| |
| |||||||
Alles rund um Windows: Trojaner.Agent.AOFE kommt nach dem löschen immer wieder Windows 7 Ultimate x64Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
 |
| |
22.06.2010, 10:29
| #1 |
| |  Problem: Trojaner.Agent.AOFE kommt nach dem löschen immer wieder Windows 7 Ultimate x64 Hallo ich habe ein Kleines aber feines problem unzwar hatte ich kurzfristig nach der neuinstalation meines Windows 7 systems Avira Antivir free drauf bis ich mit jetzt bitdefender internetsecurity 2010 gekauft habe mein system lief ungefär 4 tage mit avira antivir free nach der instalation von bitdefender wurde ein Trojaner Gefunden der den nahmen Troja.Agent.AOFE trägt und unter diesem Pfad zu feuinden ist C:\Users\***\AppData\Roaming\smss\smss.exe dieser wird von bitdefender gelöscht und kurz danach ist die datei wieder da und wird wieder gelöscht ich habe schon einen kompletten systemscann durchlaufen lassen doch dabei kahm leider nichts raus als Betriebssystem leuft Windows7 Ultimate x64 ich bedanke mich schoneinmal für eure hilfe :-) |
|
22.06.2010, 10:41
| #2 |
| | Trojaner.Agent.AOFE kommt nach dem löschen immer wieder Windows 7 Ultimate x64 Anleitung / Hilfe Hier Die Berichte von OLT
__________________________ Extras.txt ________ OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.06.2010 11:34:02 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Snake\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 104,55 Gb Free Space | 70,19% Space Free | Partition Type: NTFS
Drive D: | 335,35 Gb Total Space | 214,52 Gb Free Space | 63,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SNAKE-PC
Current User Name: Snake
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DFF6117-CBBC-4F5C-9C57-6936644F10D4}" = BitDefender Internet Security 2010
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FBB2E98-1A3B-396A-A662-73E17009C076}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0610.1
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{91CD08AA-5402-4C64-A9CA-C7B4A479C003}_is1" = Counter Strike Source v1.0.0.34
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{C6115A28-F277-4E82-B067-84D28BF21031}" = Nero 7 Premium
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DLH98" = DLH98 v1.44
"EA Download Manager" = EA Download Manager
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileZilla Client" = FileZilla Client 3.3.3
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"Steam App 240" = Counter-Strike: Source
"SystemRequirementsLab" = System Requirements Lab
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.7
"Xfire" = Xfire (remove only)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.06.2010 07:49:44 | Computer Name = Snake-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Snake\AppData\Local\Temp\RarSFX2\redist.dll".
Die
abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.06.2010 08:09:21 | Computer Name = Snake-PC | Source = Norton Ghost | ID = 100
Description = Fehler EC8F1780: Die Änderungen seit der letzten Sitzung können nicht
ordnungsgemäß abgestimmt werden. Fehler EC8F1771: Die aktuellen Laufwerke auf diesem
System können nicht aufgelistet werden. Fehler E0BB0147: Operation 'Snap Volume'
ist derzeit nicht für Volume aktiviert. Fehler E0BB0147: Operation '%1' ist derzeit
nicht für %2 aktiviert. Details: Quelle: Norton Ghost
Error - 19.06.2010 09:02:53 | Computer Name = Snake-PC | Source = VSS | ID = 8194
Description =
Error - 20.06.2010 06:35:51 | Computer Name = Snake-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: x22_InstantHook_v2_[cracked-DBS].exe,
Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: x22_InstantHook_v2_[cracked-DBS].exe,
Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00069b28 ID des fehlerhaften Prozesses: 0x54c Startzeit der fehlerhaften Anwendung:
0x01cb10645a74af83 Pfad der fehlerhaften Anwendung: C:\Users\Snake\AppData\Local\Temp\x22_InstantHook_v2_[cracked-DBS].exe
Pfad
des fehlerhaften Moduls: C:\Users\Snake\AppData\Local\Temp\x22_InstantHook_v2_[cracked-DBS].exe
Berichtskennung:
9854b683-7c57-11df-8fed-00241dd406af
Error - 20.06.2010 06:46:30 | Computer Name = Snake-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 20.06.2010 04:49:36 | Computer Name = Snake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 20.06.2010 04:49:38 | Computer Name = Snake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 20.06.2010 06:12:50 | Computer Name = Snake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 20.06.2010 06:12:50 | Computer Name = Snake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 20.06.2010 06:12:51 | Computer Name = Snake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 20.06.2010 06:12:51 | Computer Name = Snake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 20.06.2010 06:12:59 | Computer Name = Snake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 20.06.2010 06:13:01 | Computer Name = Snake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 20.06.2010 06:13:03 | Computer Name = Snake-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 20.06.2010 10:27:23 | Computer Name = Snake-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
< End of report >
|
|
22.06.2010, 10:49
| #3 |
| | Trojaner.Agent.AOFE kommt nach dem löschen immer wieder Windows 7 Ultimate x64 Details _________
__________________olt.txt ________ PHP-Code: |
|
22.06.2010, 10:50
| #4 |
| | Lösung: Trojaner.Agent.AOFE kommt nach dem löschen immer wieder Windows 7 Ultimate x64 __________ OLT.txt part2 ___________ PHP-Code: |
|
| Themen zu Trojaner.Agent.AOFE kommt nach dem löschen immer wieder Windows 7 Ultimate x64 |
| antivir, appdata, betriebssystem, bitdefender, datei, defender, free, gekauft, gelöscht, interne, internetsecurity, kleines, komplette, löschen, neuinstalation, nichts, problem, roaming, rojaner gefunden, security, smss.exe, systems, trojaner, trojaner gefunden, trojaner.agent.aofe lässt sich nicht löschen windows 7, windows, windows 7, windows 7 ultimate |
Hybrid-Darstellung
