Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.03.2010, 13:07   #1
theoburg26
 
Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll - Standard

Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll



Hey ho liebe Leute,
mich hat es erwischt, bzw. meinen PC und ich weiß nicht weiter...Die Logfile hänge ich an...
Das Problem ist ein Trojaner, welcher hier nicht unbekannt ist - Agent.ruo -, welcher sich in der ntndydr.dll festgesetzt hat...Ich bitte um Lösungsstrategien!
Als Antivierenprogramm steht Avira zur verfügung...
Bitte dringend um Hilfe + Danke im Vorraus!!!
LG

theo

post scriptum: - Logfile -

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:37:50 on 31.03.2010

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Bioscrypt Inc." - C:\windows\system32\APSHook.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"HPCeeScheduleForLena.job" - "Hewlett-Packard" - C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\windows\system32\hpaccelerometercp.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"HP 3D DriveGuard" - "Hewlett-Packard Corporation" - C:\windows\system32\hpaccelerometercp.CPL
"SoundMAX" - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\soundmax.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\windows\system32\Drivers\CVPNDRVA.sys
"d3dsmj" (d3dsmj) - "Microsoft Corporation" - C:\windows\system32\drivers\d3dsmj.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"RsvLock" (RsvLock) - "SafeBoot International" - C:\windows\system32\drivers\RsvLock.sys
"SafeBoot" (SafeBoot) - "SafeBoot International" - C:\windows\system32\drivers\SafeBoot.sys (File is exclusively opened, access blocked)
"SbAlg" (SbAlg) - "SafeBoot N.V." - C:\windows\system32\drivers\SbAlg.sys
"SbFsLock" (SbFsLock) - "SafeBoot International" - C:\windows\system32\drivers\SbFsLock.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{92644C80-C318-408A-9EDA-1B0C245D73A5} "File Sanitizer" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\windows\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\windows\Downloaded Program Files\JuniperSetupClient.ocx / https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" - ? - (File not found | COM-object registry key not found)
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
{0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - ? - C:\Program Files\AVG\AVG9\avgssie.dll (File not found)
{3134413B-49B4-425C-98A5-893C1F195601} "BHO_Startup Class" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} "Credential Manager for HP ProtectTools" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found)
{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} "{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} " - ? - (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.1.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"DVD Check.lnk" - "InterVideo Inc." - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"accrdsub" - "ActivIdentity" - "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CognizanceTS" - "Bioscrypt Inc." - rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
"File Sanitizer" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"PDF Complete" - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsty.exe
"PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"SoundMAX" - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
"StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WatchDog" - "InterVideo Inc." - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Universal Print Monitor" - "Hewlett-Packard" - C:\windows\system32\HPMPW081.DLL
"PDFC" - "PDF Complete, Inc." - C:\windows\system32\pdfc_port.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ActivClient Middleware Service" (accoca) - "ActivIdentity" - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Drive Encryption Service" (HpFkCryptService) - "SafeBoot International" - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
"File Sanitizer for HP ProtectTools" (HPFSService) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP ProtectTools Service" (HP ProtectTools Service) - "Hewlett-Packard Development Company, L.P" - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Juniper Network Connect Service" (dsNcService) - "Juniper Networks" - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Local Communication Channel" (ASChannel) - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll
"Logon Session Broker" (ASBroker) - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
"Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Program Files\MSN Messenger\usnsvc.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll
"PDF Document Manager" (pdfcDispatcher) - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 31.03.2010, 13:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll - Standard

Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll



hallo und

Code:
ATTFilter
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"d3dsmj" (d3dsmj) - "Microsoft Corporation" - C:\windows\system32\drivers\d3dsmj.sys
         
Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM und lass die Datei (falls noch vorhanden)

C:\windows\system32\drivers\d3dsmj.sys

bei https://www.Virustotal.com auswerten. Bitte dann Ergebnislink posten.
__________________

__________________

Alt 31.03.2010, 14:21   #3
theoburg26
 
Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll - Standard

Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll



So logfile 1:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:16:05 on 31.03.2010

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Bioscrypt Inc." - C:\windows\system32\APSHook.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"HPCeeScheduleForLena.job" - "Hewlett-Packard" - C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\windows\system32\hpaccelerometercp.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"HP 3D DriveGuard" - "Hewlett-Packard Corporation" - C:\windows\system32\hpaccelerometercp.CPL
"SoundMAX" - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\soundmax.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\windows\system32\Drivers\CVPNDRVA.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"RsvLock" (RsvLock) - "SafeBoot International" - C:\windows\system32\drivers\RsvLock.sys
"SafeBoot" (SafeBoot) - "SafeBoot International" - C:\windows\system32\drivers\SafeBoot.sys (File is exclusively opened, access blocked)
"SbAlg" (SbAlg) - "SafeBoot N.V." - C:\windows\system32\drivers\SbAlg.sys
"SbFsLock" (SbFsLock) - "SafeBoot International" - C:\windows\system32\drivers\SbFsLock.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys
(Disabled) "d3dsmj" (d3dsmj) - "Microsoft Corporation" - C:\windows\system32\drivers\d3dsmj.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{92644C80-C318-408A-9EDA-1B0C245D73A5} "File Sanitizer" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\windows\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\windows\Downloaded Program Files\JuniperSetupClient.ocx / https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" - ? - (File not found | COM-object registry key not found)
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
{0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - ? - C:\Program Files\AVG\AVG9\avgssie.dll (File not found)
{3134413B-49B4-425C-98A5-893C1F195601} "BHO_Startup Class" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} "Credential Manager for HP ProtectTools" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found)
{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} "{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} " - ? - (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.1.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"DVD Check.lnk" - "InterVideo Inc." - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"accrdsub" - "ActivIdentity" - "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CognizanceTS" - "Bioscrypt Inc." - rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
"File Sanitizer" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"PDF Complete" - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsty.exe
"PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"SoundMAX" - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
"StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WatchDog" - "InterVideo Inc." - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Universal Print Monitor" - "Hewlett-Packard" - C:\windows\system32\HPMPW081.DLL
"PDFC" - "PDF Complete, Inc." - C:\windows\system32\pdfc_port.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ActivClient Middleware Service" (accoca) - "ActivIdentity" - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Drive Encryption Service" (HpFkCryptService) - "SafeBoot International" - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
"File Sanitizer for HP ProtectTools" (HPFSService) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP ProtectTools Service" (HP ProtectTools Service) - "Hewlett-Packard Development Company, L.P" - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Juniper Network Connect Service" (dsNcService) - "Juniper Networks" - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Local Communication Channel" (ASChannel) - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll
"Logon Session Broker" (ASBroker) - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
"Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Program Files\MSN Messenger\usnsvc.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll
"PDF Document Manager" (pdfcDispatcher) - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

------------------------------------------------------------------------

Und Logfile 2:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.31 Downloader.Agent!IK
AhnLab-V3 5.0.0.2 2010.03.30 -
AntiVir 7.10.6.8 2010.03.31 -
Antiy-AVL 2.0.3.7 2010.03.31 -
Authentium 5.2.0.5 2010.03.31 -
Avast 4.8.1351.0 2010.03.31 Win32:Trojan-gen
Avast5 5.0.332.0 2010.03.31 Win32:Trojan-gen
AVG 9.0.0.787 2010.03.31 Rootkit-Agent.EI
BitDefender 7.2 2010.03.31 -
CAT-QuickHeal 10.00 2010.03.31 -
ClamAV 0.96.0.0-git 2010.03.31 -
Comodo 4449 2010.03.31 -
DrWeb 5.0.2.03300 2010.03.31 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7399 2010.03.31 -
F-Prot 4.5.1.85 2010.03.31 -
F-Secure 9.0.15370.0 2010.03.31 -
Fortinet 4.0.14.0 2010.03.30 -
GData 19 2010.03.31 Win32:Trojan-gen
Ikarus T3.1.1.80.0 2010.03.31 -
Jiangmin 13.0.900 2010.03.31 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.31 -
McAfee 5936 2010.03.30 -
McAfee+Artemis 5936 2010.03.30 -
McAfee-GW-Edition 6.8.5 2010.03.31 -
Microsoft 1.5605 2010.03.31 -
NOD32 4987 2010.03.31 a variant of Win32/Agent.QQJ
Norman 6.04.10 2010.03.31 -
nProtect 2009.1.8.0 2010.03.31 Trojan/W32.Agent.497664.T
Panda 10.0.2.2 2010.03.30 -
PCTools 7.0.3.5 2010.03.31 -
Prevx 3.0 2010.03.31 High Risk Rootkit
Rising 22.41.02.02 2010.03.31 -
Sophos 4.52.0 2010.03.31 -
Sunbelt 6120 2010.03.31 -
Symantec 20091.2.0.41 2010.03.31 Suspicious.Insight
TheHacker 6.5.2.0.248 2010.03.31 -
TrendMicro 9.120.0.1004 2010.03.31 -
VBA32 3.12.12.2 2010.03.30 -
ViRobot 2010.3.31.2254 2010.03.31 Trojan.Win32.RT-Agent.497664
VirusBuster 5.0.27.0 2010.03.31 -
weitere Informationen
File size: 497664 bytes
MD5...: 02d6ff9c831122bff506c16a8e595b16
SHA1..: 28099e9dee29a2c996994f04d0b526b155b7de58
SHA256: 896402e55c53360ba21b961f686deab066e26b579a158ff99aac721f78cb12fc
ssdeep: 12288:Pa1oSBamUbHkuNrGCQeOWK2sqLIbndktwGB2d:Pa6mZ+G+OWKfqLKndktw
GB2d
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7a000
timedatestamp.....: 0x4a7e146b (Sun Aug 09 00:12:27 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5e1a 0x6000 6.39 4840ad584763561bdb1b3d3bd0f60731
.rdata 0x7000 0x71474 0x71600 7.85 fb13d0c963ce5d00fd9427c85aae54c7
.data 0x79000 0x47c 0x200 0.47 a4a8a3393802a4e4d21f69d56bd48b33
INIT 0x7a000 0x71a 0x800 5.23 cab2bbb7cc4adad8fc38a29f250a7dbe
.rsrc 0x7b000 0x2c8 0x400 2.38 0a38e7eba72777dfff1f2ec6edf4fa8d
.reloc 0x7c000 0xe26 0x1000 4.19 7395b12a4f70412cac206325760214ad

( 2 imports )
> ntoskrnl.exe: ObReferenceObjectByHandle, ObOpenObjectByName, RtlInitUnicodeString, wcslen, wcscat, _alldiv, ExRaiseStatus, ExAllocatePoolWithTagPriority, ExFreePoolWithTag, RtlCopyUnicodeString, ExAllocatePoolWithTag, ZwQueryInformationProcess, RtlCompareUnicodeString, KeReleaseMutex, KeWaitForSingleObject, ZwSetInformationProcess, ZwDuplicateToken, ZwOpenProcessToken, ZwOpenProcess, ZwEnumerateKey, ZwDeleteKey, ZwOpenKey, wcsncat, ZwLoadDriver, ZwSetValueKey, ZwCreateKey, IoDeleteDevice, RtlImageDirectoryEntryToData, KeDetachProcess, KeAttachProcess, PsLookupProcessByProcessId, ZwAllocateVirtualMemory, ZwOpenFile, wcscpy, ObfDereferenceObject, ZwQueryInformationThread, ZwQuerySystemInformation, memmove, _local_unwind2, KeServiceDescriptorTable, KeInitializeMutex, ZwReadFile, ZwCreateFile, ZwSetInformationFile, ZwWriteFile, ZwQueryInformationFile, wcscmp, ZwQueryVolumeInformationFile, PsSetLoadImageNotifyRoutine, PsSetCreateProcessNotifyRoutine, ZwQueryValueKey, IofCompleteRequest, RtlImageNtHeader, IoCreateSymbolicLink, IoCreateDevice, swprintf, SeCreateClientSecurity, KeGetCurrentThread, KeQuerySystemTime, sprintf, ZwMapViewOfSection, ZwCreateSection, ZwUnmapViewOfSection, KeTickCount, KeBugCheckEx, ZwClose, _except_handler3, wcsncmp
> HAL.dll: KfRaiseIrql, KfLowerIrql, KeGetCurrentIrql

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Microsoft Corporation
copyright....: n/a
product......: Microsoft_ Windows_ Operating System
description..: Windows interface driver
original name: n/a
internal name: n/a
file version.: 5.1.2600.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=6F8428FF00DA13A5983C074541E5B3000838B301' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=6F8428FF00DA13A5983C074541E5B3000838B301</a>


Vielen Dank für deine Hilfe!
LG

Theo
__________________

Alt 31.03.2010, 15:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll - Standard

Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll



Ok. Die Datei kannste löschen.
Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.03.2010, 18:12   #5
theoburg26
 
Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll - Standard

Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll



Soll denn noch die ntndydr.dll gelöscht werden?

So die Log von Malwarebytes:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3937

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

31.03.2010 17:24:55
mbam-log-2010-03-31 (17-24-55).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 108400
Laufzeit: 8 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


-------------------------------------------------------------------------

Log von SUPERAntiSpyware:

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 03/31/2010 bei 06:02 PM

Version der Applikation : 4.35.1000

Version der Kern-Datenbank : 4753
Version der Spur-Datenbank : 2565

Scan Art : Schneller Scann
Totale Scann-Zeit : 00:34:58

Gescannte Speicherelemente : 985
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 528
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 24562
Erfasste Datei-Elemente : 0



Nochmals vielen Dank und LG

Theo


Alt 31.03.2010, 20:28   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll - Standard

Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll



Sehr schön, dann ist wohl wieder alles ok. Zeit um Updates zu prüfen:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
--> Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll

Antwort

Themen zu Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll
antivir, antivir guard, autorun, avg security toolbar, avira, bho, browser, components, conduit, desktop.ini, document, dringend, firefox, helper, hilfe trojaner, internet, internet explorer, jusched.exe, logfile, malware, mozilla, notification, ntndydr.dll, problem, programdata, programm, registry, registry key, safeboot.sys, security, shortcut, siteadvisor, software, start menu, system, tr/agent.ruo, trojaner, tunnel, vista, windows



Ähnliche Themen: Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll


  1. TR/AGent.131072.V Trojaner bitte hilfe beim Entfernen!!!
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (5)
  2. Bitte um HILFE!! BDS agent - Virus?! Trojaner?
    Mülltonne - 30.12.2008 (0)
  3. Wie bekomme ich den Trojaner Troj/ Agent - IJF vom Rechner los? Bitte um Hilfe
    Mülltonne - 11.12.2008 (3)
  4. -ich bräuchte mal bitte eure hilfe beim trojaner TR/Agent.CWS.20 -
    Log-Analyse und Auswertung - 22.09.2008 (4)
  5. Hilfe Trojaner TR/Agent.74081.A infziert
    Mülltonne - 06.09.2008 (0)
  6. Trojaner win32.agent.pz? Bitte um Hilfe
    Log-Analyse und Auswertung - 22.07.2008 (1)
  7. Hilfe TR/Agent.245760.7 (Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 16.05.2008 (20)
  8. Bräuchte Hilfe bei folgendem Trojaner: TR/Dldr.Agent.fiv
    Log-Analyse und Auswertung - 05.12.2007 (10)
  9. Hilfe - Trojaner-Downloader.Win32.Agent variant auf dem sys
    Log-Analyse und Auswertung - 30.10.2007 (1)
  10. Winlogon agent Trojaner, Hilfe!!
    Log-Analyse und Auswertung - 14.06.2007 (5)
  11. Trojaner RKit.Agent.DW.1 gefunden - bitte um Hilfe
    Log-Analyse und Auswertung - 05.03.2007 (6)
  12. Bitte Hilfe bei Trojaner! TR/Dldr.Agent.AM.16
    Log-Analyse und Auswertung - 03.03.2007 (3)
  13. BDS/Agent.ace /Trojaner/Hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 19.11.2006 (5)
  14. Hilfe böse Trojaner Dldr.Agent.uj.1, Pakes.A.267
    Plagegeister aller Art und deren Bekämpfung - 18.01.2006 (5)
  15. Trojaner W32/Agent.DRW- Hilfe!
    Log-Analyse und Auswertung - 13.07.2005 (1)
  16. Hilfe bei Trojaner TR/Dldr.agent.cb
    Log-Analyse und Auswertung - 05.03.2005 (6)
  17. Hilfe!habe Win32/Agent.AY Trojaner aud dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 09.12.2004 (6)

Zum Thema Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll - Hey ho liebe Leute, mich hat es erwischt, bzw. meinen PC und ich weiß nicht weiter...Die Logfile hänge ich an... Das Problem ist ein Trojaner, welcher hier nicht unbekannt ist - Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll...
Archiv
Du betrachtest: Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.