Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Telekom Abuse: Spamversand

Telekom Abuse: Spamversand


Log-Analyse und Auswertung: Telekom Abuse: Spamversand

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.07.2012, 14:53   #1
amarie
 
Telekom Abuse: Spamversand - Standard

Telekom Abuse: Spamversand


Hallo zusammen,

wie einige andere hier auch habe ich dieser Tage Post von der Telekom erhalten: Angeblich werden von unserer IP aus Spam-Mails versandt.

Weder ich noch Avira konnten verdächtige Aktivitäten feststellen, aber das heißt nicht viel - also bin ich den Instruktionen hier gefolgt und wäre für Hinweise sehr dankbar!

Nachtrag: Unser WLAN ist mit WPA2 verschlüsselt, im Haushalt gibt es drei Windows-PCs; hier habe ich zunächst nur die Ergebnisse der Untersuchung meines PCs aufgelistet.

gmer.log
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-17 20:37:28
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: gmer.exe; Driver: C:\Users\amarie\AppData\Local\Temp\uwliqfow.sys


---- System - GMER 1.0.15 ----

SSDT   8A3E0B6E                                  ZwCreateSection
SSDT   8A3E0B73                                  ZwSetContextThread
SSDT   8A3E0B0F                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!KeSetEvent + 215             81EE88D8 4 Bytes  [6E, 0B, 3E, 8A]
.text  ntkrnlpa.exe!KeSetEvent + 56D             81EE8C30 4 Bytes  [73, 0B, 3E, 8A]
.text  ntkrnlpa.exe!KeSetEvent + 621             81EE8CE4 4 Bytes  [0F, 0B, 3E, 8A]
.text  C:\Windows\system32\DRIVERS\nvlddmkm.sys  section is writeable [0x8B80F380, 0x3590D2, 0xE8000020]

---- EOF - GMER 1.0.15 ----
--- --- ---


otl.log
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.07.2012 19:02:54 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\amarie\Desktop\malware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,49% Memory free
4,23 Gb Paging File | 2,91 Gb Available in Paging File | 68,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,19 Gb Total Space | 64,36 Gb Free Space | 57,88% Space Free | Partition Type: NTFS
Drive D: | 110,95 Gb Total Space | 103,07 Gb Free Space | 92,89% Space Free | Partition Type: NTFS
 
Computer Name: ANNELIE-PC | User Name: amarie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.17 18:58:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\amarie\Desktop\malware\OTL.exe
PRC - [2012.06.19 07:32:03 | 000,400,352 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011.09.11 21:47:16 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\amarie\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.08.20 19:05:44 | 000,048,618 | ---- | M] (The Pidgin developer community) -- C:\Program Files\Pidgin\pidgin.exe
PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.21 07:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.16 14:47:00 | 000,753,664 | ---- | M] () -- C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
PRC - [2010.09.16 14:47:00 | 000,593,920 | ---- | M] ( ) -- C:\Windows\System32\lmabcoms.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.07.06 05:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.27 11:15:34 | 000,752,136 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007.06.11 14:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007.03.21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.19 07:32:05 | 001,977,312 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012.06.19 07:32:05 | 000,162,784 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.06.19 07:32:05 | 000,021,984 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011.09.12 08:39:12 | 000,219,305 | ---- | M] () -- C:\Program Files\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2011.09.12 08:39:12 | 000,095,189 | ---- | M] () -- C:\Program Files\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
MOD - [2011.09.12 08:39:12 | 000,090,496 | ---- | M] () -- C:\Program Files\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2011.09.12 08:39:12 | 000,055,808 | ---- | M] () -- C:\Program Files\Pidgin\Gtk\bin\zlib1.dll
MOD - [2011.09.12 08:39:11 | 000,904,525 | ---- | M] () -- C:\Program Files\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2011.09.12 08:39:11 | 000,535,264 | ---- | M] () -- C:\Program Files\Pidgin\Gtk\bin\freetype6.dll
MOD - [2011.09.12 08:39:11 | 000,482,872 | ---- | M] () -- C:\Program Files\Pidgin\Gtk\bin\libgio-2.0-0.dll
MOD - [2011.09.12 08:39:11 | 000,279,059 | ---- | M] () -- C:\Program Files\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2011.09.12 08:39:11 | 000,143,096 | ---- | M] () -- C:\Program Files\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2011.08.20 19:05:44 | 000,325,180 | ---- | M] () -- C:\Program Files\Pidgin\libjabber.dll
MOD - [2011.08.20 19:05:44 | 000,288,309 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libmsn.dll
MOD - [2011.08.20 19:05:44 | 000,251,285 | ---- | M] () -- C:\Program Files\Pidgin\liboscar.dll
MOD - [2011.08.20 19:05:44 | 000,190,214 | ---- | M] () -- C:\Program Files\Pidgin\libymsg.dll
MOD - [2011.08.20 19:05:44 | 000,180,516 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libgg.dll
MOD - [2011.08.20 19:05:44 | 000,147,158 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libsilc.dll
MOD - [2011.08.20 19:05:44 | 000,119,368 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libmxit.dll
MOD - [2011.08.20 19:05:44 | 000,093,250 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libsametime.dll
MOD - [2011.08.20 19:05:44 | 000,087,918 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libnovell.dll
MOD - [2011.08.20 19:05:44 | 000,086,376 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libmyspace.dll
MOD - [2011.08.20 19:05:44 | 000,075,085 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libirc.dll
MOD - [2011.08.20 19:05:44 | 000,070,345 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libbonjour.dll
MOD - [2011.08.20 19:05:44 | 000,061,569 | ---- | M] () -- C:\Program Files\Pidgin\plugins\spellchk.dll
MOD - [2011.08.20 19:05:44 | 000,043,176 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libsimple.dll
MOD - [2011.08.20 19:05:44 | 000,038,873 | ---- | M] () -- C:\Program Files\Pidgin\plugins\log_reader.dll
MOD - [2011.08.20 19:05:44 | 000,033,896 | ---- | M] () -- C:\Program Files\Pidgin\plugins\xmppdisco.dll
MOD - [2011.08.20 19:05:44 | 000,029,185 | ---- | M] () -- C:\Program Files\Pidgin\plugins\xmppconsole.dll
MOD - [2011.08.20 19:05:44 | 000,023,339 | ---- | M] () -- C:\Program Files\Pidgin\plugins\themeedit.dll
MOD - [2011.08.20 19:05:44 | 000,022,446 | ---- | M] () -- C:\Program Files\Pidgin\plugins\ticker.dll
MOD - [2011.08.20 19:05:44 | 000,022,242 | ---- | M] () -- C:\Program Files\Pidgin\plugins\pidginrc.dll
MOD - [2011.08.20 19:05:44 | 000,021,753 | ---- | M] () -- C:\Program Files\Pidgin\plugins\win2ktrans.dll
MOD - [2011.08.20 19:05:44 | 000,021,709 | ---- | M] () -- C:\Program Files\Pidgin\plugins\winprefs.dll
MOD - [2011.08.20 19:05:44 | 000,021,699 | ---- | M] () -- C:\Program Files\Pidgin\plugins\notify.dll
MOD - [2011.08.20 19:05:44 | 000,018,706 | ---- | M] () -- C:\Program Files\Pidgin\plugins\ssl-nss.dll
MOD - [2011.08.20 19:05:44 | 000,017,910 | ---- | M] () -- C:\Program Files\Pidgin\plugins\convcolors.dll
MOD - [2011.08.20 19:05:44 | 000,016,371 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libxmpp.dll
MOD - [2011.08.20 19:05:44 | 000,016,330 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libyahoo.dll
MOD - [2011.08.20 19:05:44 | 000,016,291 | ---- | M] () -- C:\Program Files\Pidgin\plugins\timestamp_format.dll
MOD - [2011.08.20 19:05:44 | 000,014,269 | ---- | M] () -- C:\Program Files\Pidgin\plugins\markerline.dll
MOD - [2011.08.20 19:05:44 | 000,013,426 | ---- | M] () -- C:\Program Files\Pidgin\plugins\autoaccept.dll
MOD - [2011.08.20 19:05:44 | 000,013,291 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libyahoojp.dll
MOD - [2011.08.20 19:05:44 | 000,012,953 | ---- | M] () -- C:\Program Files\Pidgin\plugins\timestamp.dll
MOD - [2011.08.20 19:05:44 | 000,012,380 | ---- | M] () -- C:\Program Files\Pidgin\plugins\history.dll
MOD - [2011.08.20 19:05:44 | 000,011,517 | ---- | M] () -- C:\Program Files\Pidgin\plugins\idle.dll
MOD - [2011.08.20 19:05:44 | 000,011,029 | ---- | M] () -- C:\Program Files\Pidgin\plugins\joinpart.dll
MOD - [2011.08.20 19:05:44 | 000,010,521 | ---- | M] () -- C:\Program Files\Pidgin\plugins\offlinemsg.dll
MOD - [2011.08.20 19:05:44 | 000,010,015 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libicq.dll
MOD - [2011.08.20 19:05:44 | 000,009,712 | ---- | M] () -- C:\Program Files\Pidgin\plugins\extplacement.dll
MOD - [2011.08.20 19:05:44 | 000,009,476 | ---- | M] () -- C:\Program Files\Pidgin\plugins\statenotify.dll
MOD - [2011.08.20 19:05:44 | 000,009,084 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libaim.dll
MOD - [2011.08.20 19:05:44 | 000,009,055 | ---- | M] () -- C:\Program Files\Pidgin\plugins\sendbutton.dll
MOD - [2011.08.20 19:05:44 | 000,008,927 | ---- | M] () -- C:\Program Files\Pidgin\plugins\relnot.dll
MOD - [2011.08.20 19:05:44 | 000,008,878 | ---- | M] () -- C:\Program Files\Pidgin\plugins\psychic.dll
MOD - [2011.08.20 19:05:44 | 000,007,645 | ---- | M] () -- C:\Program Files\Pidgin\plugins\gtkbuddynote.dll
MOD - [2011.08.20 19:05:44 | 000,006,954 | ---- | M] () -- C:\Program Files\Pidgin\plugins\newline.dll
MOD - [2011.08.20 19:05:44 | 000,006,875 | ---- | M] () -- C:\Program Files\Pidgin\plugins\iconaway.dll
MOD - [2011.08.20 19:05:44 | 000,006,751 | ---- | M] () -- C:\Program Files\Pidgin\plugins\buddynote.dll
MOD - [2011.08.20 19:05:44 | 000,006,526 | ---- | M] () -- C:\Program Files\Pidgin\plugins\ssl.dll
MOD - [2011.08.20 19:05:42 | 002,719,062 | ---- | M] () -- C:\Program Files\Pidgin\libsilc-1-1-2.dll
MOD - [2011.08.20 19:05:42 | 001,206,642 | ---- | M] () -- C:\Program Files\Pidgin\libsilcclient-1-1-2.dll
MOD - [2011.08.20 19:05:42 | 000,582,656 | ---- | M] () -- C:\Program Files\Pidgin\exchndl.dll
MOD - [2011.08.20 19:05:42 | 000,475,580 | ---- | M] () -- C:\Program Files\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2011.08.20 19:05:42 | 000,417,501 | ---- | M] () -- C:\Program Files\Pidgin\sqlite3.dll
MOD - [2011.08.20 19:05:42 | 000,173,805 | ---- | M] () -- C:\Program Files\Pidgin\libmeanwhile-1.dll
MOD - [2011.08.20 19:05:40 | 001,213,633 | ---- | M] () -- C:\Program Files\Pidgin\libxml2-2.dll
MOD - [2011.04.07 00:45:14 | 000,028,160 | ---- | M] () -- C:\Program Files\Pidgin\plugins\libskype.dll
MOD - [2010.09.16 14:47:00 | 001,114,112 | ---- | M] () -- C:\Program Files\Lexmark\Monitor\ACB\LMabDRS.dll
MOD - [2010.09.16 14:47:00 | 000,753,664 | ---- | M] () -- C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
MOD - [2010.09.16 14:47:00 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark\Monitor\ACB\LMabSCW.dll
MOD - [2010.09.16 14:47:00 | 000,147,456 | ---- | M] () -- C:\Program Files\Lexmark\Monitor\ACB\lmabcaps.dll
MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.07.11 19:51:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.16 09:28:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.16 14:47:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lmabcoms.exe -- (lmab_device)
SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.03.21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.09.12 08:02:24 | 000,022,528 | ---- | M] (pBUS-167 Software - hxxp://www.pbus-167.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.02 15:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009.03.02 15:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.08.23 17:45:00 | 007,617,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.08 02:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.08.02 15:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.06.14 04:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.07 10:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.30 07:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {A958690E-6DE3-4D13-AA27-34E9F8037769}
IE - HKCU\..\SearchScopes\{A958690E-6DE3-4D13-AA27-34E9F8037769}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 09:28:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.19 07:32:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 09:28:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.09.12 08:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\amarie\AppData\Roaming\mozilla\Extensions
[2012.07.04 13:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\amarie\AppData\Roaming\mozilla\Firefox\Profiles\o9domw5i.default\extensions
[2011.09.12 08:26:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\amarie\AppData\Roaming\mozilla\Firefox\Profiles\o9domw5i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.18 08:57:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.04 13:26:12 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\ANNELIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O9DOMW5I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.16 09:28:15 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.08 07:45:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.08 07:45:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.08 07:45:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.08 07:45:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.08 07:45:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.08 07:45:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LMPSSDMON] C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe File not found
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\amarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - Startup: C:\Users\amarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk =  File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68B23B55-B9B6-4F07-B338-088AD231145A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\amarie\AppData\Roaming\Microsoft\Windows Photo Gallery\Seerose_HDR.jpg
O24 - Desktop BackupWallPaper: C:\Users\amarie\AppData\Roaming\Microsoft\Windows Photo Gallery\Seerose_HDR.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{313206f6-128d-11e1-b397-dcdd24289647}\Shell - "" = AutoRun
O33 - MountPoints2\{313206f6-128d-11e1-b397-dcdd24289647}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{313206f9-128d-11e1-b397-9ac83afb3c51}\Shell - "" = AutoRun
O33 - MountPoints2\{313206f9-128d-11e1-b397-9ac83afb3c51}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.17 18:59:23 | 000,000,000 | ---D | C] -- C:\Users\amarie\Desktop\malware
[2012.06.23 15:45:40 | 000,000,000 | ---D | C] -- C:\Users\amarie\AppData\Local\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 19:01:56 | 000,000,000 | ---- | M] () -- C:\Users\amarie\defogger_reenable
[2012.07.17 18:59:23 | 000,027,525 | ---- | M] () -- C:\Users\amarie\AppData\Roaming\nvModes.001
[2012.07.17 18:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 18:29:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 18:10:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 17:36:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 17:36:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 09:10:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 07:36:49 | 2145,370,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 13:45:24 | 000,027,525 | ---- | M] () -- C:\Users\amarie\AppData\Roaming\nvModes.dat
[2012.07.12 12:28:48 | 000,328,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.10 11:40:01 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.10 11:40:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.10 11:40:01 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.10 11:40:01 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.21 20:34:25 | 000,000,680 | ---- | M] () -- C:\Users\amarie\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2012.07.17 19:01:56 | 000,000,000 | ---- | C] () -- C:\Users\amarie\defogger_reenable
[2012.01.18 09:57:20 | 000,000,000 | ---- | C] () -- C:\Users\amarie\AppData\Local\{0D01474F-7FBF-46EA-B438-06696B468CEA}
[2011.12.14 14:57:52 | 000,000,218 | ---- | C] () -- C:\Users\amarie\.recently-used.xbel
[2011.12.01 12:52:47 | 000,000,680 | ---- | C] () -- C:\Users\amarie\AppData\Local\d3d9caps.dat
[2011.10.30 13:12:37 | 000,006,144 | ---- | C] () -- C:\Users\amarie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.19 17:09:55 | 000,000,023 | ---- | C] () -- C:\Windows\hks.ini
[2011.09.19 17:09:51 | 000,000,044 | ---- | C] () -- C:\Windows\odbcddp.ini
[2011.09.19 17:09:50 | 000,006,496 | ---- | C] () -- C:\Windows\ODBCADM.EXE
[2011.09.19 17:09:49 | 000,001,053 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.09.19 17:09:49 | 000,000,969 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.17 10:57:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.09.17 10:57:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.09.15 10:06:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.09.14 15:41:41 | 000,401,408 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2011.09.14 15:40:37 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll
[2011.09.14 15:40:36 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll
[2011.09.14 15:39:58 | 001,044,480 | ---- | C] ( ) -- C:\Windows\System32\lmabserv.dll
[2011.09.14 15:39:58 | 000,909,312 | ---- | C] ( ) -- C:\Windows\System32\lmabip1.dll
[2011.09.14 15:39:58 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lmabusb1.dll
[2011.09.14 15:39:58 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lmabcomc.dll
[2011.09.14 15:39:58 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lmabpmui.dll
[2011.09.14 15:39:58 | 000,593,920 | ---- | C] ( ) -- C:\Windows\System32\lmabcoms.exe
[2011.09.14 15:39:58 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lmablmpm.dll
[2011.09.14 15:39:58 | 000,479,232 | ---- | C] ( ) -- C:\Windows\System32\lmabpar1.dll
[2011.09.14 15:39:58 | 000,454,656 | ---- | C] ( ) -- C:\Windows\System32\lmabiobj.dll
[2011.09.14 15:39:58 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lmabcomm.dll
[2011.09.14 15:39:58 | 000,368,640 | ---- | C] ( ) -- C:\Windows\System32\lmabinpa.dll
[2011.09.14 15:39:58 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lmabhcp.dll
[2011.09.14 15:39:58 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lmabiesc.dll
[2011.09.12 07:31:24 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2011.09.12 07:31:10 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2011.09.11 22:27:15 | 000,027,525 | ---- | C] () -- C:\Users\amarie\AppData\Roaming\nvModes.001
[2011.09.11 22:22:00 | 000,027,525 | ---- | C] () -- C:\Users\amarie\AppData\Roaming\nvModes.dat
[2011.09.11 21:56:17 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2011.09.11 21:56:17 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2011.09.11 21:37:43 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2011.09.11 21:37:43 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2011.09.11 21:37:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2011.09.11 21:37:43 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2011.09.11 21:37:43 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2011.09.11 21:37:43 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
 
========== LOP Check ==========
 
[2012.07.17 19:08:51 | 000,000,000 | ---D | M] -- C:\Users\amarie\AppData\Roaming\.purple
[2011.09.19 16:10:12 | 000,000,000 | ---D | M] -- C:\Users\amarie\AppData\Roaming\Cornelsen
[2012.05.14 15:18:50 | 000,000,000 | ---D | M] -- C:\Users\amarie\AppData\Roaming\gtk-2.0
[2011.09.14 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\amarie\AppData\Roaming\LibreOffice
[2011.09.12 08:27:01 | 000,000,000 | ---D | M] -- C:\Users\amarie\AppData\Roaming\Thunderbird
[2012.07.16 21:14:38 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.07.2012 19:02:54 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\amarie\Desktop\malware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,49% Memory free
4,23 Gb Paging File | 2,91 Gb Available in Paging File | 68,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,19 Gb Total Space | 64,36 Gb Free Space | 57,88% Space Free | Partition Type: NTFS
Drive D: | 110,95 Gb Total Space | 103,07 Gb Free Space | 92,89% Space Free | Partition Type: NTFS
 
Computer Name: ANNELIE-PC | User Name: amarie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [grepWin...] -- C:\Program Files\grepWin\grepWin.exe /searchpath:"%1" (hxxp://tools.tortoisesvn.net)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28E1812B-D1E9-48C7-8843-1A1908863A24}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{5F42D5F3-340B-403D-AB56-1BED22A5EFAA}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{6D4282FF-3832-4DF8-A5F3-92DEEFCAEB9C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8B65A6A0-5035-403E-9237-6BB38862DBFB}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{AA965207-DCBB-4806-B78B-57DBFD2725DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACE8BA82-0B4D-42B9-8471-E0903EC1F831}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{BF88B3BD-1B98-4EC4-8935-4EC349738975}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"{C125C4EC-6ABA-4163-95C5-DAF5931FAECD}" = dir=in | app=c:\windows\system32\lmabcoms.exe | 
"{CDCFD7B0-710C-4174-AF30-74AC7A130015}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"{DFAFE094-D4C1-48A8-BC82-E2143ABB895B}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{E61FF275-CAE1-4C42-A592-22E6FF02ACB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{063B56FA-98E2-4C38-84EF-B5012149BABF}" = grepWin
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A10CD9-E281-4F3F-850E-F41D144B97C6}" = LibreOffice 3.4 Help Pack (German)
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera 
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}" = Big Kahuna Reef 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111730193}" = Star Defender 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = Mystery Case Files Ravenhearst
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Lexmark_HostCD" = Lexmark Software deinstallieren
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
"NVIDIA Drivers" = NVIDIA Drivers
"Pidgin" = Pidgin
"ProInst" = Intel PROSet Wireless
"Samsung ML-1510_700 Series" = Samsung ML-1510_700 Series
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.11.2011 08:10:18 | Computer Name = amarie-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 29.12.2011 04:02:55 | Computer Name = amarie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ePowerSvc.exe, Version 2.5.4021.0, Zeitstempel
 0x46ea2b0d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x015ab7af,  Prozess-ID 0xd78, Anwendungsstartzeit
 01ccc600417b7e0a.
 
Error - 22.01.2012 08:37:53 | Computer Name = amarie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.3.1.289, Zeitstempel
 0x4e5d9511, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x24005ec7,  Prozess-ID 0x2c4, Anwendungsstartzeit
 01ccd8f4a951d4d0.
 
Error - 30.01.2012 07:50:51 | Computer Name = amarie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 16.02.2012 08:16:08 | Computer Name = amarie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 01.03.2012 14:56:00 | Computer Name = amarie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Skype.exe, Version 5.5.0.124, Zeitstempel 0x4e96a02b,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
 0xc0000005, Fehleroffset 0x00065f7f,  Prozess-ID 0x390, Anwendungsstartzeit 01ccf77858a8ecf8.
 
Error - 24.05.2012 15:03:01 | Computer Name = amarie-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 24.05.2012 15:03:01 | Computer Name = amarie-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 26.06.2012 02:20:37 | Computer Name = amarie-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 26.06.2012 02:20:37 | Computer Name = amarie-PC | Source = System Restore | ID = 8210
Description = 
 
[ System Events ]
Error - 12.09.2011 01:49:34 | Computer Name = amarie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 12.09.2011 01:49:34 | Computer Name = amarie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 12.09.2011 01:49:34 | Computer Name = amarie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 12.09.2011 01:49:34 | Computer Name = amarie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 12.09.2011 01:49:34 | Computer Name = amarie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 12.09.2011 01:49:34 | Computer Name = amarie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 12.09.2011 01:49:34 | Computer Name = amarie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 12.09.2011 01:49:34 | Computer Name = amarie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 12.09.2011 01:49:34 | Computer Name = amarie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 12.09.2011 01:49:34 | Computer Name = amarie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
 
< End of report >
--- --- ---
Geändert von amarie (18.07.2012 um 15:08 Uhr)

Alt 23.07.2012, 08:33   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Telekom Abuse: Spamversand - Standard

Telekom Abuse: Spamversand


Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Antwort

Themen zu Telekom Abuse: Spamversand
.com, 7-zip, antivir, autorun, avira, bho, desktop, error, excel, firefox, flash player, format, gmer.log, google earth, helper, home, install.exe, launch, logfile, microsoft office word, monitor, mozilla, ntdll.dll, office 2007, plug-in, popup, realtek, registry, rundll, scan, searchscopes, software, symantec, system, vista


« SMART HDD - Trojaner | Taskmananger läuft nicht -Bedrohungen gefunden »


Ähnliche Themen: Telekom Abuse: Spamversand


  1. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  2. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  3. Telekom Abuse-Meldung Bedep
    Log-Analyse und Auswertung - 15.06.2015 (15)
  4. Spamversand über meinen Anschluß, Telekom Abuse Team sperrt Mailversand
    Log-Analyse und Auswertung - 03.04.2015 (11)
  5. Sicherheitswarnung Telekom Abuse Team
    Log-Analyse und Auswertung - 10.02.2015 (13)
  6. Telekom Abuse Brief
    Log-Analyse und Auswertung - 09.09.2013 (19)
  7. Abuse von Telekom (openresolvers oder sinkhole)
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (5)
  8. Brief von Telekom Abuse Team erhalten- Spamversand.
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (18)
  9. Telekom schickt abuse Brief (Sinkhole)
    Log-Analyse und Auswertung - 06.07.2013 (36)
  10. Spam Verdacht Telekom Abuse
    Log-Analyse und Auswertung - 25.06.2013 (6)
  11. Telekom Abuse
    Log-Analyse und Auswertung - 12.03.2013 (20)
  12. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  13. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)
  14. telekom Abuse Meldung malware
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (9)
  15. Sperrdrohung von der Telekom wg. Spamversand
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  16. Telekom Abuse Meldung: Rootkit
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (14)
  17. Übermäßiger Spamversand (von der Telekom angemahnt)
    Plagegeister aller Art und deren Bekämpfung - 12.04.2010 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Telekom Abuse: Spamversand - Hallo zusammen, wie einige andere hier auch habe ich dieser Tage Post von der Telekom erhalten: Angeblich werden von unserer IP aus Spam-Mails versandt. Weder ich noch Avira konnten verdächtige - Telekom Abuse: Spamversand...
Archiv
Du betrachtest: Telekom Abuse: Spamversand auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55