Mail Bot - "keineantwortadresse@web.de" / OTL Auswertung

JoeCool · 29.01.2013, 19:54

Hier das Log...

Code:

ATTFilter

Emsisoft Anti-Malware - Version 7.0
Letztes Update: 29.01.2013 16:43:58

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	29.01.2013 16:48:35

Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pokerinstaller -> fullpath 	gefunden: Trace.Registry.Pacific Poker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pokerinstaller -> INSTALLER_GUID 	gefunden: Trace.Registry.Pacific Poker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pokerinstaller -> URL_CASINO_2 	gefunden: Trace.Registry.Pacific Poker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 1 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 10 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 2 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 4 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 5 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 6 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 7 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 9 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> AdsLastKnownState 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> AppPath 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> id 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> InitialPort 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> InstallState 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> MuckLosingHand 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> SL 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> TableType 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> useCount 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming -> AutoLoginToOtherGames 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming -> CFDialogShown 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming -> FreshInstall 	gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming -> OldCFformat 	gefunden: Trace.Registry.PartyPoker (A)
Key: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pacificpoker 	gefunden: Trace.Registry.PacificPoker (A)
Key: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pacificpoker\poker 	gefunden: Trace.Registry.PacificPoker (A)
Key: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pacificpoker\poker\init 	gefunden: Trace.Registry.PacificPoker (A)
Key: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pokerinstaller 	gefunden: Trace.Registry.PacificPoker (A)
C:\_OTL\MovedFiles\01292013_143720\C_Users\JoeCool\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\70c8b149-144060e7 -> mljkccgatytdpepmqr/avbrwneevbmdsajhwrnmg.class 	gefunden: Exploit.Java.CVE-2012-1723.P (B)
C:\_OTL\MovedFiles\01292013_143720\C_Users\JoeCool\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\70c8b149-144060e7 -> mljkccgatytdpepmqr/catuvtfhvrnvumbqpvbkvn.class 	gefunden: Exploit.Java.CVE-2012-1723.P (B)
C:\_OTL\MovedFiles\01292013_143720\C_Users\JoeCool\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\70c8b149-144060e7 -> mljkccgatytdpepmqr/emmvuynwdtvevtvpgd.class 	gefunden: Exploit.Java.CVE-2012-1723.P (B)
C:\_OTL\MovedFiles\01292013_143720\C_Users\JoeCool\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\70c8b149-144060e7 -> mljkccgatytdpepmqr/frkegksrybmvqatwnqasnbvdn.class 	gefunden: Exploit.Java.CVE-2012-1723.P (B)
C:\_OTL\MovedFiles\01292013_143720\C_Users\JoeCool\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\70c8b149-144060e7 -> mljkccgatytdpepmqr/gvaqehmjdcqmrvegth.class 	gefunden: Exploit.Java.CVE-2012-1723.P (B)
C:\_OTL\MovedFiles\01292013_143720\C_Users\JoeCool\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\70c8b149-144060e7 -> mljkccgatytdpepmqr/gwbheghvcybpuq.class 	gefunden: Exploit.Java.CVE-2012-1723.P (B)
C:\_OTL\MovedFiles\01292013_143720\C_Users\JoeCool\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\70c8b149-144060e7 -> mljkccgatytdpepmqr/hmkshqqlldbcfeypmllnygtnk.class 	gefunden: Exploit.Java.CVE-2012-1723.P (B)
C:\_OTL\MovedFiles\01292013_143720\C_Users\JoeCool\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\70c8b149-144060e7 -> mljkccgatytdpepmqr/hstndyvqyphwhahphmlhaflp.class 	gefunden: Exploit.Java.CVE-2012-1723.P (B)
C:\_OTL\MovedFiles\01292013_143720\C_Users\JoeCool\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\70c8b149-144060e7 -> mljkccgatytdpepmqr/lcphgvyrrgjsgknpmjmherj.class 	gefunden: Exploit.Java.CVE-2012-1723.P (B)
C:\_OTL\MovedFiles\01292013_143720\C_Users\JoeCool\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\70c8b149-144060e7 -> mljkccgatytdpepmqr/vmnpeehevclys.class 	gefunden: Exploit.Java.CVE-2012-1723.P (B)
C:\Users\JoeCool\Downloads\a-pdf-lb.exe 	gefunden: Trojan.Win32.FakeAV (A)

Gescannt	498529
Gefunden	39

Scan Ende:	29.01.2013 18:31:14
Scan Zeit:	1:42:39

C:\Users\JoeCool\Downloads\a-pdf-lb.exe	Quarantäne Trojan.Win32.FakeAV (A)
C:\_OTL\MovedFiles\01292013_143720\C_Users\JoeCool\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\70c8b149-144060e7 -> mljkccgatytdpepmqr/avbrwneevbmdsajhwrnmg.class	Quarantäne Exploit.Java.CVE-2012-1723.P (B)
Key: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pacificpoker	Quarantäne Trace.Registry.PacificPoker (A)
Key: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pacificpoker\poker	Quarantäne Trace.Registry.PacificPoker (A)
Key: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pacificpoker\poker\init	Quarantäne Trace.Registry.PacificPoker (A)
Key: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pokerinstaller	Quarantäne Trace.Registry.PacificPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 1	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 10	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 2	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 4	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 5	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 6	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 7	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> 9	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> AdsLastKnownState	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> AppPath	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> id	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> InitialPort	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> InstallState	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> MuckLosingHand	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> SL	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> TableType	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming\partypoker -> useCount	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming -> AutoLoginToOtherGames	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming -> CFDialogShown	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming -> FreshInstall	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\partygaming -> OldCFformat	Quarantäne Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pokerinstaller -> fullpath	Quarantäne Trace.Registry.Pacific Poker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pokerinstaller -> INSTALLER_GUID	Quarantäne Trace.Registry.Pacific Poker (A)
Value: hkey_users\s-1-5-21-3899731673-2456997713-1197237625-1001\software\pokerinstaller -> URL_CASINO_2	Quarantäne Trace.Registry.Pacific Poker (A)

Quarantäne	30

Mail Bot - "keineantwortadresse@web.de" / OTL Auswertung

Plagegeister aller Art und deren Bekämpfung: Mail Bot - "keineantwortadresse@web.de" / OTL Auswertung

Mail Bot - "keineantwortadresse@web.de" / OTL Auswertung

Ähnliche Themen: Mail Bot - "keineantwortadresse@web.de" / OTL Auswertung