Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner TR/Agent.aotx.1

Trojaner TR/Agent.aotx.1


Log-Analyse und Auswertung: Trojaner TR/Agent.aotx.1

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 16.07.2012, 17:02   #1
StefHei
 
Trojaner TR/Agent.aotx.1 - Standard

Trojaner TR/Agent.aotx.1


Hallo!

Diesmal habe ich den Laptop einer Bekannten zur "Pflege". Hier wurde von Avira obiger Trojaner gemeldet.

OTL - Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 16.07.2012 17:51:11 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Test\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 58,90% Memory free
6,10 Gb Paging File | 4,95 Gb Available in Paging File | 81,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,21 Gb Total Space | 146,69 Gb Free Space | 66,92% Space Free | Partition Type: NTFS
Drive D: | 925,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TEST-PC | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
OTL - OTL.txt

Code:
ATTFilter
OTL logfile created on: 16.07.2012 17:51:06 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Test\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 58,90% Memory free
6,10 Gb Paging File | 4,95 Gb Available in Paging File | 81,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,21 Gb Total Space | 146,69 Gb Free Space | 66,92% Space Free | Partition Type: NTFS
Drive D: | 925,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TEST-PC | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.16 17:48:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
PRC - [2012.07.16 17:45:07 | 000,050,477 | ---- | M] () -- C:\Users\Test\Desktop\Defogger.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:22:53 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.28 16:36:39 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012.01.23 14:15:54 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.7\ICQ.exe
PRC - [2011.12.05 13:42:22 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2011.05.27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\Scrybe\scrybe.exe
PRC - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2010.06.23 22:41:43 | 000,200,704 | ---- | M] () -- C:\Windows\plfseti.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.12 06:20:52 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2009.02.06 13:07:08 | 000,686,624 | ---- | M] (Acer Incorporated) -- C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe
PRC - [2009.02.06 13:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.16 17:45:07 | 000,050,477 | ---- | M] () -- C:\Users\Test\Desktop\Defogger.exe
MOD - [2011.03.31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010.07.21 20:02:08 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2010.06.23 22:41:43 | 000,200,704 | ---- | M] () -- C:\Windows\plfseti.exe
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Programme\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2009.02.06 13:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2008.05.06 00:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\L1C60x86.sys -- (L1C)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.04 23:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0410&m=e525
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?barid={67A25F9F-064C-4D85-8EAB-DC6F0C5CAEE0}
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={67A25F9F-064C-4D85-8EAB-DC6F0C5CAEE0}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0410&m=e525
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {A8EE9393-6F22-41DB-B2E4-0C6F67CB18E9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=b5lTpTWrnT6BNmDJ0IXbyi7g9sQ?q={searchTerms}
IE - HKCU\..\SearchScopes\{A8EE9393-6F22-41DB-B2E4-0C6F67CB18E9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE385
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={67A25F9F-064C-4D85-8EAB-DC6F0C5CAEE0}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\plfseti.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Userinit] C:\Users\Test\AppData\Roaming\appconf32.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{630552E6-0066-4380-A077-2B18F4453502}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.11.25 16:17:40 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ]
O32 - AutoRun File - [2010.10.15 09:52:30 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f004a16d-41b7-11df-9962-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f004a16d-41b7-11df-9962-806e6f6e6963}\Shell\AutoRun\command - "" = D:\cdstart.exe -- [2010.11.18 16:27:48 | 001,419,984 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.16 17:48:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2012.07.16 16:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.13 16:25:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.13 12:32:50 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Avira
[2012.07.13 12:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.13 12:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.07.13 12:26:06 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.13 12:26:06 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.13 12:26:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.07.13 12:26:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.07.13 12:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.13 12:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.06.20 14:17:55 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\World4
[1 C:\Users\Test\AppData\Roaming\*.tmp files -> C:\Users\Test\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.16 17:48:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2012.07.16 17:47:59 | 000,000,000 | ---- | M] () -- C:\Users\Test\defogger_reenable
[2012.07.16 17:45:07 | 000,050,477 | ---- | M] () -- C:\Users\Test\Desktop\Defogger.exe
[2012.07.16 17:42:01 | 000,167,104 | ---- | M] () -- C:\Users\Test\AppData\Roaming\AcroIEHelpe169.dll
[2012.07.16 17:42:01 | 000,006,400 | ---- | M] () -- C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
[2012.07.16 17:41:52 | 000,000,051 | ---- | M] () -- C:\Users\Test\AppData\Roaming\blckdom.res
[2012.07.16 17:41:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.16 16:40:43 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.16 16:39:33 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.16 16:31:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.13 20:49:01 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.13 20:49:01 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.13 20:48:19 | 3147,808,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 17:51:34 | 000,304,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.13 12:27:19 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.29 14:17:07 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.29 14:17:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.29 14:17:07 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.29 14:17:07 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Users\Test\AppData\Roaming\*.tmp files -> C:\Users\Test\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.16 17:47:59 | 000,000,000 | ---- | C] () -- C:\Users\Test\defogger_reenable
[2012.07.16 17:45:06 | 000,050,477 | ---- | C] () -- C:\Users\Test\Desktop\Defogger.exe
[2012.07.16 17:42:01 | 000,167,104 | ---- | C] () -- C:\Users\Test\AppData\Roaming\AcroIEHelpe169.dll
[2012.07.16 17:42:01 | 000,006,400 | ---- | C] () -- C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
[2012.07.16 16:39:33 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.13 12:27:19 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.16 14:12:46 | 000,000,051 | ---- | C] () -- C:\Users\Test\AppData\Roaming\blckdom.res
[2012.01.09 14:34:13 | 269,781,597 | ---- | C] () -- C:\Users\Test\mvp.exe
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.08 13:27:01 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.21 20:35:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.07.21 20:35:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.23 22:44:53 | 000,012,288 | ---- | C] () -- C:\Users\Test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.22 19:56:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.09 17:23:13 | 000,053,712 | RHS- | C] () -- C:\Users\Test\AppData\Roaming\appconf32.exe
 
========== LOP Check ==========
 
[2012.05.10 13:59:24 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\.minecraft
[2011.08.25 16:57:18 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\FarmingSimulator2008
[2012.05.19 12:25:49 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\ICQ
[2012.06.16 14:12:18 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\kock
[2011.07.20 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Synaptics
[2012.06.17 12:36:30 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\UAs
[2012.06.20 14:17:55 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\World4
[2012.06.17 12:36:53 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\xmldm
[2012.07.13 18:21:38 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Danke schonmal für Eure Hilfe!

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-16 18:59:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2555GSX rev.FG001J
Running: ostqxwog.exe; Driver: C:\Users\Test\AppData\Local\Temp\pxldipow.sys


---- System - GMER 1.0.15 ----

SSDT            8CDB556E                                                                                               ZwCreateSection
SSDT            8CDB5578                                                                                               ZwRequestWaitReplyPort
SSDT            8CDB5573                                                                                               ZwSetContextThread
SSDT            8CDB557D                                                                                               ZwSetSecurityObject
SSDT            8CDB5582                                                                                               ZwSystemDebugControl
SSDT            8CDB550F                                                                                               ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                          81EE58D8 4 Bytes  [6E, 55, DB, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                          81EE5BFC 4 Bytes  [78, 55, DB, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                          81EE5C30 4 Bytes  [73, 55, DB, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                          81EE5C94 4 Bytes  [7D, 55, DB, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                          81EE5CDC 4 Bytes  [82, 55, DB, 8C] {ADC BYTE [EBP-0x25], -0x74}
.text           ...                                                                                                    

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\taskeng.exe[312] ntdll.dll!NtClearEvent + F                                        770A4183 1 Byte  [00]
.text           C:\Windows\system32\igfxsrvc.exe[1608] ntdll.dll!NtClearEvent + F                                      770A4183 1 Byte  [00]
.text           C:\Windows\system32\Dwm.exe[1716] ntdll.dll!NtClearEvent + F                                           770A4183 1 Byte  [00]
.text           C:\Windows\Explorer.EXE[1776] ntdll.dll!NtClearEvent + F                                               770A4183 1 Byte  [00]
.text           C:\Windows\Explorer.EXE[1776] kernel32.dll!CreateProcessW                                              75951BF3 5 Bytes  JMP 05F350CA 
.text           C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1904] ntdll.dll!NtClearEvent + F       770A4183 1 Byte  [00]
.text           C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[1912] ntdll.dll!NtClearEvent + F  770A4183 1 Byte  [00]
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] ntdll.dll!NtClearEvent + F                       770A4183 1 Byte  [00]
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] kernel32.dll!CreateThread                        7599CB2E 5 Bytes  JMP 717D75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] ADVAPI32.dll!RegOpenKeyExW                       75E77BA1 5 Bytes  JMP 0248121E C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!SetWindowsHookExW                     758B87AD 5 Bytes  JMP 718125AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!CallNextHookEx                        758B8E3B 5 Bytes  JMP 71837FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!UnhookWindowsHookEx                   758B98DB 5 Bytes  JMP 7185ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!EnableWindow                          758BCD8B 5 Bytes  JMP 71819EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!DefWindowProcA                        758BDB88 7 Bytes  JMP 717D97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!CreateWindowExA                       758BDC2A 5 Bytes  JMP 717E362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!CreateWindowExW                       758C1305 5 Bytes  JMP 718403B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!DefWindowProcW                        758D03B4 7 Bytes  JMP 71838042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!DialogBoxParamW                       758E10B0 5 Bytes  JMP 7177187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!DialogBoxIndirectParamW               758E2EF5 5 Bytes  JMP 71968D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!DialogBoxParamA                       758F8152 5 Bytes  JMP 71968D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!DialogBoxIndirectParamA               758F847D 5 Bytes  JMP 71968DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!MessageBoxIndirectA                   7590D4D9 5 Bytes  JMP 71968CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!MessageBoxIndirectW                   7590D5D3 5 Bytes  JMP 71968C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!MessageBoxExA                         7590D639 5 Bytes  JMP 71968BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!MessageBoxExW                         7590D65D 5 Bytes  JMP 71968B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] ole32.dll!OleLoadFromStream                      75A51E80 5 Bytes  JMP 7196955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] WININET.dll!InternetOpenA                        757AD5E8 5 Bytes  JMP 002B99B2 
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] WININET.dll!InternetCrackUrlA                    757B027E 5 Bytes  JMP 002B961A 
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] WININET.dll!InternetConnectA                     757C567E 5 Bytes  JMP 002B9718 
.text           C:\Program Files\Internet Explorer\iexplore.exe[1920] WININET.dll!InternetOpenW                        757CC596 5 Bytes  JMP 002B99C4 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1928] ntdll.dll!NtClearEvent + F                         770A4183 1 Byte  [00]
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] ntdll.dll!NtClearEvent + F                       770A4183 1 Byte  [00]
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] ADVAPI32.dll!RegOpenKeyExW                       75E77BA1 5 Bytes  JMP 02C8121E C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!EnableWindow                          758BCD8B 5 Bytes  JMP 71819EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!DialogBoxParamW                       758E10B0 5 Bytes  JMP 7177187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!DialogBoxIndirectParamW               758E2EF5 5 Bytes  JMP 71968D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!DialogBoxParamA                       758F8152 5 Bytes  JMP 71968D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!DialogBoxIndirectParamA               758F847D 5 Bytes  JMP 71968DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!MessageBoxIndirectA                   7590D4D9 5 Bytes  JMP 71968CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!MessageBoxIndirectW                   7590D5D3 5 Bytes  JMP 71968C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!MessageBoxExA                         7590D639 5 Bytes  JMP 71968BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!MessageBoxExW                         7590D65D 5 Bytes  JMP 71968B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] WININET.dll!InternetOpenA                        757AD5E8 5 Bytes  JMP 006D99B2 
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] WININET.dll!InternetCrackUrlA                    757B027E 5 Bytes  JMP 006D961A 
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] WININET.dll!InternetConnectA                     757C567E 5 Bytes  JMP 006D9718 
.text           C:\Program Files\Internet Explorer\iexplore.exe[2088] WININET.dll!InternetOpenW                        757CC596 5 Bytes  JMP 006D99C4 
.text           C:\Program Files\ICQ7.7\ICQ.exe[2092] ntdll.dll!NtClearEvent + F                                       770A4183 1 Byte  [00]
.text           C:\Program Files\ICQ7.7\ICQ.exe[2092] kernel32.dll!LoadLibraryExW                                      7597927C 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\ICQ7.7\ICQ.exe[2092] kernel32.dll!ReadFile                                            7598F0D3 6 Bytes  JMP 5F190F5A 
.text           C:\Program Files\ICQ7.7\ICQ.exe[2092] kernel32.dll!GetFileSize                                         75997368 6 Bytes  JMP 5F1C0F5A 
.text           C:\Program Files\ICQ7.7\ICQ.exe[2092] kernel32.dll!CloseHandle                                         7599B0AD 6 Bytes  JMP 5F160F5A 
.text           C:\Program Files\ICQ7.7\ICQ.exe[2092] kernel32.dll!CreateFileW                                         7599B0EB 6 Bytes  JMP 5F130F5A 
.text           C:\Program Files\ICQ7.7\ICQ.exe[2092] USER32.dll!SetParent                                             758BA2AA 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\ICQ7.7\ICQ.exe[2092] USER32.dll!SetParent + 4                                         758BA2AE 2 Bytes  [20, 5F]
.text           C:\Program Files\ICQ7.7\ICQ.exe[2092] USER32.dll!CreateWindowExW                                       758C1305 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\ICQ7.7\ICQ.exe[2092] USER32.dll!DispatchMessageW                                      758D021C 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\ICQ7.7\ICQ.exe[2092] USER32.dll!PeekMessageW                                          758D045A 6 Bytes  JMP 5F100F5A 
.text           C:\Program Files\ICQ7.7\ICQ.exe[2092] ole32.dll!CoCreateInstance                                       75A89F3E 6 Bytes  JMP 5F0D0F5A 
.text           C:\Windows\plfseti.exe[3356] ntdll.dll!NtClearEvent + F                                                770A4183 1 Byte  [00]
.text           C:\Windows\System32\igfxtray.exe[3380] ntdll.dll!NtClearEvent + F                                      770A4183 1 Byte  [00]
.text           C:\Windows\System32\hkcmd.exe[3388] ntdll.dll!NtClearEvent + F                                         770A4183 1 Byte  [00]
.text           C:\Windows\System32\igfxpers.exe[3396] ntdll.dll!NtClearEvent + F                                      770A4183 1 Byte  [00]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3408] ntdll.dll!NtClearEvent + F            770A4183 6 Bytes  JMP 003C0313 
.text           ...                                                                                                    
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] kernel32.dll!CreateThread                        7599CB2E 5 Bytes  JMP 717D75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] ADVAPI32.dll!RegOpenKeyExW                       75E77BA1 5 Bytes  JMP 02BD121E C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!SetWindowsHookExW                     758B87AD 5 Bytes  JMP 718125AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!CallNextHookEx                        758B8E3B 5 Bytes  JMP 71837FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!UnhookWindowsHookEx                   758B98DB 5 Bytes  JMP 7185ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!EnableWindow                          758BCD8B 5 Bytes  JMP 71819EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DefWindowProcA                        758BDB88 7 Bytes  JMP 717D97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!CreateWindowExA                       758BDC2A 5 Bytes  JMP 717E362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!CreateWindowExW                       758C1305 5 Bytes  JMP 718403B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DefWindowProcW                        758D03B4 7 Bytes  JMP 71838042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DialogBoxParamW                       758E10B0 5 Bytes  JMP 7177187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DialogBoxIndirectParamW               758E2EF5 5 Bytes  JMP 71968D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DialogBoxParamA                       758F8152 5 Bytes  JMP 71968D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DialogBoxIndirectParamA               758F847D 5 Bytes  JMP 71968DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!MessageBoxIndirectA                   7590D4D9 5 Bytes  JMP 71968CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!MessageBoxIndirectW                   7590D5D3 5 Bytes  JMP 71968C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!MessageBoxExA                         7590D639 5 Bytes  JMP 71968BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!MessageBoxExW                         7590D65D 5 Bytes  JMP 71968B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] ole32.dll!OleLoadFromStream                      75A51E80 5 Bytes  JMP 7196955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] WININET.dll!InternetOpenA                        757AD5E8 5 Bytes  JMP 01BA99B2 
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] WININET.dll!InternetCrackUrlA                    757B027E 5 Bytes  JMP 01BA961A 
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] WININET.dll!InternetConnectA                     757C567E 5 Bytes  JMP 01BA9718 
.text           C:\Program Files\Internet Explorer\iexplore.exe[4224] WININET.dll!InternetOpenW                        757CC596 5 Bytes  JMP 01BA99C4 
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] ntdll.dll!NtClearEvent + F                       770A4183 1 Byte  [00]
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] kernel32.dll!CreateThread                        7599CB2E 5 Bytes  JMP 717D75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] ADVAPI32.dll!RegOpenKeyExW                       75E77BA1 5 Bytes  JMP 0300121E C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!SetWindowsHookExW                     758B87AD 5 Bytes  JMP 718125AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!CallNextHookEx                        758B8E3B 5 Bytes  JMP 71837FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!UnhookWindowsHookEx                   758B98DB 5 Bytes  JMP 7185ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!EnableWindow                          758BCD8B 5 Bytes  JMP 71819EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!DefWindowProcA                        758BDB88 7 Bytes  JMP 717D97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!CreateWindowExA                       758BDC2A 5 Bytes  JMP 717E362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!CreateWindowExW                       758C1305 5 Bytes  JMP 718403B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!DefWindowProcW                        758D03B4 7 Bytes  JMP 71838042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!DialogBoxParamW                       758E10B0 5 Bytes  JMP 7177187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!DialogBoxIndirectParamW               758E2EF5 5 Bytes  JMP 71968D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!DialogBoxParamA                       758F8152 5 Bytes  JMP 71968D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!DialogBoxIndirectParamA               758F847D 5 Bytes  JMP 71968DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!MessageBoxIndirectA                   7590D4D9 5 Bytes  JMP 71968CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!MessageBoxIndirectW                   7590D5D3 5 Bytes  JMP 71968C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!MessageBoxExA                         7590D639 5 Bytes  JMP 71968BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!MessageBoxExW                         7590D65D 5 Bytes  JMP 71968B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] ole32.dll!OleLoadFromStream                      75A51E80 5 Bytes  JMP 7196955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] WININET.dll!InternetOpenA                        757AD5E8 5 Bytes  JMP 003899B2 
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] WININET.dll!InternetCrackUrlA                    757B027E 5 Bytes  JMP 0038961A 
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] WININET.dll!InternetConnectA                     757C567E 5 Bytes  JMP 00389718 
.text           C:\Program Files\Internet Explorer\iexplore.exe[4448] WININET.dll!InternetOpenW                        757CC596 5 Bytes  JMP 003899C4 
.text           C:\Windows\system32\wuauclt.exe[5788] ntdll.dll!NtClearEvent + F                                       770A4183 1 Byte  [00]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings@alive                                 0x30 0x6C 0xC0 0x8F ...

---- EOF - GMER 1.0.15 ----
...auch dieses Ding meldet Avira ;-(

RKIT/Agent.deov

Alt 18.07.2012, 21:12   #2
markusg
/// Malware-holic
 
Trojaner TR/Agent.aotx.1 - Standard

Trojaner TR/Agent.aotx.1


hi
avira fundmeldungen posten.


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Userinit] C:\Users\Test\AppData\Roaming\appconf32.exe ()
[2012.07.16 17:42:01 | 000,167,104 | ---- | M] () -- C:\Users\Test\AppData\Roaming\AcroIEHelpe169.dll
[2012.07.16 17:42:01 | 000,006,400 | ---- | M] () -- C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
[2012.06.17 12:36:53 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\xmldm
[2012.06.16 14:12:18 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\kock
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________
Alt 19.07.2012, 08:44   #3
StefHei
 
Trojaner TR/Agent.aotx.1 - Daumen hoch

Trojaner TR/Agent.aotx.1


Hallo Markus,

ich konnte (anscheinend) die Schädlinge per Antimalware und Avira beseitigen. Jedenfalls treten keine Meldungen mehr auf. Der Laptop ist auch schon zurück an den Besitzer gegangen, er wird dort nur zum "Daddeln" für die Kids benutzt. Sollten noch Probleme auftreten, melde ich mich nochmal.

Vielen Dank für die bisherige Unterstützung!
__________________
Alt 20.07.2012, 19:37   #4
markusg
/// Malware-holic
 
Trojaner TR/Agent.aotx.1 - Standard

Trojaner TR/Agent.aotx.1


solche geräte können trotzdem für straftaten, wie ddos angriffe bzw spam versand genutzt werden, wenn man dann pech hatt, werden sie zur beweissicherung eingezogen oder der internet zugang ist nur noch eingeschrenkt möglich
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Trojaner TR/Agent.aotx.1
.dll, adobe, antivir, autorun, avira, avira searchfree toolbar, bho, defender, error, explorer, firefox, format, google, home, install.exe, intranet, launch, logfile, ntdll.dll, plug-in, popup, realtek, registry, rundll, scan, searchscopes, security, senden, software, sweetim, trojaner, vista


« TR/ATRAPS.Gen + .Gen2, mit Malwarebytes entfernt? | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) »


Ähnliche Themen: Trojaner TR/Agent.aotx.1


  1. Trojanerproblem : Backdoor.Agent und Trojaner.Agent
    Log-Analyse und Auswertung - 06.06.2013 (8)
  2. Trojaner Agent.7.BC
    Log-Analyse und Auswertung - 20.04.2013 (21)
  3. WinXP: BKA-Trojaner füllt Bildschirm voll aus, davor sah ich einen Film an. Trojaner: Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (15)
  4. Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun?
    Log-Analyse und Auswertung - 05.03.2013 (18)
  5. wigon.PB Trojaner und PSW.Agent.NUS Trojaner von ESET im Arbeitsspeicher gefunden
    Log-Analyse und Auswertung - 27.02.2013 (16)
  6. Trojaner gefunden: Win 32:Patcher [Trj], Win.Trojan.Agent-36124, Win.Trojan.Agent-44393
    Log-Analyse und Auswertung - 02.02.2013 (7)
  7. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  8. mehrere Trojaner gefunden: Spy.Agent.OGS, Spy.Banker.Gen2, Graftor.9201.6, Agent.237568.6
    Log-Analyse und Auswertung - 20.12.2011 (23)
  9. 7 Trojaner gefunden. u.a. TR/Agent.692736, TR/Agent.AO.808, TR/Disabler.NAJ.44..
    Plagegeister aller Art und deren Bekämpfung - 26.03.2010 (2)
  10. 5 Trojaner ( u.a. TR/Agent.25600.24, TR/Agent.38400.6...) + Rootkit
    Plagegeister aller Art und deren Bekämpfung - 01.03.2010 (1)
  11. BDS/Agent.rfw ; BDS/Agent.rfv ; TR/Agent.wyn ; TR/Dldr.FraudLoad.vbxt
    Log-Analyse und Auswertung - 13.10.2009 (1)
  12. Trojaner Agent.jki
    Plagegeister aller Art und deren Bekämpfung - 20.01.2007 (2)
  13. Trojaner DR/Agent.BQ.2 und TR/Agent.BI
    Plagegeister aller Art und deren Bekämpfung - 11.05.2005 (2)
  14. Trojaner TR/Agent.Bl / Droppers DR/Agent.BQ.2
    Log-Analyse und Auswertung - 06.05.2005 (0)
  15. 3 Trojaner: Agent NBU / Agent.BI und WinShow.NAL - kriegs nicht gelöscht :(
    Log-Analyse und Auswertung - 20.03.2005 (1)
  16. Trojaner TR/Agent.CP
    Log-Analyse und Auswertung - 14.03.2005 (2)
  17. Lästige Trojaner TR/Dldr.Agent.gs TR/Dldr.Agent.gs
    Log-Analyse und Auswertung - 06.01.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner TR/Agent.aotx.1 - Hallo! Diesmal habe ich den Laptop einer Bekannten zur "Pflege". Hier wurde von Avira obiger Trojaner gemeldet. OTL - Extras.txt Code: Alles auswählen Aufklappen ATTFilter OTL Extras logfile created on: - Trojaner TR/Agent.aotx.1...
Archiv
Du betrachtest: Trojaner TR/Agent.aotx.1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129