Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.03.2010, 13:23   #1
tkder1
 
Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden - Standard

Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden



Hallo liebe Comm...
auch ich muss mich in die Reihe der Infizierten stellen
Ich hänge mal den Osam Log dran...ich würde ja selber was fixen, weiß aber net richtig welche Datei...bzw. traue mich nicht
Deswegen hoffe ich einfach mal auf einen Kompetenzler, der mir hilft den Trojaner los zu werden
Vielen Dank im Voraus!

Zitat:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:41:10 on 31.03.2010
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Opera Software Opera Internet Browser 10.51
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Agnitum Ltd." - e:\agnitum\outpos~1\wl_hook.dll
"AppInit_DLLs" - "Adobe Systems, Inc." - C:\WINDOWS\system32\acaptuser32.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"1,5TB AKTivieren.job" - ? - D:\Downloads\Programmieren_zuHause\externe deaktivieren-reaktivieren\1,5TB AKTivieren.bat
"1,5TB DEaktivieren.job" - ? - D:\Downloads\Programmieren_zuHause\externe deaktivieren-reaktivieren\1,5TB DEaktivieren.bat
"Internetverbindung_prüfen.job" - ? - D:\Downloads\Programmieren_zuHause\Internetverbindung prüfen\I-net prüfen.bat
"NeroLiveEpgUpdate-TKDER1_Tobi.job" - "Nero AG" - E:\Nero\Nero 9\Nero Live\NeroLive.exe
"SofortAktualisierung BGInfo.job" - ? - J:\SIKO Extern250GB 18.02.2008\Appz\Microsoft SysInternals\BgInfo\SofortAktualisierung[1].exe (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl (File signed by Microsoft | File found, but it contains no detailed information)
"Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl
"razer.cpl" - "Razer Inc." - C:\WINDOWS\system32\razer.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal – Free Antivirus " - ? - E:\Avira\ANTIVI~1\avconfig.cpl (File not found)
"Avira AntiVir PersonalEdition Classic " - ? - E:\Avira\ANTIVI~1\avconfig.cpl (File not found)
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found)
"mlcfg32.cpl" - "Microsoft Corporation" - E:\OFFICE~1\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - E:\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl
"NokiaConnectionManager" - "Nokia" - E:\NOKIA\NOKIAP~1\CONNEC~1.CPL
"WISO Internet Security" - ? - C:\PROGRA~1\WISOIN~1\avconfig.cpl (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis TrueImage FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter (build 251)" (tdrpman251) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm251.sys
"actser" (actser) - "Siemens AG" - C:\WINDOWS\System32\drivers\actser.sys
"Ad-Watch Connect Kernel Filter" (Ad-Watch Connect Filter) - ? - C:\WINDOWS\system32\drivers\NSDriver.sys (File not found)
"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys
"afcdp" (afcdp) - "Acronis" - C:\WINDOWS\System32\DRIVERS\afcdp.sys
"afwcore" (afwcore) - "Agnitum Ltd." - C:\WINDOWS\System32\drivers\afwcore.sys
"Agnitum firewall driver" (afw) - "Agnitum Ltd." - C:\WINDOWS\System32\DRIVERS\afw.sys
"ajcbf72r" (ajcbf72r) - ? - C:\WINDOWS\system32\drivers\ajcbf72r.sys (Hidden registry entry, rootkit activity | File not found)
"AMD Special Tools Driver" (AmdTools) - "AMD, Inc." - C:\WINDOWS\System32\DRIVERS\AmdTools.sys
"aqd841y5" (aqd841y5) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\aqd841y5.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ASWFilt" (ASWFilt) - "Agnitum Ltd." - C:\WINDOWS\System32\Filt\ASWFilt.dll
"ATI T200 Unified AVStream service" (ATIAVAIW) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\atinavt2.sys
"ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"c1415" (c1415) - ? - C:\WINDOWS\system32\c1415.sys (File found, but it contains no detailed information)
"cdiskdun" (cdiskdun) - ? - C:\DOKUME~1\Tobi\LOKALE~1\Temp\cdiskdun.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"CO_Mon" (CO_Mon) - ? - C:\WINDOWS\system32\Drivers\CO_Mon.sys (File found, but it contains no detailed information)
"DSL-Manager Service" (TSMPacket) - ? - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys (File not found)
"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\dsltestSp5.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys
"GBDevice" (GBDevice) - ? - C:\WINDOWS\system32\drivers\GBDevice.sys (File not found)
"GBFSHook" (GBFSHook) - ? - C:\WINDOWS\system32\drivers\GBFSHook.sys (File not found)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information)
"GoBack2K" (GoBack2K) - ? - C:\WINDOWS\system32\drivers\GoBack2K.sys (File not found)
"GVCplDrv" (GVCplDrv) - ? - C:\WINDOWS\system32\drivers\GVCplDrv.sys (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"Icatch(IV) Still Camera Device" (USBCamera) - ? - C:\WINDOWS\System32\Drivers\Bulk533.sys (File not found)
"Icatch(IV) Video Camera Device" (Ca533av) - ? - C:\WINDOWS\System32\Drivers\Ca533av.sys (File not found)
"IwUSB" (IwUSB) - "TDi GmbH TechnoData - Interware" - C:\WINDOWS\System32\Drivers\IwUSB.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"LUMDriver" (LUMDriver) - "IBM" - C:\WINDOWS\system32\drivers\LUMDriver.sys
"ntiomin" (ntiomin) - ? - C:\WINDOWS\system32\drivers\ntiomin.sys (File not found)
"ntnbsw" (ntnbsw) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ntnbsw.sys
"nvatabus" (nvatabus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvatabus.sys
"NVR0Dev" (NVR0Dev) - ? - C:\WINDOWS\nvoclock.sys (File not found)
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCANDIS5" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\GEMEIN~1\T-Com\DSLCheck\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RivaTuner32" (RivaTuner32) - ? - E:\RivaTuner v2.24\RivaTuner32.sys (File found, but it contains no detailed information)
"SandBox" (SandBox) - "Agnitum Ltd." - C:\WINDOWS\System32\DRIVERS\SandBox.sys
"SANDRA" (SANDRA) - ? - E:\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys (File not found)
"siusbmod" (siusbmod) - ? - C:\WINDOWS\System32\DRIVERS\siusbmod.sys (File not found)
"SIWIO" (SIWIO) - ? - C:\WINDOWS\TEMP\SiwIo.sys (File found, but it contains no detailed information)
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"symlcbrd" (symlcbrd) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\symlcbrd.sys
"Team MFP Comm Driver" (DgiVecp) - "DeviceGuys, Inc." - C:\WINDOWS\System32\Drivers\DgiVecp.sys
"TerraTec H5 Capture service" (USB28xxBGA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emBDA.sys
"TerraTec H5 OEM service" (USB28xxOEM) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emOEM.sys
"TICalc" (TICalc) - ? - C:\WINDOWS\system32\drivers\TICalc.sys (File found, but it contains no detailed information)
"TVICHW32" (TVICHW32) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
"uigxrdr" (uigxrdr) - "GMX GmbH" - C:\WINDOWS\System32\DRIVERS\uigxrdr.sys
"USB 2.0 DVB-T/TV BOX" (M9207) - "ULi Electronics Inc." - C:\WINDOWS\System32\DRIVERS\M9207BDA.sys
"USB Camera Manager Plus" (OVT511Plus) - ? - C:\WINDOWS\System32\Drivers\omcamvid.sys (File not found)
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys
"vncdrv" (vncdrv) - "RDV Soft" - C:\WINDOWS\System32\DRIVERS\vncdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - D:\Downloads\Word u. Excel von Tobias\Sonstiges\Bilder\Wallpapers\BMW_041.jpg
"(1) Source" - ? - hxxp://www.finanzen.net/ (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{2256CF1E-D19C-2CD6-0205-080000070308} "StubPath" - ? - C:\WINDOWS\system32\common.exe (File not found)
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - E:\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - E:\Acronis\TrueImageHome\tishell.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - E:\Acronis\TrueImageHome\tishell.dll
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - E:\ALCOHO~1\AxShlex.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - E:\Office2003\Office12\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{709C6E11-538F-4759-86AC-6ACB302AA0DE} "Desktop Manager" - ? - C:\WINDOWS\system32\msvdm.dll (File found, but it contains no detailed information)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - E:\OFFICE~1\Office12\NAMEEXT.DLL
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - E:\Office2003\Office12\VISSHE.DLL
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - E:\ICQLite\ICQLite\ICQLiteShell.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - E:\Office2003\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - E:\OFFICE~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - E:\OFFICE~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - E:\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - E:\NOKIA\Nokia PC Suite 7\PhoneBrowser.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - E:\OFFICE~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{D6613619-EDAA-451e-AA0C-671737CF6022} "ShellContextMenuHandler Class" - "GMX GmbH" - E:\GMX Upload Manager\SHNDLERS.DLL
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{ED65AC21-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device" - ? - (File not found | COM-object registry key not found)
{ED65AC22-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device ContextMenuHandler" - ? - (File not found | COM-object registry key not found)
{ED65AC23-B24F-11d3-BA80-00C0CA16AA37} "Siemens SX1 PropertySheetHandler" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - E:\WinRaR\rarext.dll (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" - ? - (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "SOFTWIN" - C:\WINDOWS\BDOSCAN8\oscan82.ocx / hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
{E8F628B5-259A-4734-97EE-BA914D7BE941} "Driver Agent ActiveX Control" - "Touchstone Software Corp" - C:\WINDOWS\Downloaded Program Files\driveragent.ocx / hxxp://driveragent.com/files/driveragent.cab
{9D190AE6-C81E-4039-8061-978EBAD10073} "F-Secure Online Scanner 3.0" - "F-Secure Corporation" - C:\WINDOWS\Downloaded Program Files\fscax.dll / hxxp://support.f-secure.com/ols/fscax.cab
{0B79F48A-E8D6-11DB-9283-E25056D89593} "F-Secure Online Scanner 3.1" - "F-Secure Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fscax.dll / hxxp://support.f-secure.com/ols/fscax.cab
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1226930356
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} "McFreeScan Class" - "McAfee, Inc." - C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll / hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5936/mcfscan.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243235255546
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{BE833F39-1E0C-468C-BA70-25AAEE55775E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab.dll / hxxp://www.systemrequirementslab.com/sysreqlab.cab
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} "WScanCtl Class" - "CA" - C:\WINDOWS\Downloaded Program Files\webscan.dll / hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} "{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}" - ? - (File not found | COM-object registry key not found) / hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} "{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}" - ? - (File not found | COM-object registry key not found) / hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{DF9C24D1-030E-49ED-5EB5-D6610086C313} "{DF9C24D1-030E-49ED-5EB5-D6610086C313}" - ? - (File not found | COM-object registry key not found) / hxxp://www.miniclip.com/superstar_racing/ChatRepublicPlayer.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - E:\OFFICE~1\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - E:\SPYBOT~1\SDHelper.dll
"Exec" - ? - C:\WINDOWS\bdoscandel.exe (File found, but it contains no detailed information)
"ICQ Lite" - ? - E:\ICQLite\ICQLite\ICQLite.exe (File not found)
"ICQ7" - "ICQ, Inc." - E:\ICQ7.0\ICQ.exe
{A1A7E22D-1587-4230-8F16-081C68D21448} "Outpost Firewall Pro Quick Tune" - "Agnitum Ltd." - E:\Agnitum\Outpost Firewall Pro\ie_bar.dll
"PartyPoker.com" - ? - E:\PartyPoker\PartyPoker\RunApp.exe
"PartyPoker.net" - ? - E:\PartyPoker\PartyPokerNet\RunPF.exe (File not found)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - E:\OFFICE~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} "Contribute Toolbar" - "Adobe Systems Incorporated." - E:\Adobe\Adobe Contribute CS4\contributeieplugin.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
{AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - E:\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems Incorporated." - E:\Adobe\Adobe Contribute CS4\contributeieplugin.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - E:\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"CesarFTP.lnk" - "Alexandre Cesari" - E:\CesarFTP\CesarFTP.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"DynDNS Updater Tray Icon.lnk" - "Dynamic Network Services, Inc." - E:\DynDNS Updater\DynTray.exe (Shortcut exists | File exists)
"Outpost Firewall.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Outpost Firewall.lnk (Shortcut exists | File not found)
"Quicken 2010 Zahlungserinnerung.lnk" - "Lexware GmbH & Co. KG" - E:\Lexware\Quicken\2010\billmind.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\Autostart\desktop.ini
"Verknüpfung mit Bginfo.lnk" - "Sysinternals" - J:\SIKO Extern250GB 18.02.2008\Appz\Microsoft SysInternals\BgInfo\Bginfo.exe (Shortcut exists | File exists)
"Verknüpfung mit FTPStatus.lnk" - "TK" - D:\Downloads\Programmieren_zuHause\FTP Aktivitäten abfragen\FTPStatus\FTPStatus\bin\Release\FTPStatus.exe (Shortcut exists | File exists)
"Verknüpfung mit Zeitsteuerung alt.lnk" - "TK" - D:\Downloads\Programmieren_zuHause\Zeitsteuerung VB2008\Zeitsteuerung\Zeitsteuerung\bin\Release\Zeitsteuerung alt.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"NVIDIA nTune" - ? - "E:\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (File not found)
"Remote Control Editor" - "Elgato Systems" - "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"
"studNET-Autologin" - "Dossin-Brade GbR" - C:\WINDOWS\system32\studnet\studnet.exe /auto
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Shockwave Updater" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"hxxp://www.miniclip.com/games/down-hill-chill/de/"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"LexwareInfoService" - "Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - ? - nwiz.exe /installquiet (File not found)
"OSSelectorReinstall" - ? - C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe (File found, but it contains no detailed information)
"OutpostMonitor" - "Agnitum Ltd." - E:\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
"QuickTime Task" - "Apple Computer, Inc." - "E:\QuickTime\qttask.exe" -atboottime
"RivaTuner" - ? - "E:\RivaTuner v2.24\RivaTuner.exe" /T
"RivaTunerStartupDaemon" - ? - "E:\RivaTuner v2.24\RivaTuner.exe" /S
"RTSS" - ? - "E:\RivaTuner v2.24\Tools\RTSS\RTSS.exe" /s
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TrueImageMonitor.exe" - "Acronis" - E:\Acronis\TrueImageHome\TrueImageMonitor.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
"GMX MediaCenter" - "GMX GmbH" - C:\WINDOWS\System32\uigxnp.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Nonstop Backup service" (afcdpsrv) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Agnitum Client Security Service" (acssrv) - "Agnitum Ltd." - E:\Agnitum\OUTPOS~1\acs.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Backbone Service" (BBDemon) - "Dassault Systemes" - E:\CATIA\intel_a\code\bin\CATSysDemon.exe
"CesarFTP FTP Server" (CesarFTP) - ? - E:\CesarFTP\server.exe (File found, but it contains no detailed information)
"DynDNS Updater" (DynDNS Updater) - "Dynamic Network Services, Inc." - E:\DynDNS Updater\DynUpSvc.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"HDD & SSD access service" (HDD & SSD access service) - ? - "C:\Programme\Gemeinsame Dateien\BinarySense\disksvc.exe" (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"StarWind iSCSI Service" (StarWindService) - "Rocket Division Software" - E:\Alcohol 120\StarWind\StarWindService.exe
"StyleXPService" (StyleXPService) - ? - "C:\Programme\TGTSoft\StyleXP\StyleXPService.exe" (File not found)
"Symantec Core LC" (Symantec Core LC) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
"TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - E:\TeamViewer\Version4\TeamViewer_Service.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
"uvnc_service" (uvnc_service) - "UltraVNC" - E:\UltraVNC\winvnc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

Geändert von tkder1 (31.03.2010 um 14:17 Uhr)

Alt 31.03.2010, 15:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden - Standard

Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden



Hallo und

Code:
ATTFilter
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ntnbsw" (ntnbsw) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ntnbsw.sys
         
Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM, lass die Datei (falls noch vorhanden)


C:\WINDOWS\system32\drivers\ntnbsw.sys


bei https://www.virustotal.com auswerten und poste den Ergebnislink.
__________________

__________________

Alt 31.03.2010, 16:35   #3
tkder1
 
Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden - Standard

Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden



ok...erstmal vielen Dank.
Die Datei ist nach dem Neustart nicht wieder aufgetaucht!
Ist die Sache damit erledigt?

anbei noch der neue log:

Zitat:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:29:45 on 31.03.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Opera Software Opera Internet Browser 10.51

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Agnitum Ltd." - e:\agnitum\outpos~1\wl_hook.dll
"AppInit_DLLs" - "Adobe Systems, Inc." - C:\WINDOWS\system32\acaptuser32.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"1,5TB AKTivieren.job" - ? - D:\Downloads\Programmieren_zuHause\externe deaktivieren-reaktivieren\1,5TB AKTivieren.bat
"1,5TB DEaktivieren.job" - ? - D:\Downloads\Programmieren_zuHause\externe deaktivieren-reaktivieren\1,5TB DEaktivieren.bat
"Internetverbindung_prüfen.job" - ? - D:\Downloads\Programmieren_zuHause\Internetverbindung prüfen\I-net prüfen.bat
"NeroLiveEpgUpdate-TKDER1_Tobi.job" - "Nero AG" - E:\Nero\Nero 9\Nero Live\NeroLive.exe
"SofortAktualisierung BGInfo.job" - ? - J:\SIKO Extern250GB 18.02.2008\Appz\Microsoft SysInternals\BgInfo\SofortAktualisierung[1].exe (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl (File signed by Microsoft | File found, but it contains no detailed information)
"Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl
"razer.cpl" - "Razer Inc." - C:\WINDOWS\system32\razer.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal – Free Antivirus " - ? - E:\Avira\ANTIVI~1\avconfig.cpl (File not found)
"Avira AntiVir PersonalEdition Classic " - ? - E:\Avira\ANTIVI~1\avconfig.cpl (File not found)
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found)
"mlcfg32.cpl" - "Microsoft Corporation" - E:\OFFICE~1\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - E:\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl
"NokiaConnectionManager" - "Nokia" - E:\NOKIA\NOKIAP~1\CONNEC~1.CPL
"WISO Internet Security" - ? - C:\PROGRA~1\WISOIN~1\avconfig.cpl (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis TrueImage FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter (build 251)" (tdrpman251) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm251.sys
"actser" (actser) - "Siemens AG" - C:\WINDOWS\System32\drivers\actser.sys
"Ad-Watch Connect Kernel Filter" (Ad-Watch Connect Filter) - ? - C:\WINDOWS\system32\drivers\NSDriver.sys (File not found)
"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys
"af5ca4zg" (af5ca4zg) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\af5ca4zg.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"afcdp" (afcdp) - "Acronis" - C:\WINDOWS\System32\DRIVERS\afcdp.sys
"afwcore" (afwcore) - "Agnitum Ltd." - C:\WINDOWS\System32\drivers\afwcore.sys
"Agnitum firewall driver" (afw) - "Agnitum Ltd." - C:\WINDOWS\System32\DRIVERS\afw.sys
"ajphevqt" (ajphevqt) - ? - C:\WINDOWS\system32\drivers\ajphevqt.sys (Hidden registry entry, rootkit activity | File not found)
"AMD Special Tools Driver" (AmdTools) - "AMD, Inc." - C:\WINDOWS\System32\DRIVERS\AmdTools.sys
"ASWFilt" (ASWFilt) - "Agnitum Ltd." - C:\WINDOWS\System32\Filt\ASWFilt.dll
"ATI T200 Unified AVStream service" (ATIAVAIW) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\atinavt2.sys
"ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"c1415" (c1415) - ? - C:\WINDOWS\system32\c1415.sys (File found, but it contains no detailed information)
"cdiskdun" (cdiskdun) - ? - C:\DOKUME~1\Tobi\LOKALE~1\Temp\cdiskdun.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"CO_Mon" (CO_Mon) - ? - C:\WINDOWS\system32\Drivers\CO_Mon.sys (File found, but it contains no detailed information)
"DSL-Manager Service" (TSMPacket) - ? - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys (File not found)
"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\dsltestSp5.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys
"GBDevice" (GBDevice) - ? - C:\WINDOWS\system32\drivers\GBDevice.sys (File not found)
"GBFSHook" (GBFSHook) - ? - C:\WINDOWS\system32\drivers\GBFSHook.sys (File not found)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information)
"GoBack2K" (GoBack2K) - ? - C:\WINDOWS\system32\drivers\GoBack2K.sys (File not found)
"GVCplDrv" (GVCplDrv) - ? - C:\WINDOWS\system32\drivers\GVCplDrv.sys (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"Icatch(IV) Still Camera Device" (USBCamera) - ? - C:\WINDOWS\System32\Drivers\Bulk533.sys (File not found)
"Icatch(IV) Video Camera Device" (Ca533av) - ? - C:\WINDOWS\System32\Drivers\Ca533av.sys (File not found)
"IwUSB" (IwUSB) - "TDi GmbH TechnoData - Interware" - C:\WINDOWS\System32\Drivers\IwUSB.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"LUMDriver" (LUMDriver) - "IBM" - C:\WINDOWS\system32\drivers\LUMDriver.sys
"ntiomin" (ntiomin) - ? - C:\WINDOWS\system32\drivers\ntiomin.sys (File not found)
"nvatabus" (nvatabus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvatabus.sys
"NVR0Dev" (NVR0Dev) - ? - C:\WINDOWS\nvoclock.sys (File not found)
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCANDIS5" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\GEMEIN~1\T-Com\DSLCheck\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RivaTuner32" (RivaTuner32) - ? - E:\RivaTuner v2.24\RivaTuner32.sys (File found, but it contains no detailed information)
"SandBox" (SandBox) - "Agnitum Ltd." - C:\WINDOWS\System32\DRIVERS\SandBox.sys
"SANDRA" (SANDRA) - ? - E:\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys (File not found)
"siusbmod" (siusbmod) - ? - C:\WINDOWS\System32\DRIVERS\siusbmod.sys (File not found)
"SIWIO" (SIWIO) - ? - C:\WINDOWS\TEMP\SiwIo.sys (File found, but it contains no detailed information)
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"symlcbrd" (symlcbrd) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\symlcbrd.sys
"Team MFP Comm Driver" (DgiVecp) - "DeviceGuys, Inc." - C:\WINDOWS\System32\Drivers\DgiVecp.sys
"TerraTec H5 Capture service" (USB28xxBGA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emBDA.sys
"TerraTec H5 OEM service" (USB28xxOEM) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emOEM.sys
"TICalc" (TICalc) - ? - C:\WINDOWS\system32\drivers\TICalc.sys (File found, but it contains no detailed information)
"TVICHW32" (TVICHW32) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
"uigxrdr" (uigxrdr) - "GMX GmbH" - C:\WINDOWS\System32\DRIVERS\uigxrdr.sys
"USB 2.0 DVB-T/TV BOX" (M9207) - "ULi Electronics Inc." - C:\WINDOWS\System32\DRIVERS\M9207BDA.sys
"USB Camera Manager Plus" (OVT511Plus) - ? - C:\WINDOWS\System32\Drivers\omcamvid.sys (File not found)
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys
"vncdrv" (vncdrv) - "RDV Soft" - C:\WINDOWS\System32\DRIVERS\vncdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
(Disabled) "ntnbsw" (ntnbsw) - ? - C:\WINDOWS\system32\drivers\ntnbsw.sys (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - D:\Downloads\Word u. Excel von Tobias\Sonstiges\Bilder\Wallpapers\BMW_041.jpg
"(1) Source" - ? - hxxp://www.finanzen.net/ (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{2256CF1E-D19C-2CD6-0205-080000070308} "StubPath" - ? - C:\WINDOWS\system32\common.exe (File not found)
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - E:\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - E:\Acronis\TrueImageHome\tishell.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - E:\Acronis\TrueImageHome\tishell.dll
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - E:\ALCOHO~1\AxShlex.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - E:\Office2003\Office12\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{709C6E11-538F-4759-86AC-6ACB302AA0DE} "Desktop Manager" - ? - C:\WINDOWS\system32\msvdm.dll (File found, but it contains no detailed information)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - E:\OFFICE~1\Office12\NAMEEXT.DLL
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - E:\Office2003\Office12\VISSHE.DLL
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - E:\ICQLite\ICQLite\ICQLiteShell.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - E:\Office2003\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - E:\OFFICE~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - E:\OFFICE~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - E:\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - E:\NOKIA\Nokia PC Suite 7\PhoneBrowser.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - E:\OFFICE~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{D6613619-EDAA-451e-AA0C-671737CF6022} "ShellContextMenuHandler Class" - "GMX GmbH" - E:\GMX Upload Manager\SHNDLERS.DLL
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{ED65AC21-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device" - ? - (File not found | COM-object registry key not found)
{ED65AC22-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device ContextMenuHandler" - ? - (File not found | COM-object registry key not found)
{ED65AC23-B24F-11d3-BA80-00C0CA16AA37} "Siemens SX1 PropertySheetHandler" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - E:\WinRaR\rarext.dll (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" - ? - (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "SOFTWIN" - C:\WINDOWS\BDOSCAN8\oscan82.ocx / hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
{E8F628B5-259A-4734-97EE-BA914D7BE941} "Driver Agent ActiveX Control" - "Touchstone Software Corp" - C:\WINDOWS\Downloaded Program Files\driveragent.ocx / hxxp://driveragent.com/files/driveragent.cab
{9D190AE6-C81E-4039-8061-978EBAD10073} "F-Secure Online Scanner 3.0" - "F-Secure Corporation" - C:\WINDOWS\Downloaded Program Files\fscax.dll / hxxp://support.f-secure.com/ols/fscax.cab
{0B79F48A-E8D6-11DB-9283-E25056D89593} "F-Secure Online Scanner 3.1" - "F-Secure Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fscax.dll / hxxp://support.f-secure.com/ols/fscax.cab
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1226930356
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} "McFreeScan Class" - "McAfee, Inc." - C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll / hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5936/mcfscan.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243235255546
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{BE833F39-1E0C-468C-BA70-25AAEE55775E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab.dll / hxxp://www.systemrequirementslab.com/sysreqlab.cab
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} "WScanCtl Class" - "CA" - C:\WINDOWS\Downloaded Program Files\webscan.dll / hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} "{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}" - ? - (File not found | COM-object registry key not found) / hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} "{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}" - ? - (File not found | COM-object registry key not found) / hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{DF9C24D1-030E-49ED-5EB5-D6610086C313} "{DF9C24D1-030E-49ED-5EB5-D6610086C313}" - ? - (File not found | COM-object registry key not found) / hxxp://www.miniclip.com/superstar_racing/ChatRepublicPlayer.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - E:\OFFICE~1\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - E:\SPYBOT~1\SDHelper.dll
"Exec" - ? - C:\WINDOWS\bdoscandel.exe (File found, but it contains no detailed information)
"ICQ Lite" - ? - E:\ICQLite\ICQLite\ICQLite.exe (File not found)
"ICQ7" - "ICQ, Inc." - E:\ICQ7.0\ICQ.exe
{A1A7E22D-1587-4230-8F16-081C68D21448} "Outpost Firewall Pro Quick Tune" - "Agnitum Ltd." - E:\Agnitum\Outpost Firewall Pro\ie_bar.dll
"PartyPoker.com" - ? - E:\PartyPoker\PartyPoker\RunApp.exe
"PartyPoker.net" - ? - E:\PartyPoker\PartyPokerNet\RunPF.exe (File not found)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - E:\OFFICE~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} "Contribute Toolbar" - "Adobe Systems Incorporated." - E:\Adobe\Adobe Contribute CS4\contributeieplugin.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
{AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - E:\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems Incorporated." - E:\Adobe\Adobe Contribute CS4\contributeieplugin.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - E:\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"CesarFTP.lnk" - "Alexandre Cesari" - E:\CesarFTP\CesarFTP.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"DynDNS Updater Tray Icon.lnk" - "Dynamic Network Services, Inc." - E:\DynDNS Updater\DynTray.exe (Shortcut exists | File exists)
"Outpost Firewall.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Outpost Firewall.lnk (Shortcut exists | File not found)
"Quicken 2010 Zahlungserinnerung.lnk" - "Lexware GmbH & Co. KG" - E:\Lexware\Quicken\2010\billmind.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\Autostart\desktop.ini
"Verknüpfung mit Bginfo.lnk" - "Sysinternals" - J:\SIKO Extern250GB 18.02.2008\Appz\Microsoft SysInternals\BgInfo\Bginfo.exe (Shortcut exists | File exists)
"Verknüpfung mit FTPStatus.lnk" - "TK" - D:\Downloads\Programmieren_zuHause\FTP Aktivitäten abfragen\FTPStatus\FTPStatus\bin\Release\FTPStatus.exe (Shortcut exists | File exists)
"Verknüpfung mit Zeitsteuerung alt.lnk" - "TK" - D:\Downloads\Programmieren_zuHause\Zeitsteuerung VB2008\Zeitsteuerung\Zeitsteuerung\bin\Release\Zeitsteuerung alt.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"NVIDIA nTune" - ? - "E:\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (File not found)
"Remote Control Editor" - "Elgato Systems" - "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"
"studNET-Autologin" - "Dossin-Brade GbR" - C:\WINDOWS\system32\studnet\studnet.exe /auto
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Shockwave Updater" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"hxxp://www.miniclip.com/games/down-hill-chill/de/"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"LexwareInfoService" - "Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - ? - nwiz.exe /installquiet (File not found)
"OSSelectorReinstall" - ? - C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe (File found, but it contains no detailed information)
"OutpostMonitor" - "Agnitum Ltd." - E:\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
"QuickTime Task" - "Apple Computer, Inc." - "E:\QuickTime\qttask.exe" -atboottime
"RivaTuner" - ? - "E:\RivaTuner v2.24\RivaTuner.exe" /T
"RivaTunerStartupDaemon" - ? - "E:\RivaTuner v2.24\RivaTuner.exe" /S
"RTSS" - ? - "E:\RivaTuner v2.24\Tools\RTSS\RTSS.exe" /s
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TrueImageMonitor.exe" - "Acronis" - E:\Acronis\TrueImageHome\TrueImageMonitor.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
"GMX MediaCenter" - "GMX GmbH" - C:\WINDOWS\System32\uigxnp.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Nonstop Backup service" (afcdpsrv) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Agnitum Client Security Service" (acssrv) - "Agnitum Ltd." - E:\Agnitum\OUTPOS~1\acs.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Backbone Service" (BBDemon) - "Dassault Systemes" - E:\CATIA\intel_a\code\bin\CATSysDemon.exe
"CesarFTP FTP Server" (CesarFTP) - ? - E:\CesarFTP\server.exe (File found, but it contains no detailed information)
"DynDNS Updater" (DynDNS Updater) - "Dynamic Network Services, Inc." - E:\DynDNS Updater\DynUpSvc.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"HDD & SSD access service" (HDD & SSD access service) - ? - "C:\Programme\Gemeinsame Dateien\BinarySense\disksvc.exe" (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"StarWind iSCSI Service" (StarWindService) - "Rocket Division Software" - E:\Alcohol 120\StarWind\StarWindService.exe
"StyleXPService" (StyleXPService) - ? - "C:\Programme\TGTSoft\StyleXP\StyleXPService.exe" (File not found)
"Symantec Core LC" (Symantec Core LC) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
"TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - E:\TeamViewer\Version4\TeamViewer_Service.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
"uvnc_service" (uvnc_service) - "UltraVNC" - E:\UltraVNC\winvnc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
__________________

Alt 31.03.2010, 19:59   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden - Standard

Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden



Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.04.2010, 05:24   #5
tkder1
 
Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden - Standard

Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden



Guten Morgen,
hört sich ja gut an
Anbei schonmal der Scan von Malware den ich gestern mal vorsorglich gemacht hatte...
Der hatte natürlich noch was gefunden, habs aber löschen lassen, hoffe ich ^^
SuperAntiSpyware folgt im Laufe des Tages...

Zitat:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3937

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.03.2010 16:54:53
mbam-log-2010-03-31 (16-54-53).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 115556
Laufzeit: 12 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.


Alt 01.04.2010, 11:10   #6
tkder1
 
Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden - Standard

Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden



sooo...nach 5 mühsamen Stunden ist der Scan beendet...
hier die Log:

Zitat:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/01/2010 at 10:55 AM

Application Version : 4.35.1000

Core Rules Database Version : 4756
Trace Rules Database Version: 2568

Scan type : Complete Scan
Total Scan Time : 05:10:42

Memory items scanned : 583
Memory threats detected : 0
Registry items scanned : 7713
Registry threats detected : 0
File items scanned : 514040
File threats detected : 4

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Tobi\Cookies\tobi@atwola[3].txt
C:\Dokumente und Einstellungen\Tobi\Cookies\tobi@hlstatsx[2].txt

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\MSCC2DE.DLL

Unclassified.Monitor/ActualSpy
J:\SIKO EXTERN250GB 18.02.2008\APPZ\WINXP PLUS SPECIAL

PROGRAMS\PROGRAMME\MG11PRO\SUPPORT\MGGSTR32.DLL
Werde dann jetzt mal neustarten, damit alle Geschichten auch wirklich weg sind ...
Hab ich sonst noch was zu beachten? Ansonsten schonmal Vielen Dank!

Alt 01.04.2010, 11:46   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden - Standard

Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden



Ok. Berichte dann ob noch weitere Meldungen oder Probleme da sind, wenn nicht bist Du entlassen und kannst mal Deine Updates prüfen:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden
ad-watch, antivir, antivir guard, antivirus, antivirus scan, autorun, avira, browser, c:\windows\system32\rundll32.exe, c:\windows\temp, components, computer, desktop, desktop.ini, diagnostics, disk director, einstellungen, excel, fontcache, internet, internet browser, internet explorer, jusched.exe, lexware, logfile, malware, monitor, registry, registry key, remote control, rundll, safer networking, security, senden, server, shortcut, software, sptd.sys, symantec, usb 2.0, wallpapers, windows, windows xp, wiso



Ähnliche Themen: Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden


  1. Trojaner/Rootkit TR/Agent.37888.248 in C:\WINDOWS\system32\drivers\a127b2c0fb888938.sys
    Log-Analyse und Auswertung - 05.07.2014 (15)
  2. C:\Windows\System32\drivers\Wdf01000.sys - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (3)
  3. Trojaner TR/Agent.ruo in C:\Windows\system32\ntntlc.dll gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.01.2011 (44)
  4. Rootkit Agent in C:\WINDOWS\system32\drivers\lpvmtsvd.sys
    Plagegeister aller Art und deren Bekämpfung - 19.08.2010 (13)
  5. Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys
    Plagegeister aller Art und deren Bekämpfung - 19.06.2010 (7)
  6. Tr/rootkit.gen windows/system32/Drivers.lnuuf.sys (rootkit Agent)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (1)
  7. Rootkit.Agent../System32/Drivers/
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (46)
  8. Tr/Agent.ruo in C:\Windows\System32\drivers\d3dsviob.sys gefunden.
    Plagegeister aller Art und deren Bekämpfung - 25.05.2010 (11)
  9. Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys
    Plagegeister aller Art und deren Bekämpfung - 24.05.2010 (12)
  10. Rootkit RKIT/Bubnix.S in C:\Windows\System32\drivers\...sys gefunden
    Log-Analyse und Auswertung - 20.05.2010 (3)
  11. TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys
    Plagegeister aller Art und deren Bekämpfung - 09.04.2010 (8)
  12. Trojaner TR/Agent.ruo in C:\Windows\system32\ntntlc.dll gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.04.2010 (14)
  13. Rootkit.Win32.Agent.besn in system32\drivers\aec.sys / syspck32 im Autostart
    Plagegeister aller Art und deren Bekämpfung - 01.04.2010 (8)
  14. Rootkit.Agent im system32\drivers\qkavedba.sys
    Plagegeister aller Art und deren Bekämpfung - 14.03.2010 (1)
  15. Trojaner Rootkit unter c:/windows/system32/drivers/jkxpflaj.sys
    Plagegeister aller Art und deren Bekämpfung - 03.03.2010 (11)
  16. hartnäckiger Trojaner (TR/Agent.84992.9) in C:\Windows\System32\drivers\
    Plagegeister aller Art und deren Bekämpfung - 25.05.2009 (0)
  17. RKIT/Agent.483856 in C:\WINDOWS\system32\drivers\ntnxf.sys
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (1)

Zum Thema Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden - Hallo liebe Comm... auch ich muss mich in die Reihe der Infizierten stellen Ich hänge mal den Osam Log dran...ich würde ja selber was fixen, weiß aber net richtig welche - Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden...
Archiv
Du betrachtest: Trojaner DR/Agent.ruo in C:\Windows\system32\drivers\ntnbsw.sys gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.