Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )

pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )


Plagegeister aller Art und deren Bekämpfung: pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.03.2011, 22:29   #1
baobab
 
pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, ) - Standard

pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )


Mein Rechner verhält sich sehr auffällig - hier einige der auffälligkeiten aufgelistet:


- "Hostprozess musste abgebrochen werden" wird mir bei jeder Sitzung irgendwann angezeigt
- danach sieht das layout sehr "altbacken" aus... andere schrift, farblose tabs, alles in grau gehalten
- Windows Updates können nicht heruntergeladen werden
- Bei Firefox, Windows Media Player ,Java Applikationen friert der Pc oft ein- der media player stockt auch oft beim abspielen von dateien- youtube videos auch
- hohe leistungsanforderung durch pdf dateien- pc arbeitet stark
- Kein Flashplayer bei Firefox (aber bei google chrome)
- Pc Laufwerk gibt komische geräusche von sich- wie als ob das laufwerk rapide hochgefahren und millisekunden später dann abrupt gestoppt wird
- Die oberste leiste von Fenstern (wo zb wordpad, dokument, windows media player oder der ordnername/dateiname steht ) flackert
- vermehrte funde durch avira (allein im monat februar: TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, TR/Dropper.Gen, JAVA/Rowindal.A , Malicious.PDF.Gen )


Hier mal der letzte malware bytes log

(ich muss dazusagen das ich heute schon zweimal gescannt hatte und beide male hatte er funde welche ich in quarantäne verschoben habe... soweit das ging)

PHP-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5940

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

03.03.2011 21:28:47
mbam-log-2011-03-03 (21-28-47).txt

Scan type: Quick scan
Objects scanned: 191277
Time elapsed: 7 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{CE89FDB4-8FC1-FB4A-C3D4-290F3E8299C2} (Trojan.ZbotR.Gen) -> Value: {CE89FDB4-8FC1-FB4A-C3D4-290F3E8299C2} -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\setiasworld (Malware.Trace) -> Value: setiasworld -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Value: bk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> Value: userini -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Agent) -> Value: userini -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\sic\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\System32\YCemSCi.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\arp2600 v2 efx.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\arp2600 v2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\Brass 2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\cs-80v2 (10 voices).dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\CS-80V2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\jupiter-8v2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\minimoog v efx.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\minimoog v.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\prophet-v2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\Users\sic\AppData\Local\temp\js8jifgjsoi398i8djgdf.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\sic\AppData\Local\temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\sic\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Users\sic\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. 



Hier der OTL Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.03.2011 22:02:13 - Run 1
OTL by OldTimer - Version 3.2.22.2     Folder = C:\Users\ich\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 13,30 Gb Free Space | 5,71% Space Free | Partition Type: NTFS
 
Computer Name: *****| User Name: ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ich\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\PROGRA~1\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS)
PRC - C:\Program files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\avmwlanstick\WlanNetService.exe (AVM Berlin)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\ich\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (BroadCamService) --  File not found
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (AVM WLAN Connection Service) -- C:\Program Files\avmwlanstick\WlanNetService.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100622.001\IDSvix86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NAV\1107000.00C\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NAV\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NAV\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NAV\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SymDS) -- C:\Windows\system32\drivers\NAV\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (SRS_PremiumSound_Service) -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (CRFILTER) -- C:\Windows\System32\drivers\CRFILTER.sys (Generic)
DRV - (SynasUSB) -- C:\Windows\System32\drivers\synasUSB.sys (SIA Syncrosoft)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (vcdrom) -- C:\Windows\System32\drivers\VCdRom.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 C1 C5 8A E5 D6 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: firefox@adhacker.com:0.7
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.07.01 14:41:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010.07.01 14:41:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.25 00:14:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.25 00:14:20 | 000,000,000 | ---D | M]
 
[2010.02.15 01:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ich\AppData\Roaming\mozilla\Extensions
[2011.03.03 13:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ich\AppData\Roaming\mozilla\Firefox\Profiles\7osrb7fj.default\extensions
[2010.09.04 21:10:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ich\AppData\Roaming\mozilla\Firefox\Profiles\7osrb7fj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.03 09:33:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\ich\AppData\Roaming\mozilla\Firefox\Profiles\7osrb7fj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.27 11:22:10 | 000,000,000 | ---D | M] (Ad Hacker) -- C:\Users\ich\AppData\Roaming\mozilla\Firefox\Profiles\7osrb7fj.default\extensions\firefox@adhacker.com
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\7osrb7fj.default\searchplugins\icqplugin.xml
[2010.06.23 13:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.09.01 20:23:25 | 000,000,000 | ---D | M] (Buyertools) -- C:\Program Files\mozilla firefox\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}
[2009.08.07 09:38:10 | 000,044,544 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2006.11.09 15:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2010.12.28 02:45:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.28 02:45:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.28 02:45:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.28 02:45:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.28 02:45:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.11.06 19:32:35 | 000,349,941 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 12022 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-DE/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a5cffb63-b5d2-11de-89c6-00261880042d}\Shell - "" = AutoRun
O33 - MountPoints2\{a5cffb63-b5d2-11de-89c6-00261880042d}\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.03 13:24:24 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\Neuer Ordner
[2011.03.03 09:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.2
[2011.03.03 09:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2011.02.28 15:03:26 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Roaming\Meepmu
[2011.02.28 15:03:26 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Roaming\Ewymyc
[2011.02.13 18:35:44 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinPlug Instruments
[2011.02.13 15:34:08 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\samplesfx
[2011.02.13 15:16:22 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\drumloopsfx
[2011.02.10 14:30:11 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\48
[2011.02.09 22:44:25 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\47
[2011.02.07 13:10:08 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\46
[2011.02.05 00:47:29 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\45
[2011.02.05 00:30:23 | 000,000,000 | ---D | C] -- C:\Users\ich\Desktop\FlAC
[2011.02.04 18:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applied Acoustics Systems
[2011.02.04 18:22:38 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Roaming\Applied Acoustics Systems
[2011.02.04 18:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\AAS
[2011.02.04 18:15:40 | 000,000,000 | ---D | C] -- C:\Users\ich\AppData\Roaming\foobar2000
[2011.02.04 18:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2011.02.04 18:14:56 | 003,255,045 | ---- | C] (foobar2000.org) -- C:\Users\ich\Desktop\foobar2000_v1.1.2.exe
[2009.07.31 11:05:43 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.03 22:01:59 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BB51562E-E818-4E28-995B-06C015D21A84}.job
[2011.03.03 21:39:48 | 000,645,404 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.03 21:39:48 | 000,601,332 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.03 21:39:48 | 000,132,062 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.03 21:39:48 | 000,109,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.03 21:36:02 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.03.03 21:33:37 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011.03.03 21:33:26 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011.03.03 21:33:26 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011.03.03 21:33:22 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.03.03 21:33:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.03 21:32:56 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.03 21:32:56 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.03 21:32:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.03 18:24:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.03 13:49:53 | 000,000,955 | ---- | M] () -- C:\Users\ich\Documents\TROJANERBOARD.rtf
[2011.02.28 04:45:21 | 000,639,802 | ---- | M] () -- C:\Users\ich\Desktop\Sample01.WAV.reapeaks
[2011.02.28 04:34:45 | 043,944,924 | ---- | M] () -- C:\Users\ich\Desktop\Sample01.WAV
[2011.02.23 21:09:39 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2011.02.19 16:02:54 | 063,075,512 | ---- | M] () -- C:\Users\ich\Desktop\lostcity.wav
[2011.02.07 13:10:42 | 000,088,936 | ---- | M] () -- C:\Users\ich\Desktop\drum1.wav
[2011.02.07 13:00:22 | 000,371,434 | ---- | M] () -- C:\Users\ich\Desktop\3 Road Runner.flac.reapeaks
[2011.02.07 12:59:24 | 000,184,000 | ---- | M] () -- C:\Users\ich\Desktop\10 Smokey Joe The Dreamer.flac.sfk
[2011.02.04 18:25:44 | 000,000,186 | ---- | M] () -- C:\Users\ich\Documents\Dokument.rtf
[2011.02.04 18:15:31 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2011.02.04 13:22:36 | 003,255,045 | ---- | M] (foobar2000.org) -- C:\Users\ich\Desktop\foobar2000_v1.1.2.exe
 
========== Files Created - No Company Name ==========
 
[2011.03.03 13:49:38 | 000,000,955 | ---- | C] () -- C:\Users\ich\Documents\TROJANERBOARD.rtf
[2011.02.28 04:45:20 | 000,639,802 | ---- | C] () -- C:\Users\ich\Desktop\Sample01.WAV.reapeaks
[2011.02.28 04:33:32 | 043,944,924 | ---- | C] () -- C:\Users\ich\Desktop\Sample01.WAV
[2011.02.19 16:02:52 | 063,075,512 | ---- | C] () -- C:\Users\ich\Desktop\lostcity.wav
[2011.02.07 13:10:42 | 000,088,936 | ---- | C] () -- C:\Users\ich\Desktop\drum1.wav
[2011.02.07 13:00:20 | 000,371,434 | ---- | C] () -- C:\Users\ich\Desktop\3 Road Runner.flac.reapeaks
[2011.02.07 12:52:22 | 000,184,000 | ---- | C] () -- C:\Users\ich\Desktop\10 Smokey Joe The Dreamer.flac.sfk
[2011.02.05 00:27:37 | 021,938,302 | ---- | C] () -- C:\Users\ich\Desktop\9 Killer Hill.flac
[2011.02.05 00:27:36 | 008,341,803 | ---- | C] () -- C:\Users\ich\Desktop\8 Blue Panther.flac
[2011.02.05 00:27:34 | 019,190,942 | ---- | C] () -- C:\Users\ich\Desktop\7 Hanged Man.flac
[2011.02.05 00:27:33 | 009,673,412 | ---- | C] () -- C:\Users\ich\Desktop\6 The Spic.flac
[2011.02.05 00:27:33 | 005,106,581 | ---- | C] () -- C:\Users\ich\Desktop\5 Duluth Blues.flac
[2011.02.05 00:27:30 | 026,120,367 | ---- | C] () -- C:\Users\ich\Desktop\4 The Heist.flac
[2011.02.05 00:27:28 | 016,502,457 | ---- | C] () -- C:\Users\ich\Desktop\3 Road Runner.flac
[2011.02.05 00:27:25 | 023,633,138 | ---- | C] () -- C:\Users\ich\Desktop\2 G.B.H..flac
[2011.02.05 00:27:24 | 007,783,995 | ---- | C] () -- C:\Users\ich\Desktop\13 Funky Bear.flac
[2011.02.05 00:27:23 | 012,717,095 | ---- | C] () -- C:\Users\ich\Desktop\12 The Peterman.flac
[2011.02.05 00:27:22 | 026,740,603 | ---- | C] () -- C:\Users\ich\Desktop\11 Gentle In The Night.flac
[2011.02.05 00:27:21 | 011,705,294 | ---- | C] () -- C:\Users\ich\Desktop\10 Smokey Joe The Dreamer.flac
[2011.02.05 00:27:20 | 017,079,081 | ---- | C] () -- C:\Users\ich\Desktop\1 Contract Man.flac
[2011.02.04 18:25:44 | 000,000,186 | ---- | C] () -- C:\Users\ich\Documents\Dokument.rtf
[2011.02.04 18:15:31 | 000,000,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2011.02.04 18:15:31 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010.11.08 02:05:09 | 006,640,274 | ---- | C] () -- C:\Windows\System32\Modalys_for_Arturia.dll
[2010.11.08 02:03:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2010.11.08 01:49:38 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2010.11.08 01:48:30 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2010.09.24 06:42:03 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.09.13 18:44:02 | 000,000,680 | ---- | C] () -- C:\Users\ich\AppData\Local\d3d9caps.dat
[2010.09.07 21:25:05 | 000,001,028 | ---- | C] () -- C:\Users\ich\AppData\Roaming\WavCodec.wff
[2010.06.18 13:02:57 | 000,017,408 | ---- | C] () -- C:\Users\ich\AppData\Local\WebpageIcons.db
[2010.05.24 02:07:06 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.11.25 15:53:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.11.25 15:52:59 | 000,643,072 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2009.11.25 15:52:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.11.08 14:32:44 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009.10.26 14:08:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.10.26 14:08:22 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.10.10 22:26:31 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.10.10 20:24:49 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.09.27 12:30:42 | 000,071,664 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.09.18 19:24:49 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2009.09.09 01:47:35 | 000,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2009.09.09 01:37:46 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2009.09.09 01:37:46 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2009.08.21 18:03:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009.08.21 17:39:58 | 000,228,864 | ---- | C] () -- C:\Windows\PEV.exe
[2009.08.21 17:39:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009.08.21 17:39:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009.08.21 17:39:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009.08.20 01:27:23 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.08.03 22:28:57 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2009.08.03 22:28:57 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2009.08.01 14:17:16 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat
[2009.08.01 02:11:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.07.31 13:28:12 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2009.07.31 11:25:27 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.07.31 11:20:44 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009.07.31 11:20:14 | 000,230,952 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys
[2009.07.31 11:14:03 | 000,057,344 | ---- | C] () -- C:\Windows\System32\LogonStart.dll
[2009.07.31 11:11:23 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.07.31 11:11:23 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.07.31 11:04:47 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.07.31 11:04:47 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.07.31 11:04:47 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.07.31 11:04:47 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.07.31 03:41:43 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2009.01.05 14:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.12.23 12:36:14 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 07:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.04.07 07:00:46 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll
[2008.01.21 08:15:58 | 000,645,404 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,132,062 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 17:26:10 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.12.08 13:58:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\FxShared.dll
[2006.12.08 02:52:50 | 000,069,632 | ---- | C] () -- C:\Windows\System32\com.fxpansion.fxshared.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 002,174,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,601,332 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,109,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.01.02 19:44:19 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\1l2kem2rqgrrqfijdd1vxqusdnjlexl2
[2011.02.04 18:22:38 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Applied Acoustics Systems
[2010.11.12 18:15:59 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Arturia
[2010.11.12 01:53:38 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Brass 2
[2011.01.27 15:05:04 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Celemony Software GmbH
[2011.02.23 21:33:32 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Dyozm
[2011.03.02 00:39:08 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Ewymyc
[2011.02.19 02:19:54 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\foobar2000
[2011.03.03 21:35:28 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\ICQ
[2011.01.27 15:05:03 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\KORG
[2011.03.03 15:34:36 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Meepmu
[2010.09.07 21:22:12 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\NCH Swift Sound
[2010.02.15 02:26:22 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\NetMedia Providers
[2010.06.30 23:40:46 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Propellerhead Software
[2010.02.15 02:26:22 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Publish Providers
[2011.01.07 01:54:36 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\REAPER
[2010.02.15 02:26:15 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Sony
[2010.06.24 14:32:47 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Tific
[2011.01.14 00:32:49 | 000,000,000 | ---D | M] -- C:\Users\ich\AppData\Roaming\Waos
[2011.03.03 18:42:05 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.31 10:52:40 | 000,000,158 | ---- | M] () -- C:\Windows\Tasks\task62033142.job
[2011.03.03 22:01:59 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BB51562E-E818-4E28-995B-06C015D21A84}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
--- --- ---
Geändert von baobab (03.03.2011 um 22:41 Uhr)

Alt 04.03.2011, 11:51   #2
markusg
/// Malware-holic
 
pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, ) - Standard

pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )


machst du onlinebanking /einkäufe oder sonst was wichtiges mit dem pc?
__________________

__________________
Alt 06.03.2011, 03:25   #3
baobab
 
pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, ) - Standard

pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )


nein mache kein online banking oder bezahle auch nichts per pc (paypal etc)


was kann ich denn jetzt machen?
mir fällt auch auf das kontakte auch probleme mit dem pc kriegen sobald sie mit mir "zu tun " haben... sprich Messenger, Online Spiele etc .
__________________
Alt 07.03.2011, 12:22   #4
markusg
/// Malware-holic
 
pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, ) - Standard

pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )


bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )
alternate, antivir, antivirus, audiodg.exe, autorun, avgntflt.sys, avira, backen, bds.hupigon, bho, bonjour, cdburnerxp, desktop, error, firefox, gfnexsrv.exe, google, google chrome, helper, home, intrusion prevention, java/rowindal.a, js/agent.30510, langs, location, logfile, malware, malware bytes, mozilla, nodrives, oldtimer, otl log, otl.exe, plug-in, programdata, prozess, rapide, recycle.bin, rogue.antimalwaredoctor, sched.exe, searchplugins, security, software, spyware.onlinegames, staropen, start menu, stick, symantec, system, tr/dropper.gen, tr/spy.zbot, trojan.spyeyes, trojan.zbotr.gen, updates, vista, windows, windows updates


« System Tool vollständig entfernt? | AVIRA meldet Malware ClickMe.exe »


Ähnliche Themen: pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )


  1. TR/PSW.Zbot.282624.71
    Log-Analyse und Auswertung - 11.06.2013 (12)
  2. Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (28)
  3. Sparkassen Onlin Banking Virus (Zbot.HEEP, Agent.MIXC, Zbot, Agent.ED)
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (21)
  4. Sauber nach Bereinigung mit MSSE (Win32/Zbot.gen!AJ) & AVG (Agent.7.BC)
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (13)
  5. Problem mit Trojaner Win32:Zbot-QGP + Java:Agent-CDZ + Java:Malware-gen
    Log-Analyse und Auswertung - 29.03.2013 (9)
  6. TR/Spy.ZBot.3947845 / EXP/CVE-2013-0422 / TR/Agent.112365478
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (11)
  7. TR/PSW.Zbot.61440 und TR/Agent.65536.41
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (2)
  8. Trojanische Pferd TR/Agent.57344, TR/Spy.ZBot.ifjz.1
    Log-Analyse und Auswertung - 31.01.2013 (12)
  9. PWS:Win32/Zbot malware : Trojan.Phex.TGen (File) und Trojan.Agent.IET (Registry Value und File)
    Log-Analyse und Auswertung - 16.01.2013 (15)
  10. Backdoor.Agent + Spyware.Zbot.DG
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (25)
  11. Malware auf Homepage und Rechner gefunden. 'JAVA/Agent.JT' , JAVA/Agent.10515
    Log-Analyse und Auswertung - 31.05.2011 (22)
  12. BDS/Buterat.UQ, TR/Spy.ZBot.angq, JAVA/Agent.M.1, u.a.
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (18)
  13. TR/PSW.Zbot.132096.Y.12 und Java/Agent.542
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (13)
  14. trojaner TR/Agent.ahe , TR/PCK.Katusha.O.157 , TR/PSW.Zbot.128000.Y.3 , Onlinebanking angegriffen
    Plagegeister aller Art und deren Bekämpfung - 02.08.2010 (12)
  15. PC friert ein..TR/Agent.180736.E' [trojan] 'DR/VB.odh.8' [dropper]
    Plagegeister aller Art und deren Bekämpfung - 27.08.2009 (16)
  16. Trojaner TR/Spy.Zbot.MU und Win32.Agent.pz
    Plagegeister aller Art und deren Bekämpfung - 15.01.2008 (8)
  17. Win32.Agent.pz bzw. TR/Spy.ZBot.R
    Log-Analyse und Auswertung - 04.10.2007 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, ) - Mein Rechner verhält sich sehr auffällig - hier einige der auffälligkeiten aufgelistet: - "Hostprozess musste abgebrochen werden" wird mir bei jeder Sitzung irgendwann angezeigt - danach sieht das layout sehr - pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, )...
Archiv
Du betrachtest: pc friert ein- malware (TR/Spy.Zbot, TR/Agent.282624.k , BDS.Hupigon, JS/Agent.30510, ) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129