Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verzweifle an TR/Agent.RUO.3

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.03.2010, 19:22   #1
Schmidi
 
Verzweifle an TR/Agent.RUO.3 - Standard

Verzweifle an TR/Agent.RUO.3



Hallo zusammen ich habe mir jetzt schon fast alle einträge durchgelesen über diesen Trojaner doch ich komm leider nicht weiter
Mir wurde heut mittag in Antivir eine Meldung geschickt das in C:\Windows\System32\d3dsup.dll ein Trojaner gefunden wurde ! Ich habe mit OSAM schon eine Log datei angefertigt !

Kann mir jemand helfen ?

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:18:34 on 31.03.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"NatSpeak Periodic Acoustic Optimization.job" - "Nuance Communications, Inc." - C:\Program Files\Nuance\NaturallySpeaking10\Program\schedmgr.exe
"NatSpeak Periodic Data Collection.job" - "Nuance Communications, Inc." - C:\Program Files\Nuance\NaturallySpeaking10\Program\datacollector.exe
"NatSpeak Periodic Language Model Optimization.job" - "Nuance Communications, Inc." - C:\Program Files\Nuance\NaturallySpeaking10\Program\schedmgr.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acb34mka" (acb34mka) - "Microsoft Corporation" - C:\Windows\system32\drivers\acb34mka.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"AMD USB Filter Driver" (usbfilter) - "Advanced Micro Devices Inc." - C:\Windows\System32\DRIVERS\usbfilter.sys
"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys
"ASUS Process Creation/Termination Observer" (ASUSProcObsrv) - ? - E:\I386\AsProcOb.sys (File not found)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BDFM" (bdfm) - "BitDefender S.R.L. Bucharest, ROMANIA" - C:\Windows\System32\drivers\bdfm.sys
"bdfsfltr" (bdfsfltr) - "BitDefender S.R.L. Bucharest, ROMANIA" - C:\Windows\System32\DRIVERS\bdfsfltr.sys
"bdftdif" (bdftdif) - "BitDefender LLC" - C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
"BDSelfPr" (BDSelfPr) - "BitDefender S.R.L." - C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
"BDVEDISK" (BDVEDISK) - "BitDefender S.R.L." - C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys
"BitDefender Firewall NDIS Filter Service" (Bdfndisf) - "BitDefender LLC" - C:\Windows\System32\DRIVERS\bdfndisf.sys
"Data Security Manager Driver" (AsDsm) - "ASUSTek Computer Inc" - C:\Windows\system32\drivers\AsDsm.sys
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys (File found, but it contains no detailed information)
"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091216.001\IDSvix86.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"ipswuio" (ipswuio) - ? - C:\Windows\System32\DRIVERS\ipswuio.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091222.004\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091222.004\NAVEX15.SYS
"ntneysc" (ntneysc) - "Microsoft Corporation" - C:\Windows\system32\drivers\ntneysc.sys
"Profos" (Profos) - ? - C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (File found, but it contains no detailed information)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1008000.029\SYMEFA.SYS
"Symantec Hash Provider" (ccHP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys
"Symantec Heuristics Driver" (BHDrvx86) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys
"Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS
"Symantec Network Filter Driver" (SYMFW) - ? - C:\Windows\System32\Drivers\NIS\1007020.00B\SYMFW.SYS (File not found)
"Symantec Network Filter Driver" (SYMNDISV) - ? - C:\Windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS (File not found)
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS
"SYMDNS" (SYMDNS) - ? - C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS (File not found)
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"SYMREDRV" (SYMREDRV) - ? - C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS (File not found)
"Trufos" (Trufos) - "BitDefender S.R.L." - C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{9E96C1F5-0EFA-4348-9460-15D6802C70AA} "FvSCtxMenu Class" - "BitDefender S.R.L." - C:\Program Files\BitDefender\BitDefender 2009\bdfvsctx.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{AA1061FE-6C41-421f-9344-69640C9732AB} "symres" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Microsoft Office Outlook Custom Icon Handler" - ? - (File not found | COM-object registry key not found)
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} "BitDefender Toolbar" - "Bitdefender" - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found)
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "ASUSTek Computer Inc." - C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dragon NaturallySpeaking.lnk" - "Nuance Communications, Inc." - C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FancyStart daemon.lnk" - "ASUSTeK Computer Inc." - C:\Program Files\ASUS\FancyStart\FancyStart.exe (Shortcut exists | File exists)
"TotalMedia Backup Monitor.lnk" - "ArcSoft, Inc." - C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"SRS Premium Sound" - "SRS Labs, Inc." - "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"FlashPlayerUpdate" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ACMON" - "ATK" - C:\Program Files\ASUS\Splendid\ACMON.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ADSMTray" - "ASUSTek Computer Inc." - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
"AmIcoSinglun" - "AlcorMicro Co., Ltd." - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"ASUS Camera ScreenSaver" - ? - C:\Windows\AsScrProlog.exe (File found, but it contains no detailed information)
"ASUS Screen Saver Protector" - "ASUS" - C:\Windows\AsScrPro.exe
"ATKMEDIA" - "ASUS" - C:\Program Files\ASUS\ATK Media\DMedia.exe
"ATKOSD2" - "ASUS" - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
"BDAgent" - "BitDefender S.R.L." - "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
"BitDefender Antiphishing Helper" - "BitDefender" - "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"DisableS3S4" - ? - c:\DisableS3S4.cmd (File not found)
"HControlUser" - "ASUS" - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
"HDAudDeck" - "VIA" - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"NetFxUpdate_v1.1.4322" - "Microsoft" - "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
"Ocs_SM" - ? - C:\Users\Julian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"P2Go_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"WinampAgent" - ? - "C:\Program Files\Winamp\winampa.exe" (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"InnoSetupRegFile.0000000001" - ? - "C:\Windows\is-ED3KO.exe" /REG
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Login Filter" - "ASUSTek Computer Inc." - C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ADSM Service" (ADSMService) - "ASUSTek Computer Inc." - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"BitDefender Arrakis Server" (Arrakis3) - ? - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (File found, but it contains no detailed information)
"BitDefender Desktop Update Service" (LIVESRV) - "BitDefender SRL" - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
"BitDefender Threat Scanner" (scan) - "S.C. BitDefender S.R.L" - C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll
"BitDefender Virus Shield" (VSSERV) - "BitDefender S. R. L." - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Norton Internet Security" (Norton Internet Security) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information)
"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Julian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
"spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
"SRS Volume Sync Service" (SRS_VolSync_Service) - "SRS Labs, Inc." - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
"TVersityMediaServer" (TVersityMediaServer) - ? - C:\Users\Julian\AppData\Local\TVersity\Media Server\MediaServer.exe (File found, but it contains no detailed information)
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 01.04.2010, 11:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verzweifle an TR/Agent.RUO.3 - Standard

Verzweifle an TR/Agent.RUO.3



Hallo und

Code:
ATTFilter
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ntneysc" (ntneysc) - "Microsoft Corporation" - C:\Windows\system32\drivers\ntneysc.sys
         
Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM, lass die Datei (falls noch vorhanden)


C:\Windows\system32\drivers\ntneysc.sys


bei https://www.virustotal.com auswerten und poste den Ergebnislink.
__________________

__________________

Antwort

Themen zu Verzweifle an TR/Agent.RUO.3
antivir, antivir guard, ask toolbar, ask.com, avira, bho, browser, components, computer, desktop, desktop.ini, diagnostics, document, firefox, gupdate, help, helper, heuristics, home, home premium, internet, internet explorer, intrusion prevention, jusched.exe, log datei, logfile, malwarebytes' anti-malware, menu.exe, mozilla, notification, plug-in, programdata, registry, registry key, rojaner gefunden, saver, screensaver, security, senden, service pack 1, shortcut, software, sptd.sys, start menu, symantec, system, trojaner, trojaner gefunden, tunnel, usb, vdeck.exe, vista, windows, windows vista home




Ähnliche Themen: Verzweifle an TR/Agent.RUO.3


  1. Google Chrome blaue unterstrichene Wörter wo Links hinter versteckt sind, ich verzweifle
    Log-Analyse und Auswertung - 17.02.2014 (3)
  2. TR/Agent.379392.F, TR/Drop.Agent.dil, TR/Crypt.ZPACK.Gen2 bei AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (43)
  3. mehrere Trojaner gefunden: Spy.Agent.OGS, Spy.Banker.Gen2, Graftor.9201.6, Agent.237568.6
    Log-Analyse und Auswertung - 20.12.2011 (23)
  4. ich habe auch den TR/Kazy.mekml.1 ich verzweifle leute :-(((
    Log-Analyse und Auswertung - 25.04.2011 (1)
  5. pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (3)
  6. Trojanische Pferde (3) mit AVIRA gefunden: TR/Agent.ccg TR/Dropper.Gen TR/Agent.98816.14.B
    Plagegeister aller Art und deren Bekämpfung - 27.10.2010 (21)
  7. offenes system? TR/Agent.bfpp HTML/Ydergda.B TR/Riner.ZK TR/Riern.H.7 JAVA/Agent.BH
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (1)
  8. Verseuchter Rechner mit TR/Click.Agent.AC, TR/Dlder.Mediket.A, ADSPY/Agent.L usw.
    Plagegeister aller Art und deren Bekämpfung - 08.07.2010 (23)
  9. BDS/Agent.rfw ; BDS/Agent.rfv ; TR/Agent.wyn ; TR/Dldr.FraudLoad.vbxt
    Log-Analyse und Auswertung - 13.10.2009 (1)
  10. ich verzweifle mit "your computer is infected"
    Log-Analyse und Auswertung - 25.11.2008 (0)
  11. verzweifle gleich an diesen Mistviechern. Hilfe
    Plagegeister aller Art und deren Bekämpfung - 10.07.2006 (14)
  12. Ich verzweifle an TROJAN.STARTPAGE !
    Plagegeister aller Art und deren Bekämpfung - 24.04.2006 (4)
  13. keinen Sound mehr, ich verzweifle
    Alles rund um Windows - 04.07.2005 (1)
  14. Hilfe bitte, verzweifle bald
    Log-Analyse und Auswertung - 02.06.2005 (3)
  15. 3 Trojaner: Agent NBU / Agent.BI und WinShow.NAL - kriegs nicht gelöscht :(
    Log-Analyse und Auswertung - 20.03.2005 (1)
  16. Verzweifle noch - wer hilft?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2004 (10)
  17. Ich verzweifle....brauche hilfe....dringend
    Log-Analyse und Auswertung - 13.10.2004 (1)

Zum Thema Verzweifle an TR/Agent.RUO.3 - Hallo zusammen ich habe mir jetzt schon fast alle einträge durchgelesen über diesen Trojaner doch ich komm leider nicht weiter Mir wurde heut mittag in Antivir eine Meldung geschickt das - Verzweifle an TR/Agent.RUO.3...
Archiv
Du betrachtest: Verzweifle an TR/Agent.RUO.3 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.