TR/Agent.ruo in C:\Windows\system32\winepnb.dll

Phoenix5342 · 01.04.2010, 01:54

Immer wen ich meinen Pc anschalte und dan de Internet Browser öffne, kommt eine Virusmeldung : TR/Agent.ruo in C:\Windows\system32\winepnb.dll.
Desweiteren habe ich malwarebyte laufen lassen und "mehrere" Malware gefunden. Bitte um Hilfe. mfg Phoenix5342

OSAM :

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:21:20 on 31.03.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-1614895754-796845957-1801674531-1005Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Maik\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1614895754-796845957-1801674531-1005UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Maik\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2009\OneClickStarter.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl
"QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ANIO Service" (ANIO) - "Alpha Networks Inc." - C:\WINDOWS\system32\ANIO.SYS
"ArchiCrypt SecureDZone Driver" (ACDZone) - ? - C:\WINDOWS\system32\drivers\ACDZone.sys (File not found)
"ASPI32" (ASPI32) - "Adaptec" - C:\WINDOWS\system32\drivers\ASPI32.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth Audio Service" (BlueletAudio) - ? - C:\WINDOWS\System32\DRIVERS\blueletaudio.sys (File not found)
"Bluetooth HID Device Service" (VHidMinidrv) - ? - C:\WINDOWS\System32\drivers\VHIDMini.sys (File not found)
"Bluetooth HID Enumerator" (BTHidEnum) - ? - C:\WINDOWS\System32\Drivers\vbtenum.sys (File not found)
"Bluetooth HID Manager Service" (BTHidMgr) - ? - C:\WINDOWS\System32\Drivers\BTHidMgr.sys (File not found)
"Bluetooth PAN Network Adapter" (BT) - ? - C:\WINDOWS\System32\DRIVERS\btnetdrv.sys (File not found)
"Bluetooth SCO Audio Service" (BlueletSCOAudio) - ? - C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys (File not found)
"Bluetooth USB For Bluetooth Service" (Btcsrusb) - ? - C:\WINDOWS\System32\Drivers\btcusb.sys (File not found)
"Bluetooth VComm Manager Service" (VcommMgr) - ? - C:\WINDOWS\System32\Drivers\VcommMgr.sys (File not found)
"cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\WINDOWS\system32\drivers\cdrbsdrv.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"D-Link VGA Webcam" (ovt519) - "OmniVision Technologies, Inc." - C:\WINDOWS\System32\Drivers\ov519vid.sys
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found)
"enodpl" (enodpl) - ? - C:\WINDOWS\System32\drivers\enodpl.sys (File found, but it contains no detailed information)
"GarenaPEngine" (GarenaPEngine) - ? - C:\DOKUME~1\Maik\LOKALE~1\Temp\ZJC1EA.tmp (File not found)
"GMSIPCI" (GMSIPCI) - ? - H:\INSTALL\GMSIPCI.SYS (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"jgameenp" (jgameenp) - ? - C:\DOKUME~1\Maik\LOKALE~1\Temp\jgameenp.sys (File not found)
"Keyboard Filter Driver" (kbfilter) - "WayTech Development, Inc." - C:\WINDOWS\system32\drivers\kbfilter.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
"MSICPL" (MSICPL) - ? - H:\install4\MSICPL.sys (File not found)
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"NTACCESS" (NTACCESS) - ? - H:\NTACCESS.sys (File not found)
"oreans32" (oreans32) - ? - C:\WINDOWS\system32\drivers\oreans32.sys (File found, but it contains no detailed information)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SetupNTGLM7X" (SetupNTGLM7X) - ? - H:\NTGLM7X.sys (File not found)
"Sony Ericsson Device 039 Driver driver (WDM)" (SE27bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27bus.sys
"Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)" (se27nd5) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se27nd5.sys
"Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)" (se27unic) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se27unic.sys
"Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)" (SE27mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys
"Sony Ericsson Device 039 USB WMC Modem Driver" (SE27mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27mdm.sys
"Sony Ericsson Device 039 USB WMC Modem Filter" (SE27mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys
"Sony Ericsson Device 039 USB WMC OBEX Interface" (SE27obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27obex.sys
"Sony Ericsson Device 046 Driver driver (WDM)" (SE2Ebus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE2Ebus.sys
"Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS)" (se2End5) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se2End5.sys
"Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)" (se2Eunic) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se2Eunic.sys
"Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)" (SE2Emgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE2Emgmt.sys
"Sony Ericsson Device 046 USB WMC Modem Driver" (SE2Emdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE2Emdm.sys
"Sony Ericsson Device 046 USB WMC Modem Filter" (SE2Emdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE2Emdfl.sys
"Sony Ericsson Device 046 USB WMC OBEX Interface" (SE2Eobex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE2Eobex.sys
"Sony Ericsson Device 069 driver (WDM)" (se45bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se45bus.sys
"Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS)" (se45nd5) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se45nd5.sys
"Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM)" (se45unic) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se45unic.sys
"Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM)" (se45mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se45mgmt.sys
"Sony Ericsson Device 069 USB WMC Modem Driver" (se45mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se45mdm.sys
"Sony Ericsson Device 069 USB WMC Modem Filter" (se45mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se45mdfl.sys
"Sony Ericsson Device 069 USB WMC OBEX Interface" (se45obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\se45obex.sys
"Sony Ericsson W200 driver (WDM)" (w200bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\w200bus.sys
"Sony Ericsson W200 USB WMC Device Management Drivers (WDM)" (w200mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\w200mgmt.sys
"Sony Ericsson W200 USB WMC Modem Driver" (w200mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\w200mdm.sys
"Sony Ericsson W200 USB WMC Modem Filter" (w200mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\w200mdfl.sys
"Sony Ericsson W200 USB WMC OBEX Interface" (w200obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\w200obex.sys
"Sony Ericsson W810 Driver driver (WDM)" (w810bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\w810bus.sys
"Sony Ericsson W810 USB WMC Device Management Drivers (WDM)" (w810mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\w810mgmt.sys
"Sony Ericsson W810 USB WMC Modem Driver" (w810mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\w810mdm.sys
"Sony Ericsson W810 USB WMC Modem Filter" (w810mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\w810mdfl.sys
"Sony Ericsson W810 USB WMC OBEX Interface" (w810obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\w810obex.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys
"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys
"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys
"tandpl" (tandpl) - ? - C:\WINDOWS\System32\drivers\tandpl.sys (File found, but it contains no detailed information)
"TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0901.sys
"Virtual Serial port driver" (VComm) - ? - C:\WINDOWS\System32\DRIVERS\VComm.sys (File not found)
"VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"XDva332" (XDva332) - ? - C:\WINDOWS\system32\XDva332.sys (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{54F6C59F-6A65-DAA6-3A00-37211BF9CF57} "StubPath" - ? - C:\WINDOWS\system32\License\license.exe s (File not found)
{636CBC91-AA3A-8168-1C5B-B6629429CFE7} "StubPath" - ? - C:\Programme\microsoft\svchost.exe s (File not found)
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{2FB68C59-C098-415B-8563-837B33DD7D0D} "{2FB68C59-C098-415B-8563-837B33DD7D0D}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{1F77B17B-F531-44DB-ACA4-76ABB5010A28} "AIMP2: ShellExt" - "AIMP DevTeam" - C:\Programme\AIMP2\System\aimp_shell.dll
{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543} "FileMenuTools" - ? - (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2009\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" - ? - (File not found | COM-object registry key not found)
<binary data> "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" - ? - (File not found | COM-object registry key not found)
<binary data> "{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" - ? - (File not found | COM-object registry key not found)
<binary data> "{EEE6C35B-6118-11DC-9C72-001320C79847}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EEE6C35D-6118-11DC-9C72-001320C79847} "{EEE6C35D-6118-11DC-9C72-001320C79847}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{BA162249-F2C5-4851-8ADC-FC58CB424243} "{BA162249-F2C5-4851-8ADC-FC58CB424243}" - ? - (File not found | COM-object registry key not found) / hxxp://www.schueler.cc/uploader/ImageUploader5.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe (File not found)
"ICQ7" - "ICQ, Inc." - C:\Programme\ICQ7.0\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
Locked "Locked" - ? - (File not found | COM-object registry key not found)
<binary data> "{E067413D-BC5E-4D4D-864D-A8932A9AC761}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - ? - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{D2C5E510-BE6D-42CC-9F61-E4F939078474} "Lexmark " - ? - C:\Programme\Lexmark Printable Web\bho.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - ? - C:\WINDOWS\system32\ssqrroPI (File not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Maik\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\Maik\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\explorer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AudioDeck" - "VIA Technologies, Inc." - C:\Programme\VIA\VIAudioi\SBADeck\ADeck.exe 1
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"D-Link AirPlus G" - "D-Link" - C:\Programme\D-Link\AirPlus G\AirGCFG.exe
"EzPrint" - ? - "C:\Programme\Lexmark S300-S400 Series\ezprint.exe"
"lxeamon.exe" - ? - "C:\Programme\Lexmark S300-S400 Series\lxeamon.exe"
" Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Monitor" - "PixArt Imaging Incorporation" - C:\WINDOWS\PixArt\PAC207\Monitor.exe
"Ocs_SM" - ? - C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ANIWZCSd Service" (ANIWZCSdService) - "Alpha Networks Inc." - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information)
"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Dokumente und Einstellungen\Maik\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\WINDOWS\System32\TuneUpDefragService.exe
"TuneUp Program Statistics Service" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\WINDOWS\System32\TUProgSt.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"hgGyxxVl" - ? - hgGyxxVl.dll (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"Xfire_LSP" - ? - C:\WINDOWS\system32\xfire_lsp_9028.dll (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===

Malwarebyte :

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 5.1.2600 Service Pack 3

01.04.2010 02:42:17
mbam-log-2010-04-01 (02-42-06).txt

Scan-Methode: Vollständiger Scan (C:\|J:\|)
Durchsuchte Objekte: 293942
Laufzeit: 1 hour(s), 31 minute(s), 25 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{EB0771C5-7E7B-40BE-B99E-6E5D087A349F}\RP637\A0299645.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{EB0771C5-7E7B-40BE-B99E-6E5D087A349F}\RP637\A0299646.exe (Trojan.Vundo) -> No action taken.
C:\install.exe (Trojan.Agent) -> No action taken.

cosinus · 01.04.2010, 12:37

Wozu neuer Strang

http://www.trojaner-board.de/84167-s...agent-ruo.html

01.04.2010, 12:37	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$TR/Agent.ruo in C:\Windows\system32\winepnb.dll - Standard$ TR/Agent.ruo in C:\Windows\system32\winepnb.dll Wozu neuer Strang http://www.trojaner-board.de/84167-s...agent-ruo.html __________________ __________________

TR/Agent.ruo in C:\Windows\system32\winepnb.dll

Mülltonne: TR/Agent.ruo in C:\Windows\system32\winepnb.dll

TR/Agent.ruo in C:\Windows\system32\winepnb.dll

TR/Agent.ruo in C:\Windows\system32\winepnb.dll

Ähnliche Themen: TR/Agent.ruo in C:\Windows\system32\winepnb.dll