 2010.03.30 Win32:Trojan-gen Avast5 5.0.332.0 2010.03.30 Win32:Trojan-gen AVG 9.0.0.787 2010.03.29 - BitDefender 7.2 2010.03.30 - CAT-QuickHeal 10.00 2010.03.30 - ClamAV 0.96.0.0-git 2010.03.30 - Comodo 4439 2010.03.30 - DrWeb 5.0.2.03220 2010.03.30 - eSafe 7.0.17.0 2010.03.28 - eTrust-Vet 35.2.7396 2010.03.30 - F-Prot 4.5.1.85 2010.03.29 - F-Secure 9.0.15370.0 2010.03.30 - Fortinet 4.0.14.0 2010.03.30 - GData 19 2010.03.30 Win32:Trojan-gen Ikarus T3.1.1.80.0 2010.03.30 - Jiangmin 13.0.900 2010.03.30 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.30 - McAfee 5935 2010.03.29 - McAfee+Artemis 5935 2010.03.29 - McAfee-GW-Edition 6.8.5 2010.03.30 - Microsoft 1.5605 2010.03.30 - NOD32 4985 2010.03.30 a variant of Win32/Agent.QQJ Norman 6.04.10 2010.03.30 - nProtect 2009.1.8.0 2010.03.30 Trojan/W32.Agent.497664.T Panda 10.0.2.2 2010.03.29 - PCTools 7.0.3.5 2010.03.30 - Prevx 3.0 2010.03.30 High Risk Rootkit Rising 22.41.01.03 2010.03.30 - Sophos 4.52.0 2010.03.30 - Sunbelt 6116 2010.03.30 - Symantec 20091.2.0.41 2010.03.30 Suspicious.Insight TheHacker 6.5.2.0.248 2010.03.30 - TrendMicro 9.120.0.1004 2010.03.30 - VBA32 3.12.12.2 2010.03.30 - ViRobot 2010.3.30.2252 2010.03.30 Trojan.Win32.RT-Agent.497664 VirusBuster 5.0.27.0 2010.03.30 - weitere Informationen File size: 497664 bytes MD5...: 981f238f0ecadb6a4b0914f647582546 SHA1..: a30e281d2754742575ad911c788cff576a06da7e SHA256: fc5e083744557164c06395d9d83e37b0e8deb29ef71927ce12b76ba62b688843 ssdeep: 12288:BaxS3t1Q0yHe5NTG6C3B0nvG6aLwiwUBiUV/s8L:Bax+1Qd+HGJWe6/TUY K/TL PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x7a000 timedatestamp.....: 0x4b5470d2 (Mon Jan 18 14:31:46 2010) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x5e1a 0x6000 6.39 4840ad584763561bdb1b3d3bd0f60731 .rdata 0x7000 0x71474 0x71600 7.85 b577e7d7405b27ee8fbd8436e03be518 .data 0x79000 0x47c 0x200 0.45 89e4da52dd689c522db3383c4544a658 INIT 0x7a000 0x71a 0x800 5.23 cab2bbb7cc4adad8fc38a29f250a7dbe .rsrc 0x7b000 0x2c8 0x400 2.38 0a38e7eba72777dfff1f2ec6edf4fa8d .reloc 0x7c000 0xe26 0x1000 4.19 7395b12a4f70412cac206325760214ad ( 2 imports ) > ntoskrnl.exe: ObReferenceObjectByHandle, ObOpenObjectByName, RtlInitUnicodeString, wcslen, wcscat, _alldiv, ExRaiseStatus, ExAllocatePoolWithTagPriority, ExFreePoolWithTag, RtlCopyUnicodeString, ExAllocatePoolWithTag, ZwQueryInformationProcess, RtlCompareUnicodeString, KeReleaseMutex, KeWaitForSingleObject, ZwSetInformationProcess, ZwDuplicateToken, ZwOpenProcessToken, ZwOpenProcess, ZwEnumerateKey, ZwDeleteKey, ZwOpenKey, wcsncat, ZwLoadDriver, ZwSetValueKey, ZwCreateKey, IoDeleteDevice, RtlImageDirectoryEntryToData, KeDetachProcess, KeAttachProcess, PsLookupProcessByProcessId, ZwAllocateVirtualMemory, ZwOpenFile, wcscpy, ObfDereferenceObject, ZwQueryInformationThread, ZwQuerySystemInformation, memmove, _local_unwind2, KeServiceDescriptorTable, KeInitializeMutex, ZwReadFile, ZwCreateFile, ZwSetInformationFile, ZwWriteFile, ZwQueryInformationFile, wcscmp, ZwQueryVolumeInformationFile, PsSetLoadImageNotifyRoutine, PsSetCreateProcessNotifyRoutine, ZwQueryValueKey, IofCompleteRequest, RtlImageNtHeader, IoCreateSymbolicLink, IoCreateDevice, swprintf, SeCreateClientSecurity, KeGetCurrentThread, KeQuerySystemTime, sprintf, ZwMapViewOfSection, ZwCreateSection, ZwUnmapViewOfSection, KeTickCount, KeBugCheckEx, ZwClose, _except_handler3, wcsncmp > HAL.dll: KfRaiseIrql, KfLowerIrql, KeGetCurrentIrql ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) <a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=6F8428FF00DA13A5983C074541E5B3005AE06D06' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=6F8428FF00DA13A5983C074541E5B3005AE06D06</a> packers (Kaspersky): PE_Patch sigcheck: publisher....: Microsoft Corporation copyright....: n/a product......: Microsoft_ Windows_ Operating System description..: Windows interface driver original name: n/a internal name: n/a file version.: 5.1.2600.0 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned und jetzt? |
|
30.03.2010, 17:53
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/agent.ruo hat mich erwischt Den Eintrag mit OSAM gelöscht (Delete from storage - steht in der Anleitung) ? Bitte danach diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! ) Falls Du Probleme mit Malwarebytes hast (startet nicht, Updates laden nicht etc.), das hier beachten > http://www.trojaner-board.de/82699-m...tet-nicht.html Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen! Falls RSIT nicht startet: im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu TR/agent.ruo hat mich erwischt |
| avgnt.exe, avgntflt.sys, desktop.ini, diagnostics, home premium, jusched.exe, plug-in, programdata, registry key, safer networking, sptd.sys, start menu, tunnel, windows vista home |
Linear-Darstellung
