| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner "TR/Agent.ruo" entdecktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.03.2010, 20:19
| #1 |
 |  Trojaner "TR/Agent.ruo" entdeckt Hallo @all, eine Freundin von mir hat ein Problem mit dem Plagegeist von oben! Ich habe bei ihr diesen OSAM installiert und sende euch den Log! Hoffe Ihr findet was und könnt ihr helfen! LG Juli Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:39:51 on 30.03.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.2 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Common %SystemRoot%\Tasks |||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists |||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists |||||| "Automatische Problemsuche.job" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe File exists "Automatische Wartung.job" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\OneClickStarter.exe File exists Control Panel Objects %SystemRoot%\system32 |||||| "ALSNDMGR.CPL" C:\WINDOWS\system32\ALSNDMGR.CPL File signed by Microsoft | File found, but it contains no detailed information |||||| "ddbaccpl.cpl" "DataDesign AG" C:\WINDOWS\system32\ddbaccpl.cpl File exists |||||| "ddbacctm.cpl" "DataDesign AG" C:\WINDOWS\system32\ddbacctm.cpl File exists |||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists |||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists |||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists |||||| "QuickTime" "Apple Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "acedrv10" (acedrv10) "Protect Software GmbH" C:\WINDOWS\system32\drivers\acedrv10.sys File exists |||||| "acehlp10" (acehlp10) "Protect Software GmbH" C:\WINDOWS\system32\drivers\acehlp10.sys File exists |||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists |||||| "avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists |||||| "avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists "Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found |||||| "d347bus" (d347bus) " " C:\WINDOWS\System32\DRIVERS\d347bus.sys File exists |||||| "d347prt" (d347prt) " " C:\WINDOWS\System32\Drivers\d347prt.sys File exists "i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found "kbdqtwmt" (kbdqtwmt) "Microsoft Corporation" C:\WINDOWS\system32\drivers\kbdqtwmt.sys File exists "lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found "PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found "PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found || "PDDSLHND" (PDDSLHND) "ProDyne" C:\WINDOWS\system32\drivers\PDDSLHND.sys File exists "PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found "PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found "PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found |||||| "PPdus ASPI Shell" (Afc) "Arcsoft, Inc." C:\WINDOWS\System32\drivers\Afc.sys File exists || "ProDyne DSL Adapter" (PDDSLADP) "ProDyne" C:\WINDOWS\System32\DRIVERS\PDDSLADP.SYS File exists |||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists "Treiber für Player-Wiederherstellungsgerät" (StMp3Rec) "Microsoft Corporation" C:\WINDOWS\System32\Drivers\StMp3Rec.sys File exists |||||| "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys File exists "WAN Miniport (ATW)" (wanatw) C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found "WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found Explorer HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components |||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {D653647D-D607-4DF6-A5B8-48D2BA195F7B} "BitDefender Antivirus v8" File not found | COM-object registry key not found {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found |||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Programme\iTunes\iTunesMiniPlayer.dll File exists {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\OFFICE11\msohev.dll File exists |||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists |||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists |||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll File exists |||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists |||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found |||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists |||||| {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll File exists |||||| {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll File exists |||||| {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" "TuneUp Software" C:\WINDOWS\System32\uxtuneup.dll File exists |||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File exists Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser |||| "Google Toolbar" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists "ITBar7Layout" File not found | COM-object registry key not found "{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||||| {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} "CKAVWebScan Object" hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab "Kaspersky Lab" C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll File exists |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists |||| {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists |||| {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class" hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab "Microsoft Corporation" C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx File exists {D2982A7F-489A-47F5-A319-FC1F14EBC245} "Navigator Class" hxxp://www.nutzwerk.de/control/NutzNavi.cab "Nutzwerk GmbH" C:\WINDOWS\Downloaded Program Files\NutzNavi.dll File exists |||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx File exists {166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab File not found | COM-object registry key not found {3334504D-9980-0010-8000-00AA00389B71} "{3334504D-9980-0010-8000-00AA00389B71}" hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB File not found | COM-object registry key not found {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}" hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" "Microsoft Corporation" C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar |||| "Google Toolbar" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists |||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists |||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists |||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists {98C4D999-B288-8E34-0F4E-24A17D5518FA} "{98C4D999-B288-8E34-0F4E-24A17D5518FA}" File not found | COM-object registry key not found Logon %AllUsersProfile%\Startmenü\Programme\Autostart |||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists %UserProfile%\Startmenü\Programme\Autostart |||||| "desktop.ini" C:\Dokumente und Einstellungen\lucy\Startmenü\Programme\Autostart\desktop.ini File exists "Windows Live Messenger .lnk" "Microsoft Corporation" C:\Programme\Windows Live\Messenger\msnmsgr.exe Shortcut exists | File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ccleaner" "Piriform Ltd" "C:\Programme\CCleaner\CCleaner.exe" /AUTO File exists |||| "PC Suite Tray" "Nokia" "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||||| "avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists |||| "rfagent" "KsL Software" "C:\Programme\RFA\rfagent.exe" File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\WINDOWS\system32\mdimon.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists "Anwendungsverwaltung" (AppMgmt) C:\WINDOWS\System32\appmgmts.dll File not found |||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists |||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists |||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists |||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists |||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Programme\Bonjour\mDNSResponder.exe File exists |||| "Google Software Updater" (gusvc) "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists |||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists |||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Programme\iPod\bin\iPodService.exe File exists |||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "Process Monitor" (LVPrcSrv) "Logitech Inc." C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe File exists |||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Programme\PC Connectivity Solution\ServiceLayer.exe File exists |||||| "TuneUp Designerweiterung" (UxTuneUp) "TuneUp Software" C:\WINDOWS\System32\uxtuneup.dll File exists |||||| "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe File exists |||||| "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe File exists |||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists |||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists |||||| "X10 Device Network Service" (x10nets) "X10" C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe File exists Winlogon HKCU\Control Panel\IOProcs "MVB" mvfs32.dll File not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries |||||| "mdnsNSP" "Apple Inc." C:\Programme\Bonjour\mdnsNSP.dll File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
| Themen zu Trojaner "TR/Agent.ruo" entdeckt |
| adobe, antivir, antivir guard, antivirus, autorun, avgnt.exe, avgntflt.sys, avira, bho, browser, c:\windows\system32\rundll32.exe, components, defender, desktop, desktop.ini, dll, document, einstellungen, firefox, fontcache, gupdate, helper, home, malware, mozilla, plug-in, problem, programme, registry, registry key, rundll, sched.exe, shortcut, software, trojaner, windows, windows xp |
Baum-Darstellung