TR/Agent hab ich mir eingefangen :I

Sushimaster · 06.08.2013, 10:27

Moin liebe Trojaner und Trojanerinnen ^^

Ich hab mir gestern den TR/Agent 6417.1 geholt und würde gerne wissen wie ich den loswerde.
Log:

Code:

ATTFilter

Avira Free Antivirus
Report file date: Dienstag, 6. August 2013  11:18


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows 7 Home Premium
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : Sascha
Computer name   : USER-PC

Version information:
BUILD.DAT       : 13.0.0.3885    54851 Bytes  01.08.2013 14:44:00
AVSCAN.EXE      : 13.6.0.1722   634936 Bytes  03.07.2013 15:24:34
AVSCANRC.DLL    : 13.6.0.1550    52280 Bytes  03.07.2013 15:24:34
LUKE.DLL        : 13.6.0.1550    65080 Bytes  03.07.2013 15:24:44
AVSCPLR.DLL     : 13.6.0.1712    92216 Bytes  03.07.2013 15:24:34
AVREG.DLL       : 13.6.0.1550   247864 Bytes  03.07.2013 15:24:33
avlode.dll      : 13.6.2.1704   449592 Bytes  03.07.2013 15:24:33
avlode.rdf      : 13.0.1.22      26240 Bytes  11.07.2013 12:28:36
VBASE000.VDF    : 7.11.70.0   66736640 Bytes  04.04.2013 07:34:43
VBASE001.VDF    : 7.11.74.226  2201600 Bytes  30.04.2013 13:46:13
VBASE002.VDF    : 7.11.80.60   2751488 Bytes  28.05.2013 16:12:57
VBASE003.VDF    : 7.11.85.214  2162688 Bytes  21.06.2013 15:48:35
VBASE004.VDF    : 7.11.91.176  3903488 Bytes  23.07.2013 10:33:07
VBASE005.VDF    : 7.11.91.177     2048 Bytes  23.07.2013 10:33:07
VBASE006.VDF    : 7.11.91.178     2048 Bytes  23.07.2013 10:33:07
VBASE007.VDF    : 7.11.91.179     2048 Bytes  23.07.2013 10:33:07
VBASE008.VDF    : 7.11.91.180     2048 Bytes  23.07.2013 10:33:07
VBASE009.VDF    : 7.11.91.181     2048 Bytes  23.07.2013 10:33:07
VBASE010.VDF    : 7.11.91.182     2048 Bytes  23.07.2013 10:33:07
VBASE011.VDF    : 7.11.91.183     2048 Bytes  23.07.2013 10:33:07
VBASE012.VDF    : 7.11.91.184     2048 Bytes  23.07.2013 10:33:08
VBASE013.VDF    : 7.11.92.32    156160 Bytes  24.07.2013 09:52:31
VBASE014.VDF    : 7.11.92.147   168960 Bytes  25.07.2013 12:18:23
VBASE015.VDF    : 7.11.93.93    419328 Bytes  28.07.2013 13:17:35
VBASE016.VDF    : 7.11.93.170  1403392 Bytes  29.07.2013 15:55:31
VBASE017.VDF    : 7.11.94.31    222208 Bytes  31.07.2013 18:04:28
VBASE018.VDF    : 7.11.94.141   273408 Bytes  03.08.2013 11:12:50
VBASE019.VDF    : 7.11.94.203   200192 Bytes  04.08.2013 10:30:26
VBASE020.VDF    : 7.11.95.8    1925632 Bytes  05.08.2013 16:30:22
VBASE021.VDF    : 7.11.95.81    203776 Bytes  06.08.2013 09:14:42
VBASE022.VDF    : 7.11.95.82      2048 Bytes  06.08.2013 09:14:42
VBASE023.VDF    : 7.11.95.83      2048 Bytes  06.08.2013 09:14:42
VBASE024.VDF    : 7.11.95.84      2048 Bytes  06.08.2013 09:14:42
VBASE025.VDF    : 7.11.95.85      2048 Bytes  06.08.2013 09:14:42
VBASE026.VDF    : 7.11.95.86      2048 Bytes  06.08.2013 09:14:42
VBASE027.VDF    : 7.11.95.87      2048 Bytes  06.08.2013 09:14:42
VBASE028.VDF    : 7.11.95.88      2048 Bytes  06.08.2013 09:14:42
VBASE029.VDF    : 7.11.95.89      2048 Bytes  06.08.2013 09:14:42
VBASE030.VDF    : 7.11.95.90      2048 Bytes  06.08.2013 09:14:42
VBASE031.VDF    : 7.11.95.92     30208 Bytes  06.08.2013 09:14:42
Engine version  : 8.2.12.94 
AEVDF.DLL       : 8.1.3.4       102774 Bytes  13.06.2013 17:39:11
AESCRIPT.DLL    : 8.1.4.136     504190 Bytes  26.07.2013 09:56:55
AESCN.DLL       : 8.1.10.4      131446 Bytes  05.04.2013 07:37:47
AESBX.DLL       : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06
AERDL.DLL       : 8.2.0.128     688504 Bytes  13.06.2013 17:39:10
AEPACK.DLL      : 8.3.2.24      749945 Bytes  20.06.2013 15:59:29
AEOFFICE.DLL    : 8.1.2.74      205181 Bytes  26.07.2013 09:56:55
AEHEUR.DLL      : 8.1.4.504    6046074 Bytes  26.07.2013 09:56:55
AEHELP.DLL      : 8.1.27.4      266617 Bytes  27.06.2013 15:12:02
AEGEN.DLL       : 8.1.7.10      442743 Bytes  26.07.2013 09:56:53
AEEXP.DLL       : 8.4.1.36      278903 Bytes  26.07.2013 09:56:56
AEEMU.DLL       : 8.1.3.2       393587 Bytes  19.09.2012 13:42:55
AECORE.DLL      : 8.1.31.6      201081 Bytes  27.06.2013 15:12:02
AEBB.DLL        : 8.1.1.4        53619 Bytes  05.11.2012 14:00:38
AVWINLL.DLL     : 13.6.0.1550    23608 Bytes  03.07.2013 15:24:30
AVPREF.DLL      : 13.6.0.1550    48184 Bytes  03.07.2013 15:24:33
AVREP.DLL       : 13.6.0.1550   175672 Bytes  03.07.2013 15:24:33
AVARKT.DLL      : 13.6.0.1626   258104 Bytes  03.07.2013 15:24:30
AVEVTLOG.DLL    : 13.6.0.1550   164920 Bytes  03.07.2013 15:24:32
SQLITE3.DLL     : 3.7.0.1       397088 Bytes  19.09.2012 17:17:40
AVSMTP.DLL      : 13.6.0.1550    59960 Bytes  03.07.2013 15:24:34
NETNT.DLL       : 13.6.0.1550    13368 Bytes  03.07.2013 15:24:44
RCIMAGE.DLL     : 13.4.0.360   4782880 Bytes  28.11.2012 14:09:40
RCTEXT.DLL      : 13.6.0.1624    65080 Bytes  03.07.2013 15:24:30

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:, G:, Q:, 
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Dienstag, 6. August 2013  11:18

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

The scan of running processes will be started:
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'launcher_service.exe' - '50' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'cmdagent.exe' - '112' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '99' Module(s) have been scanned
Scan process 'svchost.exe' - '123' Module(s) have been scanned
Scan process 'svchost.exe' - '88' Module(s) have been scanned
Scan process 'svchost.exe' - '177' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '58' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '72' Module(s) have been scanned
Scan process 'WLANExt.exe' - '37' Module(s) have been scanned
Scan process 'conhost.exe' - '19' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'spoolsv.exe' - '83' Module(s) have been scanned
Scan process 'taskeng.exe' - '31' Module(s) have been scanned
Scan process 'sched.exe' - '49' Module(s) have been scanned
Scan process 'armsvc.exe' - '36' Module(s) have been scanned
Scan process 'taskhost.exe' - '74' Module(s) have been scanned
Scan process 'FlashPlayerUpdateService.exe' - '49' Module(s) have been scanned
Scan process 'Dwm.exe' - '39' Module(s) have been scanned
Scan process 'avguard.exe' - '89' Module(s) have been scanned
Scan process 'Explorer.EXE' - '187' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '60' Module(s) have been scanned
Scan process 'BrowserProtect.exe' - '38' Module(s) have been scanned
Scan process 'dragon_updater.exe' - '89' Module(s) have been scanned
Scan process 'taskeng.exe' - '33' Module(s) have been scanned
Scan process 'EFUpdater.exe' - '75' Module(s) have been scanned
Scan process 'BrowserProtect.exe' - '39' Module(s) have been scanned
Scan process 'dsiwmis.exe' - '41' Module(s) have been scanned
Scan process 'LMworker.exe' - '36' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '48' Module(s) have been scanned
Scan process 'LMutilps32.exe' - '47' Module(s) have been scanned
Scan process 'GeekBuddyRSP.exe' - '52' Module(s) have been scanned
Scan process 'GREGsvc.exe' - '33' Module(s) have been scanned
Scan process 'hamachi-2.exe' - '73' Module(s) have been scanned
Scan process 'taskeng.exe' - '35' Module(s) have been scanned
Scan process 'HiPatchService.exe' - '91' Module(s) have been scanned
Scan process 'clear.fiAgent.exe' - '42' Module(s) have been scanned
Scan process 'hamachi-2-ui.exe' - '54' Module(s) have been scanned
Scan process 'DMREngine.exe' - '72' Module(s) have been scanned
Scan process 'igfxtray.exe' - '34' Module(s) have been scanned
Scan process 'hkcmd.exe' - '33' Module(s) have been scanned
Scan process 'igfxpers.exe' - '54' Module(s) have been scanned
Scan process 'nvtray.exe' - '57' Module(s) have been scanned
Scan process 'TSVNCache.exe' - '41' Module(s) have been scanned
Scan process 'ETDCtrl.exe' - '60' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '54' Module(s) have been scanned
Scan process 'RAVBg64.exe' - '51' Module(s) have been scanned
Scan process 'ePowerTray.exe' - '61' Module(s) have been scanned
Scan process 'cistray.exe' - '62' Module(s) have been scanned
Scan process 'uTorrent.exe' - '91' Module(s) have been scanned
Scan process 'Steam.exe' - '142' Module(s) have been scanned
Scan process 'cmw_srv.exe' - '70' Module(s) have been scanned
Scan process 'chrome.exe' - '135' Module(s) have been scanned
Scan process 'SnapDo.exe' - '153' Module(s) have been scanned
Scan process 'Skype.exe' - '172' Module(s) have been scanned
Scan process 'hsswd.exe' - '44' Module(s) have been scanned
Scan process 'HWDeviceService64.exe' - '35' Module(s) have been scanned
Scan process 'UpdaterService.exe' - '35' Module(s) have been scanned
Scan process 'DCSHelper.exe' - '40' Module(s) have been scanned
Scan process 'NOBuAgent.exe' - '33' Module(s) have been scanned
Scan process 'IScheduleSvc.exe' - '76' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '75' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '43' Module(s) have been scanned
Scan process 'BackupManagerTray.exe' - '82' Module(s) have been scanned
Scan process 'LManager.exe' - '78' Module(s) have been scanned
Scan process 'unit_manager.exe' - '49' Module(s) have been scanned
Scan process 'pcee4.exe' - '79' Module(s) have been scanned
Scan process 'clear.fiMovieService.exe' - '59' Module(s) have been scanned
Scan process 'AllShareAgent.exe' - '77' Module(s) have been scanned
Scan process 'Updater.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '101' Module(s) have been scanned
Scan process 'SweetIM.exe' - '77' Module(s) have been scanned
Scan process 'SweetPacksUpdateManager.exe' - '71' Module(s) have been scanned
Scan process 'MMDx64Fx.exe' - '34' Module(s) have been scanned
Scan process 'jusched.exe' - '86' Module(s) have been scanned
Scan process 'schtasks.exe' - '36' Module(s) have been scanned
Scan process 'conhost.exe' - '19' Module(s) have been scanned
Scan process 'sftvsa.exe' - '40' Module(s) have been scanned
Scan process 'unit.exe' - '106' Module(s) have been scanned
Scan process 'GeekBuddyRSP.exe' - '42' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '101' Module(s) have been scanned
Scan process 'sftlist.exe' - '80' Module(s) have been scanned
Scan process 'chrome.exe' - '50' Module(s) have been scanned
Scan process 'chrome.exe' - '50' Module(s) have been scanned
Scan process 'chrome.exe' - '50' Module(s) have been scanned
Scan process 'chrome.exe' - '50' Module(s) have been scanned
Scan process 'chrome.exe' - '50' Module(s) have been scanned
Scan process 'chrome.exe' - '50' Module(s) have been scanned
Scan process 'chrome.exe' - '50' Module(s) have been scanned
Scan process 'chrome.exe' - '50' Module(s) have been scanned
Scan process 'avshadow.exe' - '22' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '72' Module(s) have been scanned
Scan process 'ipmGui.exe' - '132' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '74' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '40' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '68' Module(s) have been scanned
Scan process 'hsscp.exe' - '102' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '72' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'alg.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'igfxext.exe' - '31' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '35' Module(s) have been scanned
Scan process 'unsecapp.exe' - '34' Module(s) have been scanned
Scan process 'ePowerEvent.exe' - '24' Module(s) have been scanned
Scan process 'cavwp.exe' - '56' Module(s) have been scanned
Scan process 'SteamService.exe' - '60' Module(s) have been scanned
Scan process 'ETDCtrlHelper.exe' - '32' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '120' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'avcenter.exe' - '142' Module(s) have been scanned
Scan process 'cis.exe' - '99' Module(s) have been scanned
Scan process 'DllHost.exe' - '48' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '62' Module(s) have been scanned
Scan process 'LMS.exe' - '43' Module(s) have been scanned
Scan process 'daemonu.exe' - '74' Module(s) have been scanned
Scan process 'AllShareDMS.exe' - '121' Module(s) have been scanned
Scan process 'sppsvc.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'UNS.exe' - '50' Module(s) have been scanned
Scan process 'IELowutil.exe' - '49' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '52' Module(s) have been scanned
Scan process 'avscan.exe' - '113' Module(s) have been scanned
Scan process 'svchost.exe' - '18' Module(s) have been scanned
Scan process 'chrome.exe' - '50' Module(s) have been scanned
Scan process 'chrome.exe' - '51' Module(s) have been scanned
Scan process 'chrome.exe' - '50' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '19' Module(s) have been scanned
Scan process 'csrss.exe' - '19' Module(s) have been scanned
Scan process 'wininit.exe' - '29' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned
Scan process 'services.exe' - '39' Module(s) have been scanned
Scan process 'lsass.exe' - '76' Module(s) have been scanned
Scan process 'lsm.exe' - '25' Module(s) have been scanned

Starting to scan executable files (registry):
C:\Windows\web\logon.exe
  [DETECTION] Is the TR/Agent.6417.1 Trojan

The registry was scanned ( '1372' files ).



End of the scan: Dienstag, 6. August 2013  11:19
Used time: 01:33 Minute(s)

The scan has been canceled!

      0 Scanned directories
   2649 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
   2648 Files not concerned
     16 Archives were scanned
      0 Warnings
      0 Notes

cosinus · 06.08.2013, 11:54

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

TR/Agent hab ich mir eingefangen :I

Log-Analyse und Auswertung: TR/Agent hab ich mir eingefangen :I

TR/Agent hab ich mir eingefangen :I

TR/Agent hab ich mir eingefangen :I

Ähnliche Themen: TR/Agent hab ich mir eingefangen :I