Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner "TR/Agent.ruo"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.03.2010, 21:27   #1
multivitamin
 
Trojaner "TR/Agent.ruo" - Standard

Trojaner "TR/Agent.ruo"



Hallo,
Seit ein paar Tagen zeigt Antivir mir an, das ich 2 Trojaner habe.
1. TR/Agent.ruo in 'C:\System Volume Information\_restore{0A82D01C-C56E-4F7E-A5A4-6C096F46042B}\RP25\A0024520.dll'
und
2. TR/Agent.ruo in 'C:\System Volume Information\_restore{0A82D01C-C56E-4F7E-A5A4-6C096F46042B}\RP26\A0026526.dll'

Betriebssystem: WindowsXP Home mit SP 3
Antivir Software: Avira Antivir 10


Ich habe schon einen Scan mit Malwarbytes gemacht:
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3927
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.03.2010 21:46:37
mbam-log-2010-03-29 (21-46-24).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 184405
Laufzeit: 3 hour(s), 12 minute(s), 2 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)






und ein Logfile:






Logfile of random's system information tool 1.06 (written by random/random)
Run by Marvin at 2010-03-29 22:03:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 127 GB (84%) free of 152 GB
Total RAM: 1012 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:10, on 29.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\Gemeinsame Dateien\AOL\1267638333\ee\AOLSoftware.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
c:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\ViStart\ViStart.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\ViGlance\ViGlance.exe
C:\PROGRA~1\ViSplore\ViSplore.exe
C:\PROGRA~1\TRUETR~1\TRUETR~1.EXE
C:\PROGRA~1\WinFlip\WinFlip.exe
C:\DOKUME~1\Marvin\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\VISTAR~1\Rainbar.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Avira\AntiVir Desktop\avscan.exe
C:\Programme\Avira\AntiVir Desktop\avscan.exe
C:\Programme\Avira\AntiVir Desktop\avscan.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Marvin\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\trend micro\Marvin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Mediaplayer - {1536BA74-8625-4240-99B0-BE65883689C8} - C:\Programme\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LanTalk.NET] C:\Programme\CEZEO software\LanTalk NET\LanTalk.exe
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1267638333\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Programme\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [vilaunch] C:\WINDOWS\system32\vilaunch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Programme/Monopoly/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Programme/Monopoly/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: GtDetectSc - OptionNV - C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 9235 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan for Marvin.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-879983540-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-879983540-725345543-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1536BA74-8625-4240-99B0-BE65883689C8}]
Mediaplayer - C:\Programme\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll [2006-11-08 663040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-28 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-02-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Programme\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-02 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Programme\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-12-22 18789920]
"AzMixerSel"=C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe [2009-12-11 59936]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1044480]
"M3000Mnt"=M3000Rmv.dll ,WinMainRmv /StartStillMnt []
"SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-01-11 246504]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
"LanTalk.NET"=C:\Programme\CEZEO software\LanTalk NET\LanTalk.exe [2009-11-26 364224]
"HostManager"=C:\Programme\Gemeinsame Dateien\AOL\1267638333\ee\AOLSoftware.exe [2006-04-27 50760]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2010-01-22 141608]
"Share-to-Web Namespace Daemon"=c:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"DrvIcon"=C:\Programme\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]
"vilaunch"=C:\WINDOWS\system32\vilaunch.exe [2009-09-09 146412]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2010-03-28 202256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-10-09 25623336]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"viwc"=C:\WINDOWS\system32\viwc.exe [2009-11-30 360499]

C:\Dokumente und Einstellungen\Marvin\Startmenü\Programme\Autostart
OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Programme\Chilirec\chilirec.exe"="C:\Programme\Chilirec\chilirec.exe:*:Enabled:Chilirec"
"C:\Programme\CEZEO software\LanTalk NET\LanTalk.exe"="C:\Programme\CEZEO software\LanTalk NET\LanTalk.exe:*:Enabled:LanTalk NET Messenger"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Speak-A-Message\bin\SpeakAMessage.exe"="C:\Programme\Speak-A-Message\bin\SpeakAMessage.exe:*:Enabled:Speak-A-Message"
"C:\Programme\Speak-A-Message\updater.exe"="C:\Programme\Speak-A-Message\updater.exe:*:Enabled:Speak-A-Message Updater"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2031246a-21e8-11df-b641-00234da5b197}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d1d1f32-0e89-11df-b5f9-00234da5b197}]
shell\AutoRun\command - D:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-03-29 22:03:42 ----D---- C:\Programme\trend micro
2010-03-29 22:03:37 ----D---- C:\rsit
2010-03-29 18:30:11 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\Malwarebytes
2010-03-29 18:29:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-03-29 18:29:50 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-03-29 18:26:54 ----D---- C:\Programme\CCleaner
2010-03-28 20:09:17 ----A---- C:\WINDOWS\system32\unrar.dll
2010-03-28 20:09:15 ----A---- C:\WINDOWS\avisplitter.ini
2010-03-28 20:09:10 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-03-28 20:09:10 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-03-28 20:09:10 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-03-28 20:09:03 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-03-28 20:09:03 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-03-28 20:08:57 ----D---- C:\Programme\K-Lite Codec Pack
2010-03-28 20:03:21 ----A---- C:\WINDOWS\WatchTVProEx.ini
2010-03-28 20:03:18 ----A---- C:\WINDOWS\MSBDA.INI
2010-03-28 20:00:01 ----D---- C:\Programme\WatchTVPro Essential
2010-03-28 18:47:30 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-28 18:46:48 ----D---- C:\Programme\Lavasoft
2010-03-28 18:46:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2010-03-28 18:25:17 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-03-28 18:25:02 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-03-28 18:25:02 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-03-28 18:24:46 ----D---- C:\Programme\Gemeinsame Dateien\xing shared
2010-03-28 18:24:00 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-03-28 18:23:54 ----D---- C:\Programme\Gemeinsame Dateien\Real
2010-03-28 18:23:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real
2010-03-28 18:23:50 ----D---- C:\Programme\Real
2010-03-28 18:23:14 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\Real
2010-03-28 18:12:23 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-03-28 18:11:11 ----D---- C:\WINDOWS\Prefetch
2010-03-28 18:01:38 ----D---- C:\Programme\Mediapiraten
2010-03-28 17:54:55 ----D---- C:\WINDOWS\Driver Cache
2010-03-28 17:47:50 ----D---- C:\WINDOWS\ServicePackFiles
2010-03-28 17:45:38 ----A---- C:\WINDOWS\000001_.tmp
2010-03-25 19:39:32 ----D---- C:\Programme\Pinnacle
2010-03-25 19:37:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
2010-03-25 19:10:44 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\Speak-A-Message
2010-03-25 19:10:05 ----D---- C:\Programme\Speak-A-Message
2010-03-25 19:09:10 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\Inventivio
2010-03-21 20:58:33 ----D---- C:\WINDOWS\system32\VIRepair
2010-03-21 20:58:32 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\ViStart
2010-03-21 20:58:32 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\ViSplore
2010-03-21 20:58:16 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\ViGlance
2010-03-21 20:55:22 ----A---- C:\WINDOWS\system32\viwc.exe
2010-03-21 20:55:22 ----A---- C:\WINDOWS\system32\vilaunch.exe
2010-03-21 20:55:21 ----D---- C:\Programme\ViSplore
2010-03-21 20:55:21 ----D---- C:\Programme\TrueTransparency
2010-03-21 20:55:19 ----D---- C:\Programme\WinFlip
2010-03-21 20:55:18 ----D---- C:\Programme\ViStart
2010-03-21 20:55:18 ----D---- C:\Programme\Vista Rainbar
2010-03-21 20:55:18 ----D---- C:\Programme\ViGlance
2010-03-21 20:55:16 ----D---- C:\Programme\Vista Drive Icon
2010-03-21 20:47:27 ----D---- C:\WINDOWS\system32\VITrans
2010-03-21 20:47:25 ----D---- C:\VTPFiles
2010-03-21 20:47:25 ----A---- C:\WINDOWS\system32\Uharc.exe
2010-03-21 20:47:25 ----A---- C:\WINDOWS\system32\reico.exe
2010-03-21 20:47:25 ----A---- C:\WINDOWS\system32\moveex.exe
2010-03-21 20:47:25 ----A---- C:\WINDOWS\system32\modifype.exe
2010-03-21 20:47:24 ----A---- C:\WINDOWS\system32\pskill.exe
2010-03-21 20:47:04 ----A---- C:\WINDOWS\system32\scrnrdr.exe
2010-03-21 20:25:27 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\Styler
2010-03-21 20:20:01 ----D---- C:\Programme\Styler
2010-03-14 11:34:39 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\Hewlett-Packard
2010-03-14 11:33:52 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\Ordner HP Share-to-Web
2010-03-14 11:32:54 ----D---- C:\Programme\Gemeinsame Dateien\Hewlett-Packard
2010-03-14 11:32:41 ----D---- C:\Programme\Hewlett-Packard
2010-03-14 11:31:02 ----D---- C:\col3927
2010-03-12 14:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-11 17:55:44 ----D---- C:\WINDOWS\Sun
2010-03-09 15:30:22 ----D---- C:\Programme\GameTop.com
2010-03-09 15:07:10 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-03-09 15:07:09 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-03-08 21:56:59 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\Apple Computer
2010-03-08 21:56:33 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-03-08 21:55:34 ----D---- C:\Programme\iPod
2010-03-08 21:55:25 ----D---- C:\Programme\iTunes
2010-03-08 21:55:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-08 21:54:53 ----D---- C:\Programme\Bonjour
2010-03-08 21:53:58 ----D---- C:\Programme\QuickTime
2010-03-08 21:53:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-03-08 21:53:29 ----D---- C:\Programme\Apple Software Update
2010-03-08 21:53:15 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2010-03-08 21:52:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2010-03-08 21:52:13 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2010-03-03 19:45:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AOL
2010-03-03 19:45:31 ----D---- C:\Programme\Gemeinsame Dateien\AOL
2010-03-03 19:45:25 ----D---- C:\Programme\AOL

======List of files/folders modified in the last 1 months======

2010-03-29 22:03:42 ----RD---- C:\Programme
2010-03-29 20:51:42 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\Skype
2010-03-29 20:42:44 ----D---- C:\WINDOWS\Temp
2010-03-29 19:43:51 ----SD---- C:\WINDOWS\Tasks
2010-03-29 18:29:56 ----D---- C:\WINDOWS\system32\drivers
2010-03-29 18:28:51 ----D---- C:\WINDOWS\Debug
2010-03-29 18:28:51 ----D---- C:\WINDOWS
2010-03-29 18:28:49 ----D---- C:\WINDOWS\Minidump
2010-03-29 18:16:57 ----D---- C:\WINDOWS\system32
2010-03-29 14:48:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-29 14:47:09 ----D---- C:\Programme\Mozilla Firefox
2010-03-29 10:08:39 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-29 10:06:53 ----HD---- C:\WINDOWS\inf
2010-03-29 10:06:50 ----D---- C:\Programme\Messenger
2010-03-28 20:01:16 ----SHD---- C:\WINDOWS\Installer
2010-03-28 18:52:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-28 18:47:50 ----D---- C:\WINDOWS\WinSxS
2010-03-28 18:24:46 ----D---- C:\Programme\Gemeinsame Dateien
2010-03-28 18:24:01 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-03-28 18:24:01 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-03-28 18:16:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-28 18:09:58 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-03-28 18:02:26 ----D---- C:\WINDOWS\security
2010-03-28 17:54:56 ----D---- C:\WINDOWS\Help
2010-03-28 17:54:56 ----D---- C:\Programme\Windows Media Player
2010-03-28 17:47:50 ----D---- C:\WINDOWS\Media
2010-03-28 17:47:49 ----D---- C:\WINDOWS\system32\Restore
2010-03-28 17:47:49 ----D---- C:\Programme\Outlook Express
2010-03-28 17:47:47 ----D---- C:\WINDOWS\system32\oobe
2010-03-28 17:45:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-28 17:45:11 ----D---- C:\WINDOWS\EHome
2010-03-28 16:45:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-25 19:51:07 ----A---- C:\WINDOWS\emMON.exe
2010-03-25 19:39:47 ----HD---- C:\Programme\InstallShield Installation Information
2010-03-21 20:57:16 ----D---- C:\Programme\Internet Explorer
2010-03-21 20:55:22 ----RSD---- C:\WINDOWS\Fonts
2010-03-21 20:55:16 ----D---- C:\WINDOWS\Cursors
2010-03-14 11:33:35 ----A---- C:\WINDOWS\win.ini
2010-03-12 19:42:42 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\skypePM
2010-03-12 14:15:53 ----D---- C:\Programme\Movie Maker
2010-03-12 14:15:29 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-11 09:38:04 ----D---- C:\Programme\phase5
2010-03-10 19:38:59 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\Identities
2010-03-05 19:16:51 ----D---- C:\Dokumente und Einstellungen\Marvin\Anwendungsdaten\Chilirec
2010-03-05 19:08:00 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2010-03-02 07:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-01 18:21:25 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-03-14 82380]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\athw.sys [2008-08-20 1318464]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-12-22 6039072]
R3 M3000Srv;Acer Crystal Eye webcam Driver; C:\WINDOWS\System32\Drivers\M3000KNT.sys [2008-05-05 254976]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-04-25 225024]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 kbdqlt;kbdqlt; \??\C:\WINDOWS\system32\drivers\kbdqlt.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USB28xxBGA;PCTV 330e/8x0e Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2010-03-25 540288]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2010-03-25 443520]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 GtDetectSc;GtDetectSc; C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe [2008-04-30 200704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-02-02 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-03-28 1263728]
R2 SeaPort;SeaPort; C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-01-22 545576]
S2 gvxuufuhs;ihfaze; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety-Dienst; C:\Programme\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------






Ich hoffe es kann mir jemand helfen.
Vielen Dank im Voraus.
Multivitamin

Alt 29.03.2010, 22:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "TR/Agent.ruo" - Standard

Trojaner "TR/Agent.ruo"



Hallo und

Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:



3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
ATTFilter
files to delete:
C:\WINDOWS\system32\viwc.exe
C:\WINDOWS\system32\vilaunch.exe
C:\WINDOWS\000001_.tmp
C:\WINDOWS\system32\drivers\kbdqlt.sys

drivers to delete:
kbdqlt
         
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken

9.) EIn Log mit OSAM erstellen und posten
__________________

__________________

Alt 30.03.2010, 10:20   #3
multivitamin
 
Trojaner "TR/Agent.ruo" - Standard

Trojaner "TR/Agent.ruo"



Hallo,
vielen Dank schon mal für die schnelle Hilfe.

Hier nun die Logfile von Awanger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\viwc.exe" deleted successfully.
File "C:\WINDOWS\system32\vilaunch.exe" deleted successfully.
File "C:\WINDOWS\000001_.tmp" deleted successfully.
File "C:\WINDOWS\system32\drivers\kbdqlt.sys" deleted successfully.
Driver "kbdqlt" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


hier die Datei C:\Avanger\Backup.zi:
hxxp://www.file-upload.net/download-2391676/backup.zip.html

Und die Log mit Osam:



Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:14:20 on 30.03.2010
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "AppleSoftwareUpdate.job" "Apple Inc." C:\Programme\Apple Software Update\SoftwareUpdate.exe File exists
"Ad-Aware Update (Weekly).job" "Lavasoft " C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe File exists
|||||| "Norton Security Scan for Marvin.job" "Symantec Corporation" C:\Programme\Norton Security Scan\Engine\2.3.0.44\Nss.exe File exists
"RealUpgradeLogonTaskS-1-5-21-1390067357-879983540-725345543-1004.job" "RealNetworks, Inc." C:\Programme\Real\RealUpgrade\realupgrade.exe File exists
"RealUpgradeScheduledTaskS-1-5-21-1390067357-879983540-725345543-1004.job" "RealNetworks, Inc." C:\Programme\Real\RealUpgrade\realupgrade.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
"main.cpl" "Microsoft Corporation" C:\WINDOWS\system32\main.cpl File exists
|||||| "telephon.cpl" "Microsoft Corporation" C:\WINDOWS\system32\telephon.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists
|||||| "QuickTime" "Apple Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "AFS2k" (AFS2K) "Oak Technology Inc." C:\WINDOWS\system32\drivers\AFS2K.sys File exists
|||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
|||||| "FssFltr" (fssfltr) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys File exists
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
|||||| "Lbd" (Lbd) "Lavasoft AB" C:\WINDOWS\System32\DRIVERS\Lbd.sys File exists
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install File exists
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" "Microsoft Corporation" regsvr32.exe /s /n /i:U shell32.dll File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll File exists
|||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Programme\Windows Live\Mail\mailcomm.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" "Microsoft Corporation" C:\WINDOWS\system32\shell32.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Programme\7-Zip\7-zip.dll File exists
|||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Programme\Windows Live\Mail\mailcomm.dll File exists
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Programme\iTunes\iTunesMiniPlayer.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" File not found | COM-object registry key not found
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {A4DF5659-0801-4A60-9607-1C48695EFDA9} "Ordner HP Share-to-Web" "Hewlett-Packard" c:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL File exists
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." C:\Programme\Real\RealPlayer\rpshell.dll File exists
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists
{0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" "Microsoft Corporation" C:\WINDOWS\system32\shell32.dll File exists
|||||| {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
Internet Explorer
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
"&Links" "Microsoft Corporation" C:\WINDOWS\system32\SHELL32.dll File exists
|||| "&Windows Live Toolbar" "Microsoft Corporation" C:\Programme\Windows Live\Toolbar\wltcore.dll File exists
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
"ITBarLayout" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
{CC450D71-CC90-424C-8638-1F2DBAC87A54} "ArmHelper Control"
file:///C:/Programme/Monopoly/Images/armhelper.ocx ./Images/armhelper.ocx File not found
DirectAnimation Java Classes "DirectAnimation Java Classes"
file://C:\WINDOWS\Java\classes\dajava.cab File not found | COM-object registry key not found
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_18.dll File exists
|||| {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_18.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_18.dll File exists
Microsoft XML Parser for Java "Microsoft XML Parser for Java"
file://C:\WINDOWS\Java\classes\xmldso.cab File not found | COM-object registry key not found
|| {149E45D8-163E-4189-86FC-45022AB2B6C9} "SpinTop DRM Control"
file:///C:/Programme/Monopoly/Images/stg_drm.ocx "SpinTop Media Inc." C:\WINDOWS\DOWNLO~1\stg_drm.ocx File exists
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}"
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" "Microsoft Corporation" C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| "&Windows Live Toolbar" "Microsoft Corporation" C:\Programme\Windows Live\Toolbar\wltcore.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists
|||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
|| {1536BA74-8625-4240-99B0-BE65883689C8} "Mediaplayer" C:\Programme\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll File found, but it contains no detailed information
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer" C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File exists
|| {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" "Microsoft Corporation" C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
|||| {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" "Microsoft Corporation" C:\Programme\Windows Live\Toolbar\wltcore.dll File exists
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" File not found | COM-object registry key not found
Known DLLs
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
"shell32" "Microsoft Corporation" C:\WINDOWS\system32\shell32.dll File exists
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\Marvin\Startmenü\Programme\Autostart\desktop.ini File exists
"OpenOffice.org 3.2.lnk" C:\Programme\OpenOffice.org 3\program\quickstart.exe Shortcut exists | File found, but it contains no detailed information | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "msnmsgr" "Microsoft Corporation" "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background File exists
|||| "Skype" "Skype Technologies S.A." "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized File exists
"viwc" C:\WINDOWS\system32\viwc.exe File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
|||||| "avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists
"AzMixerSel" "Realtek Semiconductor Corp." C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe File exists
|||| "DrvIcon" "artArmin" C:\Programme\Vista Drive Icon\DrvIcon.exe File exists
"HostManager" "America Online, Inc." C:\Programme\Gemeinsame Dateien\AOL\1267638333\ee\AOLSoftware.exe File exists
"iTunesHelper" "Apple Inc." "C:\Programme\iTunes\iTunesHelper.exe" File exists
"LanTalk.NET" "CEZEO software Ltd." C:\Programme\CEZEO software\LanTalk NET\LanTalk.exe File exists
|| "M3000Mnt" Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt File signed by Microsoft | File found, but it contains no detailed information
|||| "QuickTime Task" "Apple Inc." "C:\Programme\QuickTime\qttask.exe" -atboottime File exists
|||| "Share-to-Web Namespace Daemon" "Hewlett-Packard" c:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" File exists
"TkBellExe" "RealNetworks, Inc." "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot File exists
"vilaunch" C:\WINDOWS\system32\vilaunch.exe File not found
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "novaPDF Server OEM 6 Monitor" "Softland" C:\WINDOWS\system32\novamnv6.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
"Anwendungsverwaltung" (AppMgmt) C:\WINDOWS\System32\appmgmts.dll File not found
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists
|||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Programme\Bonjour\mDNSResponder.exe File exists
|||||| "GtDetectSc" (GtDetectSc) "OptionNV" C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe File exists
"ihfaze" (gvxuufuhs) C:\WINDOWS\system32\fvkqb.dll File not found
"iPod-Dienst" (iPod Service) "Apple Inc." C:\Programme\iPod\bin\iPodService.exe File exists
|||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) "Lavasoft" C:\Programme\Lavasoft\Ad-Aware\AAWService.exe File exists
|||||| "SeaPort" (SeaPort) "Microsoft Corporation" C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Live Family Safety-Dienst" (fsssvc) "Microsoft Corporation" C:\Programme\Windows Live\Family Safety\fsssvc.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Programme\Bonjour\mdnsNSP.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru



Vilene Dank im Voraus.

Multivitamin
__________________

Alt 30.03.2010, 10:55   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "TR/Agent.ruo" - Standard

Trojaner "TR/Agent.ruo"



Das Rootkit hätten wir. Quakt der Virenscanner noch?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.03.2010, 12:11   #5
multivitamin
 
Trojaner "TR/Agent.ruo" - Standard

Trojaner "TR/Agent.ruo"



Hallo,
wenn ich meinen PC neu starte und Firefox öffnen meldet sich Antivir nicht mehr. Ich habe gerade eine Systemprüfung mit Antivir gemacht. Dabei wurden beide Trojaner wieder gefunden.

Multivitamin


Alt 30.03.2010, 12:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "TR/Agent.ruo" - Standard

Trojaner "TR/Agent.ruo"



Dann löschen. Deaktiviere auch die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.
__________________
--> Trojaner "TR/Agent.ruo"

Alt 30.03.2010, 15:15   #7
multivitamin
 
Trojaner "TR/Agent.ruo" - Standard

Trojaner "TR/Agent.ruo"



Ich habe jetzt den Trojaner mit AntiVir gelöscht. Danach habe ich eine neue Systemüberprüfung gemacht. Jetzt wird nichts mehr gefunden. Ist der Trojaner jetzt komplett gelöscht?



Vielen Dank.

Multivitamin

Alt 30.03.2010, 15:25   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "TR/Agent.ruo" - Standard

Trojaner "TR/Agent.ruo"



Jo, die Logs sind nun ok.
Du kannst ja noch Kontrollscans mit Malwarebytes und SUPERAntiSpyware machen und die Logs posten.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.03.2010, 15:35   #9
multivitamin
 
Trojaner "TR/Agent.ruo" - Standard

Trojaner "TR/Agent.ruo"



Danke für die Hilfe.

Multivitamin

Antwort

Themen zu Trojaner "TR/Agent.ruo"
ad-aware, adobe, antivir, antivir guard, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, desktop, einstellungen, firefox, fontcache, hijack.system.hidden, hijackthis, hkus\s-1-5-18, home, installation, logfile, mozilla, plug-in, realtek, registry, rundll, scan, security, security scan, shell32.dll, skype.exe, software, symantec, system, trojaner, windows xp




Ähnliche Themen: Trojaner "TR/Agent.ruo"


  1. "TR/Dldr.Agent.1169920.4 in c:\windows\temp\db22.exe" & "ADWARE\InstallCore.771128 in c:\Users\Julian\Downloads\openal-2.0.7.0.exe"
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (9)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  4. Trojaner PUP.LoadTubes / Trojan.Agent/Gen-Nullo bei "Routinescan" gefunden - gefährlich?
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (31)
  5. Jeden Tag neue Viren/Trojaner! Heute: "TR/Agent.1712.2"
    Log-Analyse und Auswertung - 07.08.2012 (21)
  6. Trojaner "TR/Dldr.Agent.143360" und Fragen zu Datensicherung
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (5)
  7. Generelle Frage zu bestimmten Trojaner "Trojan.Win32.Agent"
    Log-Analyse und Auswertung - 06.12.2011 (9)
  8. ESET meldet "JS/TrojanClicker.Agent.NBN Trojaner" - PC (noch) infiziert?
    Log-Analyse und Auswertung - 09.04.2011 (1)
  9. Älterer PC XP&ME mit Trojaner Hiloti, Trojan Agent, u.a. "befallen"
    Log-Analyse und Auswertung - 12.04.2010 (19)
  10. "TR/Agent.ruo" in "C:\Windows\System32\wineoam.dll.VIR"
    Plagegeister aller Art und deren Bekämpfung - 28.03.2010 (1)
  11. TR/Agent.ruo im Ordner "windows/system32" in der Datei "d3stez.dll"
    Plagegeister aller Art und deren Bekämpfung - 27.03.2010 (1)
  12. TROJANER meldet ständig über Pop-Up "rootkit win32 Agent pp"
    Log-Analyse und Auswertung - 08.12.2009 (1)
  13. AVG findet "Trojan horse Generic15.EAM", Antimalware "Trojan.Agent" + "Rootkit.Agent"
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (13)
  14. Trojaner "Agent.422888" in "giljabiunis.exe" ?
    Plagegeister aller Art und deren Bekämpfung - 28.07.2009 (13)
  15. Hilfe! "Trojan.Agent" und "Rogue.Residue" auf dem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 02.05.2009 (13)
  16. Trojaner "TR/Agent.33302" will mich nicht verlassen...
    Plagegeister aller Art und deren Bekämpfung - 21.12.2008 (4)
  17. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)

Zum Thema Trojaner "TR/Agent.ruo" - Hallo, Seit ein paar Tagen zeigt Antivir mir an, das ich 2 Trojaner habe. 1. TR/Agent.ruo in 'C:\System Volume Information\_restore{0A82D01C-C56E-4F7E-A5A4-6C096F46042B}\RP25\A0024520.dll' und 2. TR/Agent.ruo in 'C:\System Volume Information\_restore{0A82D01C-C56E-4F7E-A5A4-6C096F46042B}\RP26\A0026526.dll' Betriebssystem: WindowsXP Home - Trojaner "TR/Agent.ruo"...
Archiv
Du betrachtest: Trojaner "TR/Agent.ruo" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.