Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/agent.ruo hat mich erwischt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.03.2010, 10:57   #1
Zyrania
 
TR/agent.ruo hat mich erwischt - Standard

TR/agent.ruo hat mich erwischt



hallo auch mich hat es erwischt. ich habe auch schon osam ausgeführt und den post mit gleich dazu. was muß ich als nächstes machen?

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:52:36 on 30.03.2010
OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Control Panel Objects
%SystemRoot%\system32
|||||| "CamCpl.cpl" "Logitech Inc." C:\Windows\system32\CamCpl.cpl File exists
|||||| "PhysX.cpl" "NVIDIA Corporation" C:\Windows\system32\PhysX.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL File exists
|||||| "Nero BurnRights" "Nero AG" C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl File exists
|||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "atksgt" (atksgt) C:\Windows\System32\DRIVERS\atksgt.sys File found, but it contains no detailed information
|||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists
"IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found
"IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
"IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
|||||| "lirsgt" (lirsgt) C:\Windows\System32\DRIVERS\lirsgt.sys File found, but it contains no detailed information
|||||| "PDNMp50 NDIS Protocol Driver" (PDNMp50) "Printing Communications Assoc., Inc. (PCAUSA)" C:\Windows\system32\drivers\PDNMp50.sys File exists
|||||| "PDNSp50 NDIS Protocol Driver" (PDNSp50) "Printing Communications Assoc., Inc. (PCAUSA)" C:\Windows\system32\drivers\PDNSp50.sys File exists
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists
|||||| "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys File exists
"winevr" (winevr) "Microsoft Corporation" C:\Windows\system32\drivers\winevr.sys File exists
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
|||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found
|||||| {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {B446400D-0030-457b-8F64-422A19605186} "Logitech Gallery" "Logitech Inc." C:\Program Files\Logitech\ImageStudio\NameSpc.dll File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL File exists
|||||| {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists
|||||| {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll File exists
|||||| {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll File exists
|||||| {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" "TuneUp Software" C:\Windows\System32\uxtuneup.dll File exists
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists
Internet Explorer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_17.dll File exists
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab "Adobe Systems, Inc." C:\Windows\system32\Macromed\Flash\Flash10c.ocx File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File exists
|||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
|||||| {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" "Safer Networking Limited" C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Users\Sweetheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
|||| "HP Digital Imaging Monitor.lnk" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "Nero AG" "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File exists
"IncrediMail" "IncrediMail, Ltd." C:\Program Files\IncrediMail\bin\IncMail.exe /c File exists
|||| "msnmsgr" "Microsoft Corporation" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File exists
|||| "PC Suite Tray" "Nokia" "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File exists
|||||| "Rainlendar2" C:\Program Files\Rainlendar2\Rainlendar2.exe File exists
|||||| "SpybotSD TeaTimer" "Safer Networking Limited" C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File exists
"uTorrent" "BitTorrent, Inc." "C:\Program Files\uTorrent\uTorrent.exe" File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
|||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "GrooveMonitor" "Microsoft Corporation" "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" File exists
|||| "HP Software Update" "Hewlett-Packard Co." C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File exists
|||| "LogitechGalleryRepair" "Logitech Inc." C:\Program Files\Logitech\ImageStudio\ISStart.exe File exists
|||| "LogitechImageStudioTray" "Logitech Inc." C:\Program Files\Logitech\ImageStudio\LogiTray.exe File exists
|||| "LVCOMS" "Logitech Inc." C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE File exists
|||| "NeroFilterCheck" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File exists
"QCDriverInstaller" "Logitech Inc." C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe /addrun /l 1031 /LaunchAtStart File exists
|||| "StartCCC" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File found, but it contains no detailed information
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Java\jre6\bin\jusched.exe" File exists
|||| "WinampAgent" "Nullsoft, Inc." "C:\Program Files\Winamp\winampa.exe" File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "LIDIL hpzll5ha" "Hewlett-Packard Company" C:\Windows\system32\hpzll5ha.dll File exists
|||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) "TuneUp Software" C:\Windows\System32\uxtuneup.dll File exists
|||||| "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists
|||||| "HP CUE DeviceDiscovery Service" (hpqddsvc) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File exists
|||||| "hpqcxs08" (hpqcxs08) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File exists
|||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists
|||||| "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe File exists
|||||| "NBService" (NBService) "Nero AG" C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe File exists
|||||| "Net Driver HPZ12" (Net Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZinw12.dll File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File exists
"nProtect GameGuard Service" (npggsvc) "INCA Internet Co., Ltd." C:\Windows\system32\GameMon.des File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZipm12.dll File exists
|||||| "SBSD Security Center Service" (SBSDWSCService) "Safer Networking Ltd." C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe File exists
|||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File exists
|||||| "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe File exists
Winlogon
HKCU\Control Panel\Desktop
|| "SCRNSAVE.EXE" C:\Windows\LIVING~2.SCR File found, but it contains no detailed information

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 30.03.2010, 15:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/agent.ruo hat mich erwischt - Standard

TR/agent.ruo hat mich erwischt



hallo und

Code:
ATTFilter
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"winevr" (winevr) "Microsoft Corporation" C:\Windows\system32\drivers\winevr.sys File exists
         
Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM und lass die Datei

C:\Windows\system32\drivers\winevr.sys

bei Virustotal.com auswerten. Bitte dann Ergebnislink posten.
__________________

__________________

Alt 30.03.2010, 15:38   #3
Zyrania
 
TR/agent.ruo hat mich erwischt - Standard

TR/agent.ruo hat mich erwischt



so der neue post nach deaktivierung

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:33:56 on 30.03.2010
OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Control Panel Objects
%SystemRoot%\system32
|||||| "CamCpl.cpl" "Logitech Inc." C:\Windows\system32\CamCpl.cpl File exists
|||||| "PhysX.cpl" "NVIDIA Corporation" C:\Windows\system32\PhysX.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL File exists
|||||| "Nero BurnRights" "Nero AG" C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl File exists
|||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "atksgt" (atksgt) C:\Windows\System32\DRIVERS\atksgt.sys File found, but it contains no detailed information
|||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists
"IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found
"IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
"IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
|||||| "lirsgt" (lirsgt) C:\Windows\System32\DRIVERS\lirsgt.sys File found, but it contains no detailed information
|||||| "PDNMp50 NDIS Protocol Driver" (PDNMp50) "Printing Communications Assoc., Inc. (PCAUSA)" C:\Windows\system32\drivers\PDNMp50.sys File exists
|||||| "PDNSp50 NDIS Protocol Driver" (PDNSp50) "Printing Communications Assoc., Inc. (PCAUSA)" C:\Windows\system32\drivers\PDNSp50.sys File exists
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists
|||||| "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys File exists
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
|||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found
|||||| {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {B446400D-0030-457b-8F64-422A19605186} "Logitech Gallery" "Logitech Inc." C:\Program Files\Logitech\ImageStudio\NameSpc.dll File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL File exists
|||||| {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists
|||||| {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll File exists
|||||| {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll File exists
|||||| {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" "TuneUp Software" C:\Windows\System32\uxtuneup.dll File exists
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists
Internet Explorer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_17.dll File exists
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab "Adobe Systems, Inc." C:\Windows\system32\Macromed\Flash\Flash10c.ocx File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File exists
|||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
|||||| {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" "Safer Networking Limited" C:\Program Files\Spybot - Search & Destroy\SDHelper.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Users\Sweetheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
|||| "HP Digital Imaging Monitor.lnk" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "Nero AG" "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File exists
"IncrediMail" "IncrediMail, Ltd." C:\Program Files\IncrediMail\bin\IncMail.exe /c File exists
|||| "msnmsgr" "Microsoft Corporation" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File exists
|||| "PC Suite Tray" "Nokia" "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File exists
|||||| "Rainlendar2" C:\Program Files\Rainlendar2\Rainlendar2.exe File exists
|||||| "SpybotSD TeaTimer" "Safer Networking Limited" C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File exists
"uTorrent" "BitTorrent, Inc." "C:\Program Files\uTorrent\uTorrent.exe" File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
|||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "GrooveMonitor" "Microsoft Corporation" "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" File exists
|||| "HP Software Update" "Hewlett-Packard Co." C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File exists
|||| "LogitechGalleryRepair" "Logitech Inc." C:\Program Files\Logitech\ImageStudio\ISStart.exe File exists
|||| "LogitechImageStudioTray" "Logitech Inc." C:\Program Files\Logitech\ImageStudio\LogiTray.exe File exists
|||| "LVCOMS" "Logitech Inc." C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE File exists
|||| "NeroFilterCheck" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File exists
"QCDriverInstaller" "Logitech Inc." C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe /addrun /l 1031 /LaunchAtStart File exists
|||| "StartCCC" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File found, but it contains no detailed information
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Java\jre6\bin\jusched.exe" File exists
|||| "WinampAgent" "Nullsoft, Inc." "C:\Program Files\Winamp\winampa.exe" File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "LIDIL hpzll5ha" "Hewlett-Packard Company" C:\Windows\system32\hpzll5ha.dll File exists
|||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) "TuneUp Software" C:\Windows\System32\uxtuneup.dll File exists
|||||| "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists
|||||| "HP CUE DeviceDiscovery Service" (hpqddsvc) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File exists
|||||| "hpqcxs08" (hpqcxs08) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File exists
|||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists
|||||| "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe File exists
|||||| "NBService" (NBService) "Nero AG" C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe File exists
|||||| "Net Driver HPZ12" (Net Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZinw12.dll File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File exists
"nProtect GameGuard Service" (npggsvc) "INCA Internet Co., Ltd." C:\Windows\system32\GameMon.des File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZipm12.dll File exists
|||||| "SBSD Security Center Service" (SBSDWSCService) "Safer Networking Ltd." C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe File exists
|||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File exists
|||||| "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) "TuneUp Software" C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe File exists
Winlogon
HKCU\Control Panel\Desktop
|| "SCRNSAVE.EXE" C:\Windows\LIVING~2.SCR File found, but it contains no detailed information

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
__________________

Alt 30.03.2010, 15:40   #4
Zyrania
 
TR/agent.ruo hat mich erwischt - Standard

TR/agent.ruo hat mich erwischt



das ist die auswertung von virustotal


Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.30 -
AhnLab-V3 5.0.0.2 2010.03.30 -
AntiVir 7.10.6.4 2010.03.30 -
Antiy-AVL 2.0.3.7 2010.03.30 -
Authentium 5.2.0.5 2010.03.30 -
Avast 4.8.1351.0 2010.03.30 Win32:Trojan-gen
Avast5 5.0.332.0 2010.03.30 Win32:Trojan-gen
AVG 9.0.0.787 2010.03.29 -
BitDefender 7.2 2010.03.30 -
CAT-QuickHeal 10.00 2010.03.30 -
ClamAV 0.96.0.0-git 2010.03.30 -
Comodo 4439 2010.03.30 -
DrWeb 5.0.2.03220 2010.03.30 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7396 2010.03.30 -
F-Prot 4.5.1.85 2010.03.29 -
F-Secure 9.0.15370.0 2010.03.30 -
Fortinet 4.0.14.0 2010.03.30 -
GData 19 2010.03.30 Win32:Trojan-gen
Ikarus T3.1.1.80.0 2010.03.30 -
Jiangmin 13.0.900 2010.03.30 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.30 -
McAfee 5935 2010.03.29 -
McAfee+Artemis 5935 2010.03.29 -
McAfee-GW-Edition 6.8.5 2010.03.30 -
Microsoft 1.5605 2010.03.30 -
NOD32 4985 2010.03.30 a variant of Win32/Agent.QQJ
Norman 6.04.10 2010.03.30 -
nProtect 2009.1.8.0 2010.03.30 Trojan/W32.Agent.497664.T
Panda 10.0.2.2 2010.03.29 -
PCTools 7.0.3.5 2010.03.30 -
Prevx 3.0 2010.03.30 High Risk Rootkit
Rising 22.41.01.03 2010.03.30 -
Sophos 4.52.0 2010.03.30 -
Sunbelt 6116 2010.03.30 -
Symantec 20091.2.0.41 2010.03.30 Suspicious.Insight
TheHacker 6.5.2.0.248 2010.03.30 -
TrendMicro 9.120.0.1004 2010.03.30 -
VBA32 3.12.12.2 2010.03.30 -
ViRobot 2010.3.30.2252 2010.03.30 Trojan.Win32.RT-Agent.497664
VirusBuster 5.0.27.0 2010.03.30 -
weitere Informationen
File size: 497664 bytes
MD5...: 981f238f0ecadb6a4b0914f647582546
SHA1..: a30e281d2754742575ad911c788cff576a06da7e
SHA256: fc5e083744557164c06395d9d83e37b0e8deb29ef71927ce12b76ba62b688843
ssdeep: 12288:BaxS3t1Q0yHe5NTG6C3B0nvG6aLwiwUBiUV/s8L:Bax+1Qd+HGJWe6/TUY
K/TL
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7a000
timedatestamp.....: 0x4b5470d2 (Mon Jan 18 14:31:46 2010)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5e1a 0x6000 6.39 4840ad584763561bdb1b3d3bd0f60731
.rdata 0x7000 0x71474 0x71600 7.85 b577e7d7405b27ee8fbd8436e03be518
.data 0x79000 0x47c 0x200 0.45 89e4da52dd689c522db3383c4544a658
INIT 0x7a000 0x71a 0x800 5.23 cab2bbb7cc4adad8fc38a29f250a7dbe
.rsrc 0x7b000 0x2c8 0x400 2.38 0a38e7eba72777dfff1f2ec6edf4fa8d
.reloc 0x7c000 0xe26 0x1000 4.19 7395b12a4f70412cac206325760214ad

( 2 imports )
> ntoskrnl.exe: ObReferenceObjectByHandle, ObOpenObjectByName, RtlInitUnicodeString, wcslen, wcscat, _alldiv, ExRaiseStatus, ExAllocatePoolWithTagPriority, ExFreePoolWithTag, RtlCopyUnicodeString, ExAllocatePoolWithTag, ZwQueryInformationProcess, RtlCompareUnicodeString, KeReleaseMutex, KeWaitForSingleObject, ZwSetInformationProcess, ZwDuplicateToken, ZwOpenProcessToken, ZwOpenProcess, ZwEnumerateKey, ZwDeleteKey, ZwOpenKey, wcsncat, ZwLoadDriver, ZwSetValueKey, ZwCreateKey, IoDeleteDevice, RtlImageDirectoryEntryToData, KeDetachProcess, KeAttachProcess, PsLookupProcessByProcessId, ZwAllocateVirtualMemory, ZwOpenFile, wcscpy, ObfDereferenceObject, ZwQueryInformationThread, ZwQuerySystemInformation, memmove, _local_unwind2, KeServiceDescriptorTable, KeInitializeMutex, ZwReadFile, ZwCreateFile, ZwSetInformationFile, ZwWriteFile, ZwQueryInformationFile, wcscmp, ZwQueryVolumeInformationFile, PsSetLoadImageNotifyRoutine, PsSetCreateProcessNotifyRoutine, ZwQueryValueKey, IofCompleteRequest, RtlImageNtHeader, IoCreateSymbolicLink, IoCreateDevice, swprintf, SeCreateClientSecurity, KeGetCurrentThread, KeQuerySystemTime, sprintf, ZwMapViewOfSection, ZwCreateSection, ZwUnmapViewOfSection, KeTickCount, KeBugCheckEx, ZwClose, _except_handler3, wcsncmp
> HAL.dll: KfRaiseIrql, KfLowerIrql, KeGetCurrentIrql

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=6F8428FF00DA13A5983C074541E5B3005AE06D06' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=6F8428FF00DA13A5983C074541E5B3005AE06D06</a>
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Microsoft Corporation
copyright....: n/a
product......: Microsoft_ Windows_ Operating System
description..: Windows interface driver
original name: n/a
internal name: n/a
file version.: 5.1.2600.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


und jetzt?

Alt 30.03.2010, 17:53   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/agent.ruo hat mich erwischt - Standard

TR/agent.ruo hat mich erwischt



Den Eintrag mit OSAM gelöscht (Delete from storage - steht in der Anleitung) ?


Bitte danach diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! )

Falls Du Probleme mit Malwarebytes hast (startet nicht, Updates laden nicht etc.), das hier beachten > http://www.trojaner-board.de/82699-m...tet-nicht.html

Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen!


Falls RSIT nicht startet: im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen

Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.

__________________
Logs bitte immer in CODE-Tags posten

Antwort

Themen zu TR/agent.ruo hat mich erwischt
avgnt.exe, avgntflt.sys, desktop.ini, diagnostics, home premium, jusched.exe, plug-in, programdata, registry key, safer networking, sptd.sys, start menu, tunnel, windows vista home



Ähnliche Themen: TR/agent.ruo hat mich erwischt


  1. Plus HD 4-2 hat mich erwischt, als Programmanhängsel :-(
    Plagegeister aller Art und deren Bekämpfung - 06.02.2014 (15)
  2. Hat es mich schon erwischt?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (6)
  3. 100 TAN Trojaner trojan.agent.iet :( mich hat es erwischt
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (2)
  4. Virus hat mich erwischt und mich Infiziert
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (3)
  5. BKA Trojana hat mich erwischt...
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (2)
  6. Gvu 2.07. Mich hats erwischt!
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (4)
  7. Bundespolizeitrojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (19)
  8. TR/agent.ruo - mich hats auch erwischt
    Plagegeister aller Art und deren Bekämpfung - 05.04.2010 (5)
  9. TR/Agent.ruo Mich hat es erwischt
    Plagegeister aller Art und deren Bekämpfung - 04.04.2010 (1)
  10. TR/Agent.ruo auch mich hats erwischt :-(
    Mülltonne - 30.03.2010 (1)
  11. auch mich hat der TR/Agent.ruo erwischt :(
    Plagegeister aller Art und deren Bekämpfung - 30.03.2010 (2)
  12. Mich hat's erwischt...
    Log-Analyse und Auswertung - 17.10.2008 (6)
  13. Mich hat es erwischt
    Plagegeister aller Art und deren Bekämpfung - 25.11.2006 (20)
  14. Mich hat's erwischt :(
    Log-Analyse und Auswertung - 15.12.2005 (2)
  15. Mich hat es erwischt! :-(
    Log-Analyse und Auswertung - 03.09.2005 (3)
  16. auch mich hat es erwischt!
    Log-Analyse und Auswertung - 05.03.2005 (2)
  17. Hat es mich erwischt?
    Antiviren-, Firewall- und andere Schutzprogramme - 03.06.2003 (3)

Zum Thema TR/agent.ruo hat mich erwischt - hallo auch mich hat es erwischt. ich habe auch schon osam ausgeführt und den post mit gleich dazu. was muß ich als nächstes machen? Report of OSAM : Autorun Manager - TR/agent.ruo hat mich erwischt...
Archiv
Du betrachtest: TR/agent.ruo hat mich erwischt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.