Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll

theoburg26 · 31.03.2010, 12:07

Hey ho liebe Leute,
mich hat es erwischt, bzw. meinen PC und ich weiß nicht weiter...Die Logfile hänge ich an...
Das Problem ist ein Trojaner, welcher hier nicht unbekannt ist - Agent.ruo -, welcher sich in der ntndydr.dll festgesetzt hat...Ich bitte um Lösungsstrategien!
Als Antivierenprogramm steht Avira zur verfügung...
Bitte dringend um Hilfe + Danke im Vorraus!!!
LG

theo

post scriptum: - Logfile -

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:37:50 on 31.03.2010

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Bioscrypt Inc." - C:\windows\system32\APSHook.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"HPCeeScheduleForLena.job" - "Hewlett-Packard" - C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\windows\system32\hpaccelerometercp.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"HP 3D DriveGuard" - "Hewlett-Packard Corporation" - C:\windows\system32\hpaccelerometercp.CPL
"SoundMAX" - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\soundmax.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\windows\system32\Drivers\CVPNDRVA.sys
"d3dsmj" (d3dsmj) - "Microsoft Corporation" - C:\windows\system32\drivers\d3dsmj.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"RsvLock" (RsvLock) - "SafeBoot International" - C:\windows\system32\drivers\RsvLock.sys
"SafeBoot" (SafeBoot) - "SafeBoot International" - C:\windows\system32\drivers\SafeBoot.sys (File is exclusively opened, access blocked)
"SbAlg" (SbAlg) - "SafeBoot N.V." - C:\windows\system32\drivers\SbAlg.sys
"SbFsLock" (SbFsLock) - "SafeBoot International" - C:\windows\system32\drivers\SbFsLock.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{92644C80-C318-408A-9EDA-1B0C245D73A5} "File Sanitizer" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\windows\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\windows\Downloaded Program Files\JuniperSetupClient.ocx / https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" - ? - (File not found | COM-object registry key not found)
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
{0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - ? - C:\Program Files\AVG\AVG9\avgssie.dll (File not found)
{3134413B-49B4-425C-98A5-893C1F195601} "BHO_Startup Class" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} "Credential Manager for HP ProtectTools" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found)
{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} "{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} " - ? - (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.1.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"DVD Check.lnk" - "InterVideo Inc." - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"accrdsub" - "ActivIdentity" - "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CognizanceTS" - "Bioscrypt Inc." - rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
"File Sanitizer" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"PDF Complete" - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsty.exe
"PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"SoundMAX" - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
"StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WatchDog" - "InterVideo Inc." - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Universal Print Monitor" - "Hewlett-Packard" - C:\windows\system32\HPMPW081.DLL
"PDFC" - "PDF Complete, Inc." - C:\windows\system32\pdfc_port.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ActivClient Middleware Service" (accoca) - "ActivIdentity" - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Drive Encryption Service" (HpFkCryptService) - "SafeBoot International" - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
"File Sanitizer for HP ProtectTools" (HPFSService) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP ProtectTools Service" (HP ProtectTools Service) - "Hewlett-Packard Development Company, L.P" - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Juniper Network Connect Service" (dsNcService) - "Juniper Networks" - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Local Communication Channel" (ASChannel) - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll
"Logon Session Broker" (ASBroker) - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
"Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Program Files\MSN Messenger\usnsvc.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll
"PDF Document Manager" (pdfcDispatcher) - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 31.03.2010, 12:48

hallo und

Code:

ATTFilter

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"d3dsmj" (d3dsmj) - "Microsoft Corporation" - C:\windows\system32\drivers\d3dsmj.sys

Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM und lass die Datei (falls noch vorhanden)

C:\windows\system32\drivers\d3dsmj.sys

bei https://www.Virustotal.com auswerten. Bitte dann Ergebnislink posten.

theoburg26 · 31.03.2010, 13:21

So logfile 1:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:16:05 on 31.03.2010

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Bioscrypt Inc." - C:\windows\system32\APSHook.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"HPCeeScheduleForLena.job" - "Hewlett-Packard" - C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\windows\system32\hpaccelerometercp.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"HP 3D DriveGuard" - "Hewlett-Packard Corporation" - C:\windows\system32\hpaccelerometercp.CPL
"SoundMAX" - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\soundmax.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\windows\system32\Drivers\CVPNDRVA.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"RsvLock" (RsvLock) - "SafeBoot International" - C:\windows\system32\drivers\RsvLock.sys
"SafeBoot" (SafeBoot) - "SafeBoot International" - C:\windows\system32\drivers\SafeBoot.sys (File is exclusively opened, access blocked)
"SbAlg" (SbAlg) - "SafeBoot N.V." - C:\windows\system32\drivers\SbAlg.sys
"SbFsLock" (SbFsLock) - "SafeBoot International" - C:\windows\system32\drivers\SbFsLock.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys
(Disabled) "d3dsmj" (d3dsmj) - "Microsoft Corporation" - C:\windows\system32\drivers\d3dsmj.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{92644C80-C318-408A-9EDA-1B0C245D73A5} "File Sanitizer" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\windows\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\windows\Downloaded Program Files\JuniperSetupClient.ocx / https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" - ? - (File not found | COM-object registry key not found)
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
{0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - ? - C:\Program Files\AVG\AVG9\avgssie.dll (File not found)
{3134413B-49B4-425C-98A5-893C1F195601} "BHO_Startup Class" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} "Credential Manager for HP ProtectTools" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} "IsoBuster Toolbar" - "Conduit Ltd." - C:\Program Files\IsoBuster\tbIsoB.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found)
{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} "{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} " - ? - (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.1.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"DVD Check.lnk" - "InterVideo Inc." - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"accrdsub" - "ActivIdentity" - "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CognizanceTS" - "Bioscrypt Inc." - rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
"File Sanitizer" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"PDF Complete" - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsty.exe
"PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"SoundMAX" - "Analog Devices, Inc." - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
"StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WatchDog" - "InterVideo Inc." - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Universal Print Monitor" - "Hewlett-Packard" - C:\windows\system32\HPMPW081.DLL
"PDFC" - "PDF Complete, Inc." - C:\windows\system32\pdfc_port.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ActivClient Middleware Service" (accoca) - "ActivIdentity" - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Drive Encryption Service" (HpFkCryptService) - "SafeBoot International" - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
"File Sanitizer for HP ProtectTools" (HPFSService) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP ProtectTools Service" (HP ProtectTools Service) - "Hewlett-Packard Development Company, L.P" - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Juniper Network Connect Service" (dsNcService) - "Juniper Networks" - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Local Communication Channel" (ASChannel) - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll
"Logon Session Broker" (ASBroker) - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
"Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Program Files\MSN Messenger\usnsvc.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll
"PDF Document Manager" (pdfcDispatcher) - "PDF Complete Inc" - C:\Program Files\PDF Complete\pdfsvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Bioscrypt Inc." - c:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

------------------------------------------------------------------------

Und Logfile 2:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.31 Downloader.Agent!IK
AhnLab-V3 5.0.0.2 2010.03.30 -
AntiVir 7.10.6.8 2010.03.31 -
Antiy-AVL 2.0.3.7 2010.03.31 -
Authentium 5.2.0.5 2010.03.31 -
Avast 4.8.1351.0 2010.03.31 Win32:Trojan-gen
Avast5 5.0.332.0 2010.03.31 Win32:Trojan-gen
AVG 9.0.0.787 2010.03.31 Rootkit-Agent.EI
BitDefender 7.2 2010.03.31 -
CAT-QuickHeal 10.00 2010.03.31 -
ClamAV 0.96.0.0-git 2010.03.31 -
Comodo 4449 2010.03.31 -
DrWeb 5.0.2.03300 2010.03.31 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7399 2010.03.31 -
F-Prot 4.5.1.85 2010.03.31 -
F-Secure 9.0.15370.0 2010.03.31 -
Fortinet 4.0.14.0 2010.03.30 -
GData 19 2010.03.31 Win32:Trojan-gen
Ikarus T3.1.1.80.0 2010.03.31 -
Jiangmin 13.0.900 2010.03.31 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.31 -
McAfee 5936 2010.03.30 -
McAfee+Artemis 5936 2010.03.30 -
McAfee-GW-Edition 6.8.5 2010.03.31 -
Microsoft 1.5605 2010.03.31 -
NOD32 4987 2010.03.31 a variant of Win32/Agent.QQJ
Norman 6.04.10 2010.03.31 -
nProtect 2009.1.8.0 2010.03.31 Trojan/W32.Agent.497664.T
Panda 10.0.2.2 2010.03.30 -
PCTools 7.0.3.5 2010.03.31 -
Prevx 3.0 2010.03.31 High Risk Rootkit
Rising 22.41.02.02 2010.03.31 -
Sophos 4.52.0 2010.03.31 -
Sunbelt 6120 2010.03.31 -
Symantec 20091.2.0.41 2010.03.31 Suspicious.Insight
TheHacker 6.5.2.0.248 2010.03.31 -
TrendMicro 9.120.0.1004 2010.03.31 -
VBA32 3.12.12.2 2010.03.30 -
ViRobot 2010.3.31.2254 2010.03.31 Trojan.Win32.RT-Agent.497664
VirusBuster 5.0.27.0 2010.03.31 -
weitere Informationen
File size: 497664 bytes
MD5...: 02d6ff9c831122bff506c16a8e595b16
SHA1..: 28099e9dee29a2c996994f04d0b526b155b7de58
SHA256: 896402e55c53360ba21b961f686deab066e26b579a158ff99aac721f78cb12fc
ssdeep: 12288:Pa1oSBamUbHkuNrGCQeOWK2sqLIbndktwGB2d:Pa6mZ+G+OWKfqLKndktw
GB2d
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7a000
timedatestamp.....: 0x4a7e146b (Sun Aug 09 00:12:27 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5e1a 0x6000 6.39 4840ad584763561bdb1b3d3bd0f60731
.rdata 0x7000 0x71474 0x71600 7.85 fb13d0c963ce5d00fd9427c85aae54c7
.data 0x79000 0x47c 0x200 0.47 a4a8a3393802a4e4d21f69d56bd48b33
INIT 0x7a000 0x71a 0x800 5.23 cab2bbb7cc4adad8fc38a29f250a7dbe
.rsrc 0x7b000 0x2c8 0x400 2.38 0a38e7eba72777dfff1f2ec6edf4fa8d
.reloc 0x7c000 0xe26 0x1000 4.19 7395b12a4f70412cac206325760214ad

( 2 imports )
> ntoskrnl.exe: ObReferenceObjectByHandle, ObOpenObjectByName, RtlInitUnicodeString, wcslen, wcscat, _alldiv, ExRaiseStatus, ExAllocatePoolWithTagPriority, ExFreePoolWithTag, RtlCopyUnicodeString, ExAllocatePoolWithTag, ZwQueryInformationProcess, RtlCompareUnicodeString, KeReleaseMutex, KeWaitForSingleObject, ZwSetInformationProcess, ZwDuplicateToken, ZwOpenProcessToken, ZwOpenProcess, ZwEnumerateKey, ZwDeleteKey, ZwOpenKey, wcsncat, ZwLoadDriver, ZwSetValueKey, ZwCreateKey, IoDeleteDevice, RtlImageDirectoryEntryToData, KeDetachProcess, KeAttachProcess, PsLookupProcessByProcessId, ZwAllocateVirtualMemory, ZwOpenFile, wcscpy, ObfDereferenceObject, ZwQueryInformationThread, ZwQuerySystemInformation, memmove, _local_unwind2, KeServiceDescriptorTable, KeInitializeMutex, ZwReadFile, ZwCreateFile, ZwSetInformationFile, ZwWriteFile, ZwQueryInformationFile, wcscmp, ZwQueryVolumeInformationFile, PsSetLoadImageNotifyRoutine, PsSetCreateProcessNotifyRoutine, ZwQueryValueKey, IofCompleteRequest, RtlImageNtHeader, IoCreateSymbolicLink, IoCreateDevice, swprintf, SeCreateClientSecurity, KeGetCurrentThread, KeQuerySystemTime, sprintf, ZwMapViewOfSection, ZwCreateSection, ZwUnmapViewOfSection, KeTickCount, KeBugCheckEx, ZwClose, _except_handler3, wcsncmp
> HAL.dll: KfRaiseIrql, KfLowerIrql, KeGetCurrentIrql

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Microsoft Corporation
copyright....: n/a
product......: Microsoft_ Windows_ Operating System
description..: Windows interface driver
original name: n/a
internal name: n/a
file version.: 5.1.2600.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=6F8428FF00DA13A5983C074541E5B3000838B301' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=6F8428FF00DA13A5983C074541E5B3000838B301</a>

Vielen Dank für deine Hilfe!
LG

Theo

cosinus · 31.03.2010, 14:26

Ok. Die Datei kannste löschen.
Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

theoburg26 · 31.03.2010, 17:12

Soll denn noch die ntndydr.dll gelöscht werden?

So die Log von Malwarebytes:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3937

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

31.03.2010 17:24:55
mbam-log-2010-03-31 (17-24-55).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 108400
Laufzeit: 8 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

-------------------------------------------------------------------------

Log von SUPERAntiSpyware:

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 03/31/2010 bei 06:02 PM

Version der Applikation : 4.35.1000

Version der Kern-Datenbank : 4753
Version der Spur-Datenbank : 2565

Scan Art : Schneller Scann
Totale Scann-Zeit : 00:34:58

Gescannte Speicherelemente : 985
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 528
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 24562
Erfasste Datei-Elemente : 0

Nochmals vielen Dank und LG

Theo

cosinus · 31.03.2010, 19:28

Sehr schön, dann ist wohl wieder alles ok. Zeit um Updates zu prüfen:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

31.03.2010, 14:26	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll Ok. Die Datei kannste löschen. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll

Plagegeister aller Art und deren Bekämpfung: Hilfe Trojaner - Tr/Agent.ruo in ntndydr.dll