| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Agent.1328655Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.04.2008, 18:23
| #1 |
| |  TR/Agent.1328655 Hallo zusammen, ich bin neu hier, daher hoffe ich, dass ich alles richtig poste. Also, ich habe folgendes Problem: Vor ein paar Tagen hat der Antivir Guard einen sehr hartnäckigen Trojaner bei mir entdeckt, der immer wieder auftauchte und den ich immer wieder gelöscht habe. Code:
ATTFilter In der Datei 'C:\WINDOWS\system32\msconfig.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.1328655' [TR/Agent.1328655] gefunden.
Ausgeführte Aktion: Datei löschen
Die Datei 'C:\System Volume Information\_restore{75AAE52F-9F73-44D9-BD6B-C1E8B271F298}\RP502\A0073122.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.1328655' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
 Bevor ich mich jetzt aber an dieses Problem mache, will ich erstmal sichergehen, dass das Ding auch wirklich von meinem Rechner und dem meiner Freundin (Heimnetzwerk) runter ist. Habe erstmal das Netzwerkkabel von meinem Rechner getrennt und einen Antivir-Durchlauf von einer Boot-CD gemacht, sowie einen Registry-Fix mit ccleaner. Dann wie von euch beschrieben einen Scan mit escan durchgeführt, leider funktionierte die find.bat nicht, könnte an meiner englischen xp-Version liegen. Habe deshalb jetzt nur mal das Virus-Log, das in escan selbst angezeigt wird, kopiert: Code:
ATTFilter Object "NULLBYTE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "sounddrv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "softomate toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "elite toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "elite toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "softomate toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "softomate toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "sounddrv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "regsort Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\ActivePG.Sdk" refers to invalid object "{F5624AF8-C085-11D4-9492-8702C380F5CE}". Action Taken: No Action Taken.
Entry "HKCR\ActivePG.Sdk.1" refers to invalid object "{F5624AF8-C085-11D4-9492-8702C380F5CE}". Action Taken: No Action Taken.
Entry "HKCR\AlphaMatrix.Alpha" refers to invalid object "{4B1B5116-CB78-42E5-8398-77111C96EADD}". Action Taken: No Action Taken.
Entry "HKCR\Cab.CabIn" refers to invalid object "{D8B4A55C-FA70-4181-B340-B92451E4DA62}". Action Taken: No Action Taken.
Entry "HKCR\Cab.CabIn.1" refers to invalid object "{D8B4A55C-FA70-4181-B340-B92451E4DA62}". Action Taken: No Action Taken.
Entry "HKCR\dzstactxctrl.dzstactxctrl.1" refers to invalid object "{6C5FD78F-9ED8-11D1-87C0-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\dzstactxPPG1.dzstactxPPG1.1" refers to invalid object "{8F70FCA1-A12A-11D1-87C0-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\EN10.ResearchService" refers to invalid object "{F406D071-95BC-42E9-A9D4-6520EAC120EB}". Action Taken: No Action Taken.
Entry "HKCR\Energy_Software_DLL.eneSoftwareLic" refers to invalid object "{9683C443-F7C7-4711-A9BA-F8F84A74C14C}". Action Taken: No Action Taken.
Entry "HKCR\ENResearchService.Actions" refers to invalid object "{6FDB090D-48B5-4544-974C-FDDA146C44E7}". Action Taken: No Action Taken.
Entry "HKCR\ENResearchService.Actions.1" refers to invalid object "{6FDB090D-48B5-4544-974C-FDDA146C44E7}". Action Taken: No Action Taken.
Entry "HKCR\FlashProp.FlashProp.1" refers to invalid object "{1171A62F-05D2-11D1-83FC-00A0C9089C5A}". Action Taken: No Action Taken.
Entry "HKCR\helix.duration" refers to invalid object "{80F6E410-210B-454C-B523-97D7C2541FF3}". Action Taken: No Action Taken.
Entry "HKCR\helix.duration.1" refers to invalid object "{80F6E410-210B-454C-B523-97D7C2541FF3}". Action Taken: No Action Taken.
Entry "HKCR\helix.producer" refers to invalid object "{66F8592D-33E8-11D7-8A24-00045A785B71}". Action Taken: No Action Taken.
Entry "HKCR\helix.producer.1" refers to invalid object "{66F8592D-33E8-11D7-8A24-00045A785B71}". Action Taken: No Action Taken.
Entry "HKCR\HHActiveX.GlossaryPane" refers to invalid object "{959F94FD-DD1E-11D2-B559-00105A0422DF}". Action Taken: No Action Taken.
Entry "HKCR\HHActiveX.GlossaryPane.1" refers to invalid object "{959F94FD-DD1E-11D2-B559-00105A0422DF}". Action Taken: No Action Taken.
Entry "HKCR\HHActiveX.HHComponentActivator" refers to invalid object "{399CB6C4-7312-11D2-B4D9-00105A0422DF}". Action Taken: No Action Taken.
Entry "HKCR\HHActiveX.HHComponentActivator.1" refers to invalid object "{399CB6C4-7312-11D2-B4D9-00105A0422DF}". Action Taken: No Action Taken.
Entry "HKCR\LAUNCH.LaunchCtrl.1" refers to invalid object "{A6616B31-4860-41E2-98E3-CA7649AF172F}". Action Taken: No Action Taken.
Entry "HKCR\LicenceProtector24.lpLicprotector24" refers to invalid object "{31A87D3A-CDB1-403F-9CD6-4DCCF7E036A8}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.ClassBreaksRenderer" refers to invalid object "{755CF0AD-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.DotDensityRenderer" refers to invalid object "{755CF0AF-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Ellipse" refers to invalid object "{755CF0B4-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.GroupRenderer" refers to invalid object "{755CF0BF-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.ImageLayer" refers to invalid object "{045ED51A-6095-11D3-9F67-000000000000}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.LabelPlacer" refers to invalid object "{755CF0C1-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.LabelRenderer" refers to invalid object "{755CF0B1-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.MapLayer" refers to invalid object "{ABC866D9-7C46-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Point" refers to invalid object "{ABC866DF-7C46-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Rectangle" refers to invalid object "{ABC866DB-7C46-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Strings" refers to invalid object "{755CF0A9-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.Symbol" refers to invalid object "{755CF0A5-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.TextSymbol" refers to invalid object "{755CF0B6-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\MapObjectsLT2.ValueMapRenderer" refers to invalid object "{755CF0A7-7CD4-11D3-9F75-00C04F796AAD}". Action Taken: No Action Taken.
Entry "HKCR\OrbTVBuffer.MiTVSink" refers to invalid object "{EEB09DE1-1892-43B5-9730-B3FA8361B13A}". Action Taken: No Action Taken.
Entry "HKCR\OrbTVBuffer.MiTVSink.1" refers to invalid object "{EEB09DE1-1892-43B5-9730-B3FA8361B13A}". Action Taken: No Action Taken.
Entry "HKCR\sevCommand3.Command" refers to invalid object "{05CE1055-7D42-4E26-8028-64B275164A9F}". Action Taken: No Action Taken.
Entry "HKCR\sevCommand3.Init" refers to invalid object "{FA2EAF76-E91B-493A-9079-BCCA2921F7E2}". Action Taken: No Action Taken.
Entry "HKCR\sevCommand3.Line3D" refers to invalid object "{0CBE3BB0-B13E-4D5D-A297-8E3BB290993A}". Action Taken: No Action Taken.
Entry "HKCR\sevCommand3.roLabel" refers to invalid object "{5047A010-E5A0-4969-8715-C6C61468FC9A}". Action Taken: No Action Taken.
Entry "HKCR\sevTab.Init" refers to invalid object "{DB5C442D-C8D8-4F6D-915D-1730F4AFC1F3}". Action Taken: No Action Taken.
Entry "HKCR\sevTab.sevTabStrip" refers to invalid object "{83A12419-CB96-4C57-84A9-B039FAA0253B}". Action Taken: No Action Taken.
Entry "HKCR\sevTextBox.Init" refers to invalid object "{22B1F8A4-46AD-4CB3-995B-1CD86A4FE91E}". Action Taken: No Action Taken.
Entry "HKCR\sevTextBox.sevMonthView" refers to invalid object "{FDA12C93-391F-4DA4-8DE1-321F125E6757}". Action Taken: No Action Taken.
Entry "HKCR\sevTextBox.sevText" refers to invalid object "{160A8C90-BF08-427D-9CB2-6AF9F37C3EE5}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.Init" refers to invalid object "{A38AE2A6-517D-48A0-85EB-EB56B80EE59F}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevCheck" refers to invalid object "{019994B8-B38D-4267-AC04-C6A55D482B22}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevFrame" refers to invalid object "{BAC553A4-5DEA-4F95-B272-8554C309B34F}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevImage" refers to invalid object "{057EFFC1-D96C-4179-9666-D47F4EA493F3}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevLabel" refers to invalid object "{A6B025D6-FFB8-41AC-AAA2-405A0922852F}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevMsgBox" refers to invalid object "{8A17BAA3-7DAE-40B6-AFAC-B708DDEF72A4}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevOption" refers to invalid object "{A769CE4F-0246-44D0-BC97-7B9C12C5C153}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevProgressBar" refers to invalid object "{463309E0-B871-492C-82AB-1B5D6A731BD7}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevWaitBar" refers to invalid object "{0B4D8257-FBC9-464D-9F79-6A48A6C895C8}". Action Taken: No Action Taken.
Entry "HKCR\sevXPControls.sevXPForm" refers to invalid object "{D8F265E1-F446-408C-BECF-03823BBBEF19}". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document.1.0" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\SmartInstantFormatter.CiteAction" refers to invalid object "{6FDB090C-48B5-4544-974C-FDDA146C44E7}". Action Taken: No Action Taken.
Entry "HKCR\SmartInstantFormatter.CiteAction.1" refers to invalid object "{6FDB090C-48B5-4544-974C-FDDA146C44E7}". Action Taken: No Action Taken.
Entry "HKCR\SmartInstantFormatter.CiteRecognizer" refers to invalid object "{15FF99BC-4177-4E86-A751-60A1B0BE6BB1}". Action Taken: No Action Taken.
Entry "HKCR\SmartInstantFormatter.CiteRecognizer.1" refers to invalid object "{15FF99BC-4177-4E86-A751-60A1B0BE6BB1}". Action Taken: No Action Taken.
Entry "HKCR\USBSWITCHAX.USBswitchAXCtrl.1" refers to invalid object "{27C9039A-A892-44C8-AD6A-F946801C4968}". Action Taken: No Action Taken.
Entry "HKCR\ZKrypto.CCrypto" refers to invalid object "{1D43B8FA-6C42-442F-A3C2-7E200CB9BC91}". Action Taken: No Action Taken.
File C:\DOCUME~1\***\LOCALS~1\Temp\NERO14399\Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
File C:\DOCUME~1\***\LOCALS~1\Temp\NERO14754\Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
File C:\Documents and Settings\***\Local Settings\Temp\NERO14399\Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
File C:\Documents and Settings\***\Local Settings\Temp\NERO14754\Toolbar.exe tagged as "not-a-virus:AdTool.Win32.MyWebSearch.bm". Action Taken: No Action Taken.
File C:\Program Files\Brockhaus Multimedia\Brockhaus multimedial\deskbar.dll tagged as "not-a-virus:AdWare.Win32.Mostofate.di". Action Taken: No Action Taken.
 Einen HijackThis Scan habe ich auch noch mal gemacht: |
| Themen zu TR/Agent.1328655 |
| antivir, antivir guard, backdoor, boot-cd, booten, browser, escan, fehler, file, hijack, hijackthis, immer wieder, ladefehler, neu, neustarten, object, popup, problem, programm, scan, seitenladefehler, software, system, system volume information, temp, trojaner, virus, wenig ahnung, windows |
Baum-Darstellung