| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: JS/Agent.amc.2 gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.07.2012, 17:30
| #1 |
 |  JS/Agent.amc.2 gefunden Guten Abend, Avira hat bei mir kürzlich JS/Agent.amc.2 gefunden. Bei vollständigen Suchläufen mit Avira und MBAM wurden jedoch keine Funde gemeldet. Defogger, OTL und GMER habe ich ausgeführt. Code:
ATTFilter OTL logfile created on: 01.07.2012 16:32:04 - Run 4 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,65% Memory free 4,23 Gb Paging File | 3,57 Gb Available in Paging File | 84,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 28,27 Gb Free Space | 37,94% Space Free | Partition Type: NTFS Drive D: | 64,76 Gb Total Space | 63,68 Gb Free Space | 98,33% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.01 16:22:29 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 01:28:09 | 000,086,992 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files\avira\antivir desktop\ipmGui.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.10.10 18:15:46 | 001,265,664 | ---- | M] (www.bid-o-matic.org) -- C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.09 18:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2008.06.25 04:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2008.06.19 21:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008.03.18 21:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.03.17 08:17:31 | 005,320,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.02 00:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2008.01.24 00:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe PRC - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.12 06:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (No Company Name) ========== MOD - [2010.06.29 10:31:12 | 000,652,800 | ---- | M] () -- C:\PROGRA~1\IZArc\IZArcCM.dll MOD - [2009.08.23 19:58:06 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2008.11.04 11:17:08 | 000,443,232 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\ContextHandler.dll MOD - [2008.01.24 00:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe MOD - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe MOD - [2007.11.13 00:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTran.dll MOD - [2007.08.08 11:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.16 15:01:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2008.03.18 21:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.06.03 23:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.05.29 19:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby) DRV - [2008.05.01 03:09:59 | 007,448,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.03.21 21:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007.11.16 06:09:03 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.08.03 21:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006.12.15 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..network.proxy.http: "190.211.132.65" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.01.16 04:50:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 15:01:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.16 04:50:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.03 01:01:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 15:01:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.16 04:50:53 | 000,000,000 | ---D | M] [2011.05.27 20:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.06.29 19:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xvhu1y2j.default\extensions [2012.03.15 12:51:32 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xvhu1y2j.default\extensions\firefox@ghostery.com [2012.06.29 19:58:56 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xvhu1y2j.default\searchplugins\11-suche.xml [2012.06.29 19:58:58 | 000,002,209 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xvhu1y2j.default\searchplugins\englische-ergebnisse.xml [2012.06.29 19:58:56 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xvhu1y2j.default\searchplugins\gmx-suche.xml [2012.06.29 19:58:57 | 000,002,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xvhu1y2j.default\searchplugins\lastminute.xml [2012.06.29 19:58:55 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xvhu1y2j.default\searchplugins\webde-suche.xml [2012.06.29 19:58:27 | 000,525,327 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVHU1Y2J.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.06.26 18:32:39 | 000,053,803 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVHU1Y2J.DEFAULT\EXTENSIONS\EXTENSION@HIDEMYASS.COM.XPI [2012.06.15 15:37:07 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVHU1Y2J.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.06.29 19:58:27 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVHU1Y2J.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.06.16 15:01:59 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.06.03 20:50:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.07 20:02:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk = C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0176B415-A8EA-457B-81B5-0430488F8EAB}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB65292E-1F01-4C27-AE97-25FCCD13A6E4}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.01 16:29:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD [2012.07.01 16:22:28 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.19 14:10:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2012.06.14 15:46:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2006.05.11 18:06:50 | 000,196,608 | ---- | C] (Dr Jordan Design) -- C:\Users\***\SignalGen.exe ========== Files - Modified Within 30 Days ========== [2012.07.01 16:30:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 16:30:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 16:29:53 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.07.01 16:29:39 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.07.01 16:29:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.01 16:22:29 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.01 16:20:36 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.01 00:54:00 | 000,012,489 | ---- | M] () -- C:\Users\***\Desktop\denglisch.rtf [2012.06.29 23:27:40 | 001,573,616 | ---- | M] () -- C:\Users\***\Desktop\lutz personal.mp3 [2012.06.29 15:21:53 | 000,012,394 | ---- | M] () -- C:\Users\***\Desktop\handy.rtf [2012.06.29 02:31:58 | 000,046,824 | ---- | M] () -- C:\Users\***\Desktop\cf.jpg [2012.06.29 01:48:14 | 000,012,810 | ---- | M] () -- C:\Users\***\Desktop\notfallmedizin ddr.rtf [2012.06.26 13:26:22 | 000,000,391 | ---- | M] () -- C:\Users\***\Desktop\sprechstunden.rtf [2012.06.24 17:31:27 | 000,279,806 | ---- | M] () -- C:\Users\***\Desktop\ll.pdf [2012.06.24 17:31:14 | 000,399,851 | ---- | M] () -- C:\Users\***\Desktop\ll.odt [2012.06.24 00:42:34 | 000,056,950 | ---- | M] () -- C:\Users\***\Desktop\bw jlu-1.pdf [2012.06.24 00:38:59 | 000,012,381 | ---- | M] () -- C:\Users\***\Desktop\bw jlu-1.rtf [2012.06.23 16:39:11 | 000,002,480 | ---- | M] () -- C:\Users\***\Desktop\bw-jlu.rtf [2012.06.23 14:32:42 | 000,022,046 | ---- | M] () -- C:\Users\***\Desktop\bw-jlu.odt [2012.06.20 20:46:15 | 004,870,713 | ---- | M] () -- C:\Users\***\Desktop\Cab Calloway - Zaz Zuh Zaz (1933) (bassanhebung).mp3 [2012.06.18 15:52:44 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.06.16 01:19:30 | 000,036,182 | ---- | M] () -- C:\Users\***\Documents\meine ddr.rtf [2012.06.15 03:23:36 | 000,000,934 | ---- | M] () -- C:\Users\***\Desktop\cds.rtf [2012.06.14 22:14:41 | 003,772,316 | ---- | M] () -- C:\Users\***\Desktop\Revolver - Losing You.mp3 [2012.06.14 15:18:06 | 000,388,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.14 03:18:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.14 03:18:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.14 03:18:11 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.14 03:18:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2012.07.01 16:20:32 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.06.29 23:27:36 | 001,573,616 | ---- | C] () -- C:\Users\***\Desktop\lutz personal.mp3 [2012.06.29 02:31:58 | 000,046,824 | ---- | C] () -- C:\Users\***\Desktop\cf.jpg [2012.06.26 13:26:22 | 000,000,391 | ---- | C] () -- C:\Users\***\Desktop\sprechstunden.rtf [2012.06.24 17:31:24 | 000,279,806 | ---- | C] () -- C:\Users\***\Desktop\ll.pdf [2012.06.24 00:42:34 | 000,056,950 | ---- | C] () -- C:\Users\***\Desktop\bw jlu-1.pdf [2012.06.24 00:38:58 | 000,012,381 | ---- | C] () -- C:\Users\***\Desktop\bw jlu-1.rtf [2012.06.23 16:38:28 | 000,002,480 | ---- | C] () -- C:\Users\***\Desktop\bw-jlu.rtf [2012.06.23 14:25:21 | 000,022,046 | ---- | C] () -- C:\Users\***\Desktop\bw-jlu.odt [2012.06.20 20:45:31 | 004,870,713 | ---- | C] () -- C:\Users\***\Desktop\Cab Calloway - Zaz Zuh Zaz (1933) (bassanhebung).mp3 [2012.06.14 22:14:07 | 003,772,316 | ---- | C] () -- C:\Users\***\Desktop\Revolver - Losing You.mp3 [2012.02.07 00:25:02 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.06.18 14:59:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2011.06.03 20:55:02 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2011.04.29 17:38:11 | 000,148,340 | ---- | C] () -- C:\Windows\hphins33.dat [2011.04.29 17:38:11 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat [2011.04.29 15:13:52 | 000,175,517 | ---- | C] () -- C:\Windows\hphins26.dat.temp [2011.04.29 15:13:52 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat.temp [2011.04.29 14:57:48 | 000,175,504 | ---- | C] () -- C:\Windows\hphins26.dat [2011.04.29 14:57:48 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat [2010.08.03 20:43:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.08.03 20:42:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.09.24 04:46:36 | 000,042,749 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.09.24 04:46:34 | 000,042,749 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg ========== LOP Check ========== [2009.09.22 00:10:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.config [2011.09.27 00:09:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.07.01 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM [2011.06.16 15:33:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CadSoft [2011.06.04 00:26:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON [2011.05.27 20:22:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DriverCure [2011.08.11 00:38:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.03.11 00:27:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.07.20 20:46:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Electronics 2000 [2011.06.03 20:58:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.03.30 23:11:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.05.02 17:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2008.10.18 18:45:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.05.27 20:22:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ParetoLogic [2009.09.07 17:25:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qualcomm [2011.01.08 04:26:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\REAPER [2012.02.03 01:01:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.11.09 22:20:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WavePurity [2009.02.05 18:04:07 | 000,021,986 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Gruß |
| Themen zu JS/Agent.amc.2 gefunden |
| adobe, antivir, asus, autorun, bho, bonjour, defender, excel, explorer, firefox, firefox 13.0.1, format, ftp, home, logfile, mozilla, nodrives, nvidia, opera, plug-in, port, realtek, registry, scan, searchscopes, security, software, temp, vista |
Baum-Darstellung