Ich habe ebenfalls Probleme mit dem TR/Agent/Ruo Trojaner

RagnarL. · 08.04.2010, 08:25

Hallo Zusammen,
mich hat dieser Trojaner auch erwischt
hier ist mein osam log.

Danke vorab schon mal für Eure Hilfe

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:21:57 on 08.04.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.5.9

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe
"Wise Registry Cleaner 4.job" - "WiseCleaner.com" - C:\Programme\Wise Registry Cleaner\WiseRegistryCleaner.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"pcpanel.cpl" - "Pen Tablet" - C:\WINDOWS\system32\pcpanel.cpl
"plugincpl130_02.cpl" - "Sun Microsystems" - C:\WINDOWS\system32\plugincpl130_02.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"agmssx1p" (agmssx1p) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\agmssx1p.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ANIO Service" (ANIO) - "Alpha Networks Inc." - C:\WINDOWS\system32\ANIO.SYS
"Asapi" (Asapi) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\drivers\Asapi.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"C-Dilla" (C-Dilla) - "Macrovision" - C:\WINDOWS\system32\drivers\CDANT.SYS
"CdaC15BA" (CdaC15BA) - "Macrovision Europe Ltd" - C:\WINDOWS\system32\drivers\CDAC15BA.SYS
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"GMSIPCI" (GMSIPCI) - ? - I:\INSTALL\GMSIPCI.SYS (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"kbdqyem" (kbdqyem) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\kbdqyem.sys (Hidden file, rootkit activity)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"Microsoft UAA Bus Driver for High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
"MSICPL" (MSICPL) - ? - I:\install4\MSICPL.sys (File not found)
"NTACCESS" (NTACCESS) - ? - I:\NTACCESS.sys (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PCTools KDS" (PCTCore) - "PC Tools" - C:\WINDOWS\System32\drivers\PCTCore.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDIDRV" (PDIDRV) - ? - C:\WINDOWS\system32\drivers\PDIDRV.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
"Sentinel" (Sentinel) - "Rainbow Technologies, Inc." - C:\WINDOWS\System32\Drivers\SENTINEL.SYS
"Serial Tablet Port Driver" (Tablet2k) - ? - "C:\WINDOWS\System32\Drivers\Tablet2k.sys" (File not found)
"SetupNTGLM7X" (SetupNTGLM7X) - ? - I:\NTGLM7X.sys (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"srescan" (srescan) - "Zone Labs, LLC" - C:\WINDOWS\System32\ZoneLabs\srescan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Treiber für seriellen Anschluss" (Serial) - ? - C:\WINDOWS\System32\DRIVERS\avidXPserial.sys (File found, but it contains no detailed information)
"vsdatant" (vsdatant) - "Zone Labs, LLC" - C:\WINDOWS\System32\vsdatant.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6230EF55-8E71-4F40-861A-DBA282584FF5} "AVSVideoConverter Object" - "Online Media Technologies Ltd." - C:\Programme\AVS4YOU\AVSVideoConverter6\AVSVideoConverterShExt.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "ZLAVShExt Class" - "Zone Labs, LLC" - C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/products/plugin/1.3.0_02/jinstall-130_02-win.cab
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{E19F9331-3110-11d4-991C-005004D3B3DB} "{E19F9331-3110-11d4-991C-005004D3B3DB}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/1.3.0_02/jinstall-130_02-win.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
{472734EA-242A-422B-ADF8-83D1E48CC825} "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} "PC Tools Browser Guard BHO" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"PrintKey-Pro.lnk" - "WareCentral.com" - C:\Programme\Warecentral\PrintKey-Pro\PKey_Pro.exe (Shortcut exists | File exists)
"WinZip Quick Pick.lnk" - "WinZip Computing, S.L." - C:\Programme\WinZip\WZQKPICK.EXE (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\AdminUser\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.1.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "H:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
"GameTracker" - "ClanServers Hosting LLC" - C:\Programme\GameTracker\GTLite.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"ANIWZCS2Service" - "Alpha Networks Inc." - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"D-Link AirPlus G" - "D-Link" - C:\Programme\D-Link\AirPlus G\AirGCFG.exe
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
"WinampAgent" - ? - C:\Programme\Winamp\winampa.exe (File found, but it contains no detailed information)
"WTClient" - "Tablet Driver" - WTClient.exe
"ZoneAlarm Client" - "Zone Labs, LLC" - "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ANIWZCSd Service" (ANIWZCSdService) - "Alpha Networks Inc." - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Programme\Application Updater\ApplicationUpdater.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Avid SDM Service" (AvidSDMService) - "Avid Technology, Inc." - C:\WINDOWS\System32\AvidSDMService.exe
"Avid Startup" (AvidStartup) - ? - C:\WINDOWS\System32\AvidStartup.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Browser Defender Update Service" (Browser Defender Update Service) - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
"C-DillaCdaC11BA" (C-DillaCdaC11BA) - "Macrovision" - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
"C-DillaSrv" (C-DillaSrv) - "C-Dilla Ltd" - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GS In-Game Service" (GS In-Game Service) - "ClanServers Hosting LLC" - C:\Programme\GameTracker\GSInGameService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit" (mi-raysat_3dsmax2010_32) - ? - C:\Programme\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe (File found, but it contains no detailed information)
"PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsAuxs.exe
"PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsSvc.exe
"TrueVector Internet Monitor" (vsmon) - "Zone Labs, LLC" - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WinTab Service" (WinTabService) - "Tablet Driver" - C:\WINDOWS\System32\Drivers\WTSRV.EXE

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"Antiwpa" - ? - C:\WINDOWS\system32\antiwpa.dll
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 08.04.2010, 09:46

Hallo und

Code:

ATTFilter

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"kbdqyem" (kbdqyem) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\kbdqyem.sys (Hidden file, rootkit activity)

Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM, lass die Datei (falls noch vorhanden)

C:\WINDOWS\system32\drivers\kbdqyem.sys

bei https://www.virustotal.com auswerten und poste den Ergebnislink.

RagnarL. · 08.04.2010, 11:27

Ich hoffe ich verstehe dies richtig.
Du meinst ich soll dieses Prozess "Turn off" schalten.
Das habe ich jedenfalls gemacht.

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:26:50 on 08.04.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.5.9

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe
"Wise Registry Cleaner 4.job" - "WiseCleaner.com" - C:\Programme\Wise Registry Cleaner\WiseRegistryCleaner.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"pcpanel.cpl" - "Pen Tablet" - C:\WINDOWS\system32\pcpanel.cpl
"plugincpl130_02.cpl" - "Sun Microsystems" - C:\WINDOWS\system32\plugincpl130_02.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"agmssx1p" (agmssx1p) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\agmssx1p.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ANIO Service" (ANIO) - "Alpha Networks Inc." - C:\WINDOWS\system32\ANIO.SYS
"Asapi" (Asapi) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\drivers\Asapi.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"C-Dilla" (C-Dilla) - "Macrovision" - C:\WINDOWS\system32\drivers\CDANT.SYS
"CdaC15BA" (CdaC15BA) - "Macrovision Europe Ltd" - C:\WINDOWS\system32\drivers\CDAC15BA.SYS
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"GMSIPCI" (GMSIPCI) - ? - I:\INSTALL\GMSIPCI.SYS (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"Microsoft UAA Bus Driver for High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
"MSICPL" (MSICPL) - ? - I:\install4\MSICPL.sys (File not found)
"NTACCESS" (NTACCESS) - ? - I:\NTACCESS.sys (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PCTools KDS" (PCTCore) - "PC Tools" - C:\WINDOWS\System32\drivers\PCTCore.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDIDRV" (PDIDRV) - ? - C:\WINDOWS\system32\drivers\PDIDRV.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
"Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys (File signed by Microsoft | File found, but it contains no detailed information)
"Sentinel" (Sentinel) - "Rainbow Technologies, Inc." - C:\WINDOWS\System32\Drivers\SENTINEL.SYS
"Serial Tablet Port Driver" (Tablet2k) - ? - "C:\WINDOWS\System32\Drivers\Tablet2k.sys" (File not found)
"SetupNTGLM7X" (SetupNTGLM7X) - ? - I:\NTGLM7X.sys (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"srescan" (srescan) - "Zone Labs, LLC" - C:\WINDOWS\System32\ZoneLabs\srescan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Treiber für seriellen Anschluss" (Serial) - ? - C:\WINDOWS\System32\DRIVERS\avidXPserial.sys (File found, but it contains no detailed information)
"vsdatant" (vsdatant) - "Zone Labs, LLC" - C:\WINDOWS\System32\vsdatant.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
(Disabled) "kbdqyem" (kbdqyem) - ? - C:\WINDOWS\system32\drivers\kbdqyem.sys (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6230EF55-8E71-4F40-861A-DBA282584FF5} "AVSVideoConverter Object" - "Online Media Technologies Ltd." - C:\Programme\AVS4YOU\AVSVideoConverter6\AVSVideoConverterShExt.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "ZLAVShExt Class" - "Zone Labs, LLC" - C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/products/plugin/1.3.0_02/jinstall-130_02-win.cab
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{E19F9331-3110-11d4-991C-005004D3B3DB} "{E19F9331-3110-11d4-991C-005004D3B3DB}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/1.3.0_02/jinstall-130_02-win.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
{472734EA-242A-422B-ADF8-83D1E48CC825} "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} "PC Tools Browser Guard BHO" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"PrintKey-Pro.lnk" - "WareCentral.com" - C:\Programme\Warecentral\PrintKey-Pro\PKey_Pro.exe (Shortcut exists | File exists)
"WinZip Quick Pick.lnk" - "WinZip Computing, S.L." - C:\Programme\WinZip\WZQKPICK.EXE (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\AdminUser\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.1.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "H:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
"GameTracker" - "ClanServers Hosting LLC" - C:\Programme\GameTracker\GTLite.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"ANIWZCS2Service" - "Alpha Networks Inc." - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"D-Link AirPlus G" - "D-Link" - C:\Programme\D-Link\AirPlus G\AirGCFG.exe
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
"WinampAgent" - ? - C:\Programme\Winamp\winampa.exe (File found, but it contains no detailed information)
"WTClient" - "Tablet Driver" - WTClient.exe
"ZoneAlarm Client" - "Zone Labs, LLC" - "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ANIWZCSd Service" (ANIWZCSdService) - "Alpha Networks Inc." - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Programme\Application Updater\ApplicationUpdater.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Avid SDM Service" (AvidSDMService) - "Avid Technology, Inc." - C:\WINDOWS\System32\AvidSDMService.exe
"Avid Startup" (AvidStartup) - ? - C:\WINDOWS\System32\AvidStartup.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Browser Defender Update Service" (Browser Defender Update Service) - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
"C-DillaCdaC11BA" (C-DillaCdaC11BA) - "Macrovision" - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
"C-DillaSrv" (C-DillaSrv) - "C-Dilla Ltd" - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GS In-Game Service" (GS In-Game Service) - "ClanServers Hosting LLC" - C:\Programme\GameTracker\GSInGameService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit" (mi-raysat_3dsmax2010_32) - ? - C:\Programme\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe (File found, but it contains no detailed information)
"PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsAuxs.exe
"PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsSvc.exe
"TrueVector Internet Monitor" (vsmon) - "Zone Labs, LLC" - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WinTab Service" (WinTabService) - "Tablet Driver" - C:\WINDOWS\System32\Drivers\WTSRV.EXE

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"Antiwpa" - ? - C:\WINDOWS\system32\antiwpa.dll
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 08.04.2010, 11:28

Sieht ok aus. Mach bitte jew. Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

RagnarL. · 08.04.2010, 11:58

Zitat:

Zitat von cosinus

Sieht ok aus. Mach bitte jew. Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Danke für Deine Hilfe, die Scans laufen noch, scheint 'ne Weile zu dauern.
Bis später dann

RagnarL. · 08.04.2010, 12:24

So hier nun der Scan von Malwarebytes

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3967

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

08.04.2010 13:11:08
mbam-log-2010-04-08 (13-11-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 224786
Laufzeit: 29 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\AdminUser\Desktop\desktopgedoens\Crack\xf-a2010.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken.

Und hier der von SuperAntiSpywware:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/08/2010 at 01:17 PM

Application Version : 4.35.1002

Core Rules Database Version : 4781
Trace Rules Database Version: 2593

Scan type : Quick Scan
Total Scan Time : 00:05:33

Memory items scanned : 770
Memory threats detected : 0
Registry items scanned : 443
Registry threats detected : 0
File items scanned : 6842
File threats detected : 48

Adware.Tracking Cookie
.adtech.de [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.adtech.de [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.mediaplex.com [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.adopt.euroclick.com [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.doubleclick.net [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.tradedoubler.com [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.advertising.com [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.adtech.de [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.adtech.de [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.mediaplex.com [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.adopt.euroclick.com [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.doubleclick.net [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.tradedoubler.com [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.advertising.com [ C:\Dokumente und Einstellungen\AdminUser\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.adtech.de [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.adtech.de [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.mediaplex.com [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.adopt.euroclick.com [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.doubleclick.net [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.tradedoubler.com [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.advertising.com [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\ls81rt6c.slt\cookies.txt ]
.adtech.de [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.adtech.de [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.mediaplex.com [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.2o7.net [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.adopt.euroclick.com [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.doubleclick.net [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.tradedoubler.com [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]
.advertising.com [ C:\Dokumente und Einstellungen\AdminUser\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\mgyrmjhn.default\cookies.txt ]

cosinus · 08.04.2010, 12:27

Zitat:

C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows)
C:\Dokumente und Einstellungen\AdminUser\Desktop\desktopgedoens\Crack\xf-a2010.exe

Warum hast Du ein gecracktes Windows drauf?
Und der andere Crack hat da auch nichts zu suchen.

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

RagnarL. · 08.04.2010, 12:44

Vielen Dank

Ich habe eine legale XP Version die sich nicht mehr installieren lässt, daher habe ich auf diese Händlerversion zugegriffen.
Werde mir aber Xp besorgen, kostet ja nicht die Welt.
Danke dennoch für Deine Hilfe.
Ich melde mich dann wieder.
Gruß Gerald

08.04.2010, 11:28	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ich habe ebenfalls Probleme mit dem TR/Agent/Ruo Trojaner Sieht ok aus. Mach bitte jew. Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Ich habe ebenfalls Probleme mit dem TR/Agent/Ruo Trojaner

Plagegeister aller Art und deren Bekämpfung: Ich habe ebenfalls Probleme mit dem TR/Agent/Ruo Trojaner