Tr/Agent.ruo in C:\Windows\System32\drivers\d3dsviob.sys gefunden.

MalteKU · 13.05.2010, 10:30

Hallo,

in regelmäßigen Abständen bekomme ich den Hinweis von AntiVir, dass der Trojaner Tr/Agent.ruo gefunden wurde. Das Löschen oder in Quanratäne verschieben bringt leider nicht. Die Meldung erscheint immer wieder. Besonders häufig im Zusammenhang mit dem Öffnen von Mozilla Firefox.

Bitte um Hilfe!

es folgen gleich Malware und OTL-Ergebnisse:

Malware:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4095

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

13.05.2010 10:41:55
mbam-log-2010-05-13 (10-41-55).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 126303
Laufzeit: 12 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 17
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 5
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\improvedadshelper.browserwatcher (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\improvedadshelper.browserwatcher.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\improvedadshelper.pornpro_bho (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\improvedadshelper.pornpro_bho.1 (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\improvedadshelper.precachebrowserhost (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\improvedadshelper.precachebrowserhost.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{647d5a4e-78b5-53ed-7e75-1940d1dffea4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ce0a18d-6081-d104-96f7-f765c20b22f1} (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2ce0a18d-6081-d104-96f7-f765c20b22f1} (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ce0a18d-6081-d104-96f7-f765c20b22f1} (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ImprovedAdsHelper (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImprovedAdsHelper (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\ImprovedAdsHelper (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\drivers\d3dsviob.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\***\downloads\Everest Poker.exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\ImprovedAdsHelper\uninstall.exe (Adware.ImprovedAdsHelper) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Tr/Agent.ruo in C:\Windows\System32\drivers\d3dsviob.sys gefunden.

Plagegeister aller Art und deren Bekämpfung: Tr/Agent.ruo in C:\Windows\System32\drivers\d3dsviob.sys gefunden.

Tr/Agent.ruo in C:\Windows\System32\drivers\d3dsviob.sys gefunden.

Ähnliche Themen: Tr/Agent.ruo in C:\Windows\System32\drivers\d3dsviob.sys gefunden.