TR/Agent.RUO.4 [trojan] auf dem rechner gefunden.

shizobunny · 08.04.2010, 08:07

Hallo ihr lieben...
habe auch seit ein paar tagen den tolle trojaner drauf...

habe schonmal einen log erstellt und hoffe auf eure hilfe

Code:

ATTFilter

 
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:01:30 on 08.04.2010
 
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3
 
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
 
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
 
 
[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe
"BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information)
 
[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"Ad-Aware Update (Weekly).job" - "Lavasoft " - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
 
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AUDIOHQ.CPL" - "Creative Technology Ltd." - C:\WINDOWS\system32\AUDIOHQ.CPL
"CtDetect.cpl" - "Creative Technology Ltd." - C:\WINDOWS\system32\CtDetect.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"ByakkoDriver" (ByakkoDriver) - ? - C:\DOKUME~1\SHIZOB~1\LOKALE~1\Temp\911421.07-30-2009 (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\cpuz132_x32.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information)
"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\gdrv.sys
"GMSIPCI" (GMSIPCI) - ? - E:\INSTALL\GMSIPCI.SYS (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"NTACCESS" (NTACCESS) - ? - E:\NTACCESS.sys (File not found)
"ntnyf" (ntnyf) - ? - C:\WINDOWS\system32\drivers\ntnyf.sys (File not found)
"oreans32" (oreans32) - ? - C:\WINDOWS\system32\drivers\oreans32.sys (File found, but it contains no detailed information)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver" (RTL8023xp) - ? - C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys (File not found)
"RRNetCap Service" (RRNetCap) - "RapidSolution Software AG" - C:\WINDOWS\System32\DRIVERS\rrnetcap.sys
"RRNetCapMP" (RRNetCapMP) - "RapidSolution Software AG" - C:\WINDOWS\System32\DRIVERS\rrnetcap.sys
"SetupNTGLM7X" (SetupNTGLM7X) - ? - E:\NTGLM7X.sys (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Swpnkfscctec" (Swpnkfscctec) - ? - C:\WINDOWS\system32\drivers\Swpnkfscctec.sys (File not found)
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"XDva248" (XDva248) - ? - C:\WINDOWS\system32\XDva248.sys (File not found)
"zlportio" (zlportio) - ? - G:\Matthi's Daten\UltraStar Deluxe\zlportio.sys (File not found)
 
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{9C450606-ED24-4958-92BA-B8940C99D441} "PixiePack Codec Pack 1.1.400.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
 
[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "Toolbar fuer eBay" - ? - C:\Dokumente und Einstellungen\Shizobunny\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_16\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Messenger" - ? - C:\Programme\Messenger\msmsgs.exe (File not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Ask.com Toolbar" - ? - C:\Programme\Ask.com\Supertoolbar\GenericAskToolbar.dll (File not found)
<binary data> "Toolbar fuer eBay" - ? - C:\Dokumente und Einstellungen\Shizobunny\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask.com Toolbar" - ? - C:\Programme\Ask.com\Supertoolbar\GenericAskToolbar.dll (File not found)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AA61DE26-FA67-4575-9033-918671094293} "TBSB03968 Class" - ? - C:\Dokumente und Einstellungen\Shizobunny\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll
 
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"TB-Tray.lnk" - "Felix 'SniperBeamer' Geyer" - C:\Programme\Mozilla Thunderbird\Thunderbird-Tray\TBTray.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Shizobunny\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BitTorrent DNA" - "BitTorrent, Inc." - "C:\Programme\DNA\btdna.exe"
"Pando Media Booster" - ? - C:\Programme\Pando Networks\Media Booster\PMB.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"OODefragTray" - "O&O Software GmbH" - C:\WINDOWS\system32\oodtray.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TrayServer" - "MAGIX AG" - C:\Programme\MAGIX\Video_deluxe_16_Plus_Download-Version\TrayServer.exe
 
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe LM Service" (Adobe LM Service) - ? - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"BrSplService" (Brother XP spl Service) - "brother Industries Ltd" - C:\WINDOWS\system32\brsvc01a.exe
"ES lite Service for program management." (ES lite Service) - ? - C:\Programme\Gigabyte\EasySaver\ESSVR.EXE (File found, but it contains no detailed information)
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\WINDOWS\system32\FsUsbExService.Exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des
"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe
"PEVSystemStart" (PEVSystemStart) - ? - C:\ComboFix\PEV.cfxxe (File found, but it contains no detailed information)
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 
[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - F:\Games\bigfish\FISHDO~1\FISHDO~1.SCR (File not found)
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 
[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 
===[ Logfile end ]=========================================[ Logfile end ]===
 
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

shizobunny · 08.04.2010, 09:46

inzwischen ist es bei mir auch der TR/Agent.RUO.6 und nicht mehr der 4er...

cosinus · 08.04.2010, 09:49

Hallo und

Code:

ATTFilter

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ByakkoDriver" (ByakkoDriver) - ? - C:\DOKUME~1\SHIZOB~1\LOKALE~1\Temp\911421.07-30-2009 (File not found)
"ntnyf" (ntnyf) - ? - C:\WINDOWS\system32\drivers\ntnyf.sys (File not found)
"oreans32" (oreans32) - ? - C:\WINDOWS\system32\drivers\oreans32.sys (File found, but it contains no detailed information)

Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM, lass die Datei (falls noch vorhanden)

C:\WINDOWS\system32\drivers\oreans32.sys

bei https://www.virustotal.com auswerten und poste den Ergebnislink.

shizobunny · 08.04.2010, 09:52

hier schonmal der Link

https://www.virustotal.com/de/analisis/d786de9fb254dcec3d131cbeae13e4020d9e353835ad2e4bef9580b1d638b4ad-1270609275

shizobunny · 08.04.2010, 10:08

und hier der Log

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:06:55 on 08.04.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe
"BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"Ad-Aware Update (Weekly).job" - "Lavasoft                                                              " - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AUDIOHQ.CPL" - "Creative Technology Ltd." - C:\WINDOWS\system32\AUDIOHQ.CPL
"CtDetect.cpl" - "Creative Technology Ltd." - C:\WINDOWS\system32\CtDetect.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\cpuz132_x32.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\gdrv.sys
"GMSIPCI" (GMSIPCI) - ? - E:\INSTALL\GMSIPCI.SYS  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"NTACCESS" (NTACCESS) - ? - E:\NTACCESS.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver" (RTL8023xp) - ? - C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys  (File not found)
"RRNetCap Service" (RRNetCap) - "RapidSolution Software AG" - C:\WINDOWS\System32\DRIVERS\rrnetcap.sys
"RRNetCapMP" (RRNetCapMP) - "RapidSolution Software AG" - C:\WINDOWS\System32\DRIVERS\rrnetcap.sys
"SetupNTGLM7X" (SetupNTGLM7X) - ? - E:\NTGLM7X.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Swpnkfscctec" (Swpnkfscctec) - ? - C:\WINDOWS\system32\drivers\Swpnkfscctec.sys  (File not found)
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"XDva248" (XDva248) - ? - C:\WINDOWS\system32\XDva248.sys  (File not found)
"zlportio" (zlportio) - ? - G:\Matthi's Daten\UltraStar Deluxe\zlportio.sys  (File not found)
(Disabled) "ByakkoDriver" (ByakkoDriver) - ? - C:\DOKUME~1\SHIZOB~1\LOKALE~1\Temp\911421.07-30-2009  (File not found)
(Disabled) "ntnyf" (ntnyf) - ? - C:\WINDOWS\system32\drivers\ntnyf.sys  (File not found)
(Disabled) "oreans32" (oreans32) - ? - C:\WINDOWS\system32\drivers\oreans32.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{9C450606-ED24-4958-92BA-B8940C99D441} "PixiePack Codec Pack 1.1.400.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Toolbar fuer eBay" - ? - C:\Dokumente und Einstellungen\Shizobunny\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_16\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Messenger" - ? - C:\Programme\Messenger\msmsgs.exe  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Ask.com Toolbar" - ? - C:\Programme\Ask.com\Supertoolbar\GenericAskToolbar.dll  (File not found)
<binary data> "Toolbar fuer eBay" - ? - C:\Dokumente und Einstellungen\Shizobunny\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask.com Toolbar" - ? - C:\Programme\Ask.com\Supertoolbar\GenericAskToolbar.dll  (File not found)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AA61DE26-FA67-4575-9033-918671094293} "TBSB03968 Class" - ? - C:\Dokumente und Einstellungen\Shizobunny\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll  (File not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"TB-Tray.lnk" - "Felix 'SniperBeamer' Geyer" - C:\Programme\Mozilla Thunderbird\Thunderbird-Tray\TBTray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Shizobunny\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BitTorrent DNA" - "BitTorrent, Inc." - "C:\Programme\DNA\btdna.exe"
"Pando Media Booster" - ? - C:\Programme\Pando Networks\Media Booster\PMB.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"OODefragTray" - "O&O Software GmbH" - C:\WINDOWS\system32\oodtray.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TrayServer" - "MAGIX AG" - C:\Programme\MAGIX\Video_deluxe_16_Plus_Download-Version\TrayServer.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe LM Service" (Adobe LM Service) - ? - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"BrSplService" (Brother XP spl Service) - "brother Industries Ltd" - C:\WINDOWS\system32\brsvc01a.exe
"ES lite Service for program management." (ES lite Service) - ? - C:\Programme\Gigabyte\EasySaver\ESSVR.EXE  (File found, but it contains no detailed information)
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\WINDOWS\system32\FsUsbExService.Exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des
"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe
"PEVSystemStart" (PEVSystemStart) - ? - C:\ComboFix\PEV.cfxxe  (File found, but it contains no detailed information)
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - F:\Games\bigfish\FISHDO~1\FISHDO~1.SCR  (File not found)
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 08.04.2010, 10:16

Die oreans.sys bitte bei uns hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Mach danach bitte Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

shizobunny · 08.04.2010, 10:52

oreans32.sys ist hochgeladen...die scanns laufen

shizobunny · 08.04.2010, 12:20

der erste Log von Malwarebyte

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3967

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

08.04.2010 13:18:50
mbam-log-2010-04-08 (13-18-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 308162
Laufzeit: 1 Stunde(n), 32 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 29

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\WINDOWS\system32\System32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Dokumente und Einstellungen\Shizobunny\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\cis-2.4.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\issacapi_bs-2.3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\issacapi_pe-2.3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\issacapi_se-2.3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MACXMLProto.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MaDRM.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MaJGUILib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MAMACExtract.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MASetupCaller.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MASetupCleaner.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MaXMLProto.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MK_Lyric.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MSCLib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MSFLib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MSLUR71.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\msvcp60.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MTTELECHIP.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\MTXSYNCICON.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\muzaf1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\muzapp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\muzapp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\muzdecode.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\muzeffect.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\muzmp4sp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\muzmpgsp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\muzoggsp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\muzwmts.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32\psapi.dll (Trojan.Agent) -> Quarantined and deleted successfully.

shizobunny · 08.04.2010, 13:43

und hier das andere von superantispyware

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/08/2010 at 02:41 PM

Application Version : 4.35.1002

Core Rules Database Version : 4781
Trace Rules Database Version: 2593

Scan type       : Complete Scan
Total Scan Time : 01:44:44

Memory items scanned      : 684
Memory threats detected   : 0
Registry items scanned    : 4990
Registry threats detected : 13
File items scanned        : 200999
File threats detected     : 40

Adware.Tracking Cookie
	C:\Dokumente und Einstellungen\Shizobunny\Cookies\shizobunny@advertising[1].txt
	C:\Dokumente und Einstellungen\Shizobunny\Cookies\shizobunny@ad.yieldmanager[1].txt
	C:\Dokumente und Einstellungen\Shizobunny\Cookies\shizobunny@bs.serving-sys[2].txt
	C:\Dokumente und Einstellungen\Shizobunny\Cookies\shizobunny@atdmt[1].txt
	C:\Dokumente und Einstellungen\Shizobunny\Cookies\shizobunny@statcounter[1].txt
	C:\Dokumente und Einstellungen\Shizobunny\Cookies\shizobunny@doubleclick[1].txt
	C:\Dokumente und Einstellungen\Shizobunny\Cookies\shizobunny@msnportal.112.2o7[1].txt
	C:\Dokumente und Einstellungen\Shizobunny\Cookies\shizobunny@content.yieldmanager[1].txt
	C:\Dokumente und Einstellungen\Shizobunny\Cookies\shizobunny@serving-sys[1].txt
	C:\Dokumente und Einstellungen\Shizobunny\Cookies\shizobunny@smartadserver[2].txt

Unclassified.Oreans32
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
	HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
	C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS

Trojan.Agent/Gen-Nullo[Short]
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111151.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111138.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111139.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111140.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111141.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111142.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111143.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111144.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111145.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111146.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111147.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111148.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111149.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111150.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111152.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111153.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111154.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111155.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111156.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111157.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111158.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111159.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111160.AX
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111161.AX
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111162.AX
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111163.AX
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111164.AX
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111165.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE3177A9-7BA3-4495-A643-0D7B93516769}\RP361\A0111166.DLL

cosinus · 08.04.2010, 13:50

Ok. Alle Funde bitte entfernen

Wie verhält sich der Rechner jetzt?

shizobunny · 08.04.2010, 16:47

also nach dem neustart, den das programm angefordert hatte, ist nichts mehr aufgetreten

ich werd gleich einen scann nochmal laufen lassen aber ich bin voller zuversicht

ich danke dir viel viel mals für deine hilfe...

liebe grüße,
bunny

cosinus · 08.04.2010, 17:46

Gut! Dann mach Dich mal an die Updates ran:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

08.04.2010, 10:16	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Agent.RUO.4 [trojan] auf dem rechner gefunden. Die oreans.sys bitte bei uns hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Mach danach bitte Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ --> TR/Agent.RUO.4 [trojan] auf dem rechner gefunden.

08.04.2010, 13:50	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Agent.RUO.4 [trojan] auf dem rechner gefunden. Ok. Alle Funde bitte entfernen Wie verhält sich der Rechner jetzt? __________________ Logfiles bitte immer in CODE-Tags posten

TR/Agent.RUO.4 [trojan] auf dem rechner gefunden.

Plagegeister aller Art und deren Bekämpfung: TR/Agent.RUO.4 [trojan] auf dem rechner gefunden.