Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Agent.RUO kommt immer wieder, jetzt TR/Agent.RUO.6

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.04.2010, 08:55   #1
brasil
 
TR/Agent.RUO kommt immer wieder, jetzt TR/Agent.RUO.6 - Beitrag

TR/Agent.RUO kommt immer wieder, jetzt TR/Agent.RUO.6



Hallo zusammen,

ich hoffe mir kann hier jemand helfen. Habe mich schon durch das Forum gelesen aber leider werde ich dieses Ding nicht wirklich los.

Avira schlägt seit Tagen Alarm. Erst was es TR/Agent/ruo. Ich habe die betroffenen Dateien bei Avira hochgeladen und Entwarnung bekommen. Es sein ein Fehlalarm ihrerseits. Avira schlägt hierfür auch keinen Alarm mehr.
Dann war es TR/Agent.ruo.4 und TR/Agent.6 und hier heißt es von Avira das wäre Maleware.
Nachdem ich mich hier durch das Forum gelesen habe dachte ich ich wäre die Plagegeister los. Aber seit gestern Abend schlägt Avira wieder alarm.

Die betroffenen Dateien werden in Quarantäne verschoben und Avira gibt ruhe. Wenn der Rechner aber neu gestartet wird schlägt er wieder alarm. Bin langsam verzweifelt, da ich den Rechner beruflich nutze und das System ungern neu aufspielen möchte, da es einiges an Programmen ist.

Diesmal TR/Agent.RUO.6 in Datei:
C:\System Volume Information\_restore{26746DA5-BA96-407E-A4AB-79765E99C894}\RP260\A0012705.sys'.

Ich habe mich an die Anleitung hier im Forum gehalten und erst CC Cleaner, dann Malewarebytes und RSTI durchgeführt.
Zum Schsuss habe ich dann noch OSAM gestartet.

Ich hoffe ich habe alles richtig gemacht. Hier der Logfile.

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 08:37:08 on 02.04.2010
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries
Risk Name Publisher Full Path Status
Boot Execute
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
|||||| "BootExecute" C:\WINDOWS\system32\lsdelete.exe File found, but it contains no detailed information
Common
%SystemRoot%\Tasks
|||||| "Ad-Aware Update (Daily 1).job" "Lavasoft" C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe File exists
|||||| "Ad-Aware Update (Daily 2).job" "Lavasoft" C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe File exists
|||||| "Ad-Aware Update (Daily 3).job" "Lavasoft" C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe File exists
|||||| "Ad-Aware Update (Daily 4).job" "Lavasoft" C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe File exists
|||||| "Ad-Aware Update (Weekly).job" "Lavasoft" C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe File exists
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "1-Klick-Wartung.job" "TuneUp Software GmbH" C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
|||||| "MBLLNK.CPL" "AvantGo, Inc." C:\WINDOWS\system32\MBLLNK.CPL File exists
|||||| "nvtuicpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvtuicpl.cpl File exists
"plotman.cpl" "Autodesk, Inc." C:\WINDOWS\system32\plotman.cpl File exists
"styleman.cpl" "Autodesk, Inc." C:\WINDOWS\system32\styleman.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
"Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists
"Avira AntiVir PersonalEdition Classic" C:\PROGRA~1\ANTIVI~1\avconfig.cpl File not found
"Avira AntiVir PersonalEdition Classic Konfiguration" C:\PROGRA~1\ANTIVI~1\avconfig.cpl File not found
|||||| "Nero BurnRights" "Nero AG" C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl File exists
|||||| "SMAX3CP" "Analog Devices, Inc." C:\Programme\Analog Devices\SoundMAX\SMax3CP.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "AEGIS Protocol (IEEE 802.1x) v3.4.3.0" (AegisP) "Meetinghouse Data Communications" C:\WINDOWS\System32\DRIVERS\AegisP.sys File exists
|||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists
"avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists
"avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists
|||||| "Bluetooth Audio Service" (BlueletAudio) "IVT Corporation" C:\WINDOWS\System32\DRIVERS\blueletaudio.sys File exists
|||||| "Bluetooth HID Enumerator" (BTHidEnum) C:\WINDOWS\System32\DRIVERS\vbtenum.sys File found, but it contains no detailed information
|||||| "Bluetooth HID Manager Service" (BTHidMgr) "IVT Corporation" C:\WINDOWS\System32\Drivers\BTHidMgr.sys File exists
|||||| "Bluetooth PAN Network Adapter" (BT) "IVT Corporation" C:\WINDOWS\System32\DRIVERS\btnetdrv.sys File exists
|||||| "Bluetooth USB For Bluetooth Service" (Btcsrusb) "IVT Corporation" C:\WINDOWS\System32\Drivers\btcusb.sys File exists
|||||| "Bluetooth VComm Manager Service" (VcommMgr) "IVT Corporation" C:\WINDOWS\System32\Drivers\VcommMgr.sys File exists
"catchme" (catchme) C:\DOKUME~1\Heike\LOKALE~1\Temp\catchme.sys File not found
|||||| "CdaC15BA" (CdaC15BA) "Macrovision Europe Ltd" C:\WINDOWS\system32\drivers\CDAC15BA.SYS File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
|||||| "Lbd" (Lbd) "Lavasoft AB" C:\WINDOWS\System32\DRIVERS\Lbd.sys File exists
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
"mchInjDrv" (mchInjDrv) C:\WINDOWS\TEMP\mc21.tmp File not found
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
"PPP over ISDN" (NETPPPOI) C:\WINDOWS\System32\DRIVERS\NETPPPOI.SYS File not found
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
"ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists
|||||| "SyGate for NT, wg3n" (wg3n) "Sygate Technologies, Inc." C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys File exists
|||||| "Teefer for NT" (Teefer) "Sygate Technologies, Inc." C:\WINDOWS\System32\Drivers\Teefer.sys File exists
|||||| "Virtual Serial port driver" (VComm) "IVT Corporation" C:\WINDOWS\System32\DRIVERS\VComm.sys File exists
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
|||||| "wpsdrvnt" (wpsdrvnt) "Sygate Technologies, Inc." C:\WINDOWS\system32\drivers\wpsdrvnt.sys File exists
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" "Autodesk" C:\WINDOWS\system32\AcSignIcon.dll File exists
|||||| {AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" "Autodesk" C:\Programme\Gemeinsame Dateien\Autodesk Shared\Thumbnail\AcThumbnail16.dll File exists
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
|||||| {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" c:\WINDOWS\system32\mscoree.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\OFFICE11\msohev.dll File exists
|||||| {49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Wcesview.dll File exists
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" File not found | COM-object registry key not found
|||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" "Microsoft Corporation" C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL File exists
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists
|||||| {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" "TuneUp Software GmbH" C:\Programme\TuneUp Utilities 2006\sdshelex.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File found, but it contains no detailed information
Internet Explorer
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "Google Toolbar" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
"ITBarLayout" File not found | COM-object registry key not found
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
|||| {EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" "Yahoo! Inc." C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll File exists
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_17.dll File exists
|||| {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_17.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_17.dll File exists
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx File exists
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}"
hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab File not found | COM-object registry key not found
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}"
hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab File not found | COM-object registry key not found
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab File not found | COM-object registry key not found
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\INetRepl.dll File exists
|||| {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\INetRepl.dll File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| "Google Toolbar" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
|||| {B922D405-6D13-4A2B-AE89-08A030DA4402} "pdfforge Toolbar" "Spigot, Inc." C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File exists
|||| "Yahoo! Toolbar" "Yahoo! Inc." C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||| {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" "Yahoo! Inc." C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll File exists
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
|||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists
|||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
|||| {B922D405-6D13-4A2B-AE89-08A030DA4402} "pdfforge Toolbar" "Spigot, Inc." C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File exists
|||| {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" "Yahoo! Inc" C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File exists
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
|||| "Microsoft Office.lnk" "Microsoft Corporation" C:\Programme\Microsoft Office\Office10\OSA.EXE Shortcut exists | File exists
|||| "Ralink Wireless Utility.lnk" "Ralink Technology, Corp." C:\Programme\RALINK\Common\RaUI.exe Shortcut exists | File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\Heike\Startmenü\Programme\Autostart\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "H/PC Connection Agent" "Microsoft Corporation" "C:\Programme\Microsoft ActiveSync\wcescomm.exe" File exists
|||| "swg" "Google Inc." "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
"avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "NeroFilterCheck" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe File exists
|||| "nwiz" "NVIDIA Corporation" nwiz.exe /install File exists
|||| "SearchSettings" "Spigot, Inc." C:\Programme\pdfforge Toolbar\SearchSettings.exe File exists
|||||| "SmcService" "Sygate Technologies, Inc." C:\PROGRA~1\Sygate\SPF\smc.exe -startgui File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Programme\Java\jre6\bin\jusched.exe" File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
"Malwarebytes' Anti-Malware" "Malwarebytes Corporation" C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\WINDOWS\system32\mdimon.dll File exists
|||||| "PDFCreator" C:\WINDOWS\system32\pdfcmnnt.dll File found, but it contains no detailed information
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
"Anwendungsverwaltung" (AppMgmt) C:\WINDOWS\System32\appmgmts.dll File not found
|||| "Application Updater" (Application Updater) "Spigot, Inc." C:\Programme\Application Updater\ApplicationUpdater.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
"Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists
"Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists
|||||| "C-DillaCdaC11BA" (C-DillaCdaC11BA) "Macrovision" C:\WINDOWS\system32\drivers\CDAC11BA.EXE File exists
|||||| "FLEXnet Licensing Service" (FLEXnet Licensing Service) "Macrovision Europe Ltd." C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe File exists
|||| "Google Software Updater" (gusvc) "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe File exists
|||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) "Lavasoft" C:\Programme\Lavasoft\Ad-Aware\AAWService.exe File exists
|||||| "NBService" (NBService) "Nero AG" C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "SoundMAX Agent Service" (SoundMAX Agent Service (default)) "Analog Devices, Inc." C:\Programme\Analog Devices\SoundMAX\SMAgent.exe File exists
|||||| "Sygate Personal Firewall" (SmcService) "Sygate Technologies, Inc." C:\Programme\Sygate\SPF\smc.exe File exists
|||||| "TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) "TuneUp Software GmbH" C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
Winlogon
HKCU\Control Panel\Desktop
"SCRNSAVE.EXE" C:\WINDOWS\System32\WORLDC~1.SCR File not found
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
|||| "WgaLogon" "Microsoft Corporation" C:\WINDOWS\system32\WgaLogon.dll File exists


If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Ich hoffe ich bekomme hilfe und bedanke mich dafür schon einmal.

Gruss Heike

Geändert von brasil (02.04.2010 um 09:09 Uhr)

Alt 02.04.2010, 10:33   #2
brasil
 
TR/Agent.RUO kommt immer wieder, jetzt TR/Agent.RUO.6 - Standard

TR/Agent.RUO kommt immer wieder, jetzt TR/Agent.RUO.6



Avira hat gerade wieder alarm geschlagen:

'C:\System Volume Information\_restore{26746DA5-BA96-407E-A4AB-79765E99C894}\RP260\A0012854.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.RUO.4' [trojan]
__________________


Antwort

Themen zu TR/Agent.RUO kommt immer wieder, jetzt TR/Agent.RUO.6
ad-aware, antivir, antivir guard, antivirus, autorun, bho, browser, desktop, desktop.ini, document, einstellungen, fehlalarm, fontcache, gupdate, helper, home, internet, internet explorer, jusched.exe, kommt immer wieder, langsam, malware, malwarebytes' anti-malware, pdfcreator, pdfforge toolbar, registry, registry key, rundll, software, spigot, system, tr/agent.ruo.6, usb, warnung, windows, windows xp



Ähnliche Themen: TR/Agent.RUO kommt immer wieder, jetzt TR/Agent.RUO.6


  1. Windows 7 N: Comodo endeckt TrojWare.JS.Agent.PD@300743807 immer wieder in Firefox Unterordnern
    Log-Analyse und Auswertung - 11.07.2015 (5)
  2. DownloadProdekt kommt immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 03.11.2014 (21)
  3. dllhost.exe kommt immer wieder
    Log-Analyse und Auswertung - 06.09.2014 (5)
  4. Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden
    Log-Analyse und Auswertung - 04.02.2013 (15)
  5. GVU, Polizei, BKA Trojaner kommt immer und immer wieder
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (3)
  6. Es erstellt sich immer ein Ordner und er kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (1)
  7. Trojaner.Agent.AOFE kommt nach dem löschen immer wieder Windows 7 Ultimate x64
    Alles rund um Windows - 22.06.2010 (3)
  8. Rechner booted immer wieder neu - vermutlich Virus JAVA/Dldr.Agent.L daran Schuld
    Plagegeister aller Art und deren Bekämpfung - 06.04.2010 (9)
  9. TR/Agent.iob immer wieder im temp Ordner - wie krieg ich den weg ?
    Plagegeister aller Art und deren Bekämpfung - 12.11.2008 (1)
  10. Trojaner kommt immer wieder...
    Log-Analyse und Auswertung - 24.08.2008 (11)
  11. uEXci4uY.exe kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 11.07.2008 (22)
  12. win32.agent.qt kommt immer wieder! :(
    Plagegeister aller Art und deren Bekämpfung - 08.02.2008 (1)
  13. Trojaner kommt immer wieder!? / Agent.3200.A
    Plagegeister aller Art und deren Bekämpfung - 19.01.2008 (6)
  14. Fehler kommt immer wieder ...
    Antiviren-, Firewall- und andere Schutzprogramme - 22.12.2006 (2)
  15. BDS/Agent.YW taucht immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 29.06.2006 (4)
  16. Das Ding kommt immer wieder!!!
    Plagegeister aller Art und deren Bekämpfung - 20.05.2005 (61)

Zum Thema TR/Agent.RUO kommt immer wieder, jetzt TR/Agent.RUO.6 - Hallo zusammen, ich hoffe mir kann hier jemand helfen. Habe mich schon durch das Forum gelesen aber leider werde ich dieses Ding nicht wirklich los. Avira schlägt seit Tagen Alarm. - TR/Agent.RUO kommt immer wieder, jetzt TR/Agent.RUO.6...
Archiv
Du betrachtest: TR/Agent.RUO kommt immer wieder, jetzt TR/Agent.RUO.6 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.