Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Telekom Abuse - Mailversandsperre - Malware(?) gefunden

Telekom Abuse - Mailversandsperre - Malware(?) gefunden


Plagegeister aller Art und deren Bekämpfung: Telekom Abuse - Mailversandsperre - Malware(?) gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.04.2010, 22:08   #1
jaseleme
 
Telekom Abuse - Mailversandsperre - Malware(?) gefunden - Standard

Telekom Abuse - Mailversandsperre - Malware(?) gefunden


Hallo,

bin neu hier, kenne mich nicht so gut aus mit dem ganzem Kram hier, hoffe ich mache alles richtig..

Habe vom Deutsche Telekom Abuse Team eine Mailversandsperre gekriegt, da Spam von meinem Mailserver verschickt wird. Habe bereits eine Datei durch ANTIVIR (FREE ANTIVIRUS GUARD) gefunden ( C:\Windows\System32\drivers\cwezora.sys ) , bekomme sie allerdings nicht weg. Habe dann den GMER heruntergeladen und folgenden Bericht gescannt:



GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-26 22:47:26
Windows 6.0.6002 Service Pack 2
Running: q58ddr29.exe; Driver: C:\Users\Andy\AppData\Local\Temp\kgtdrpob.sys


---- System - GMER 1.0.15 ----

INT 0x62 ? 85791BF8
INT 0x72 ? 85791BF8
INT 0x82 ? 86120BF8
INT 0x82 ? 879A8F00
INT 0x82 ? 86120BF8
INT 0x92 ? 879A8F00
INT 0xA3 ? 879A8F00
INT 0xB1 ? 85790BF8
INT 0xB1 ? 85790BF8
INT 0xB2 ? 879A8F00
INT 0xB3 ? 879A8F00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\sphh.sys Das System kann den angegebenen Pfad nicht finden. !
? System32\Drivers\cwezora.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
PAGE ataport.SYS!DllUnload 836E1B2E 5 Bytes JMP 857911D8
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F807340, 0x39BD97, 0xE8000020]
.text USBPORT.SYS!DllUnload 8EEF441B 5 Bytes JMP 879A84E0
.text a4ct0sol.SYS 8AF7F000 22 Bytes [82, 73, 7D, 82, 6C, 72, 7D, ...]
.text a4ct0sol.SYS 8AF7F017 45 Bytes [00, 32, 47, B9, 82, 3D, 45, ...]
.text a4ct0sol.SYS 8AF7F045 135 Bytes [DA, 4B, 82, FD, 59, 45, 82, ...]
.text a4ct0sol.SYS 8AF7F0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6D, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; INSD ; POPF ; SCASB ; DEC EAX}
.text a4ct0sol.SYS 8AF7F0DA 12 Bytes [00, 00, 02, 00, 00, 00, 26, ...]
.text ...
.text aqp3u5ww.SYS 8F208000 22 Bytes [82, 73, 7D, 82, 6C, 72, 7D, ...]
.text aqp3u5ww.SYS 8F208017 159 Bytes [00, 32, 47, B9, 82, 3D, 45, ...]
.text aqp3u5ww.SYS 8F2080B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aqp3u5ww.SYS 8F2080CE 80 Bytes [00, 00, 26, 00, 00, 00, E0, ...]
.text aqp3u5ww.SYS 8F20811F 194 Bytes [7E, 38, 40, 39, 82, 3B, C4, ...]
.text ...
PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 9C85103F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9C8510AF 1 Byte [16]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9C8510AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 9C851130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 9C851137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...
C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl entry point in "" section [0x9E185000]
.clc C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl unknown last section [0x9E186000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!SetWindowsHookExW 76D287AD 5 Bytes JMP 6E679521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!CallNextHookEx 76D28E3B 5 Bytes JMP 6E66CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!UnhookWindowsHookEx 76D298DB 5 Bytes JMP 6E5E43F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!CreateWindowExW 76D31305 5 Bytes JMP 6E67D3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DialogBoxParamW 76D510B0 5 Bytes JMP 6E5A51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DialogBoxIndirectParamW 76D52EF5 5 Bytes JMP 6E773C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DialogBoxParamA 76D68152 5 Bytes JMP 6E773BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DialogBoxIndirectParamA 76D6847D 5 Bytes JMP 6E773C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxIndirectA 76D7D4D9 5 Bytes JMP 6E773B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxIndirectW 76D7D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxIndirectW 76D7D5D3 5 Bytes JMP 6E773AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxExA 76D7D639 5 Bytes JMP 6E773A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxExW 76D7D65D 5 Bytes JMP 6E773A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] ole32.dll!OleLoadFromStream 76BA1E12 5 Bytes JMP 6E773F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1240] ole32.dll!CoCreateInstance 76BD9EA6 5 Bytes JMP 6E67D408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\Explorer.EXE[1436] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 760AB364 4 Bytes [F0, 1F, 00, 10]
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!CreateWindowExW 76D31305 5 Bytes JMP 6E67D3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxParamW 76D510B0 5 Bytes JMP 6E5A51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxIndirectParamW 76D52EF5 5 Bytes JMP 6E773C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxParamA 76D68152 5 Bytes JMP 6E773BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxIndirectParamA 76D6847D 5 Bytes JMP 6E773C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxIndirectA 76D7D4D9 5 Bytes JMP 6E773B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxIndirectW 76D7D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxIndirectW 76D7D5D3 5 Bytes JMP 6E773AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxExA 76D7D639 5 Bytes JMP 6E773A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxExW 76D7D65D 5 Bytes JMP 6E773A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82A8B6D2] \SystemRoot\System32\Drivers\sphh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82A8B040] \SystemRoot\System32\Drivers\sphh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82A8B7FC] \SystemRoot\System32\Drivers\sphh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82A8B0BE] \SystemRoot\System32\Drivers\sphh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82A8B13C] \SystemRoot\System32\Drivers\sphh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82A9B048] \SystemRoot\System32\Drivers\sphh.sys
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortNotification] 009E840F
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortWritePortUchar] 8B660000
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortWritePortUlong] 89662448
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 4D8BE84D
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 02C183E8
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortGetScatterGatherList] EA4D8966
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortReadPortUchar] 0320488B
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortStallExecution] 08458DC8
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortGetParentBusType] 8D575750
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortRequestCallback] 6850F045
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortWritePortBufferUshort] B0020000
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 50E8458D
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortCompleteRequest] 4FBC35FF
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortMoveMemory] 4D898AFA
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 45C757EC
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 000001F0
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E5FEE800
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortReadPortUshort] C73B0001
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C8A14675
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortInitialize] 6A8AFA4F
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortGetDeviceBase] 9A888D52
IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortDeviceStateChange] 83000000
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortCompleteRequest] 61642446
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortMoveMemory] 7E398F21
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 61902846
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B8F21
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75
IAT \SystemRoot\system32\DRIVERS\tdx.sys[TDI.SYS!TdiRegisterDeviceObject] [8B3CBFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\smb.sys[TDI.SYS!TdiRegisterDeviceObject] [8B3CBFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [8B3CBFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1240] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [04972300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1240] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [04971B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1240] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [04972690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1240] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [04971290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B47817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B9A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B4BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B3F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B3E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73B78395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73B4DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B3FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B3FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73BCCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73B6C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B3D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B36853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B3687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B42AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2580] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2580] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2580] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2580] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 87989C88
Device \FileSystem\Ntfs \Ntfs 861231F8
Device \Driver\volmgr \Device\VolMgrControl 8611E1F8
Device \Driver\PCI_PNP9207 \Device\00000050 sphh.sys
Device \Driver\usbuhci \Device\USBPDO-0 87AE61F8
Device \Driver\usbuhci \Device\USBPDO-1 87AE61F8
Device \Driver\usbehci \Device\USBPDO-2 879B01F8
Device \Driver\usbuhci \Device\USBPDO-3 87AE61F8
Device \Driver\usbuhci \Device\USBPDO-4 87AE61F8

AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)

Device \Driver\usbuhci \Device\USBPDO-5 87AE61F8
Device \Driver\usbehci \Device\USBPDO-6 879B01F8
Device \Driver\volmgr \Device\HarddiskVolume1 8611E1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8611E1F8
Device \Driver\cdrom \Device\CdRom0 87BD31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 861211F8
Device \Driver\iaStor \Device\Ide\iaStor0 [836458E0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 861211F8
Device \Driver\atapi \Device\Ide\IdePort1 861211F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [836458E0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\cdrom \Device\CdRom1 87BD31F8
Device \Driver\volmgr \Device\HarddiskVolume3 8611E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{F742E631-4011-4928-917C-C2918E69C625} 8859B500
Device \Driver\cdrom \Device\CdRom2 87BD31F8
Device \Driver\cdrom \Device\CdRom3 87BD31F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8859B500
Device \Driver\Smb \Device\NetbiosSmb 885AE1F8
Device \Driver\iScsiPrt \Device\RaidPort0 87BA42A0
Device \Driver\PCI_PNP9207 \Device\0000004f sphh.sys
Device \Driver\sptd \Device\1642957220 sphh.sys
Device \Driver\usbuhci \Device\USBFDO-0 87AE61F8
Device \Driver\usbuhci \Device\USBFDO-1 87AE61F8
Device \Driver\usbehci \Device\USBFDO-2 879B01F8
Device \Driver\usbuhci \Device\USBFDO-3 87AE61F8
Device \Driver\usbuhci \Device\USBFDO-4 87AE61F8
Device \Driver\usbuhci \Device\USBFDO-5 87AE61F8
Device \Driver\usbehci \Device\USBFDO-6 879B01F8
Device \Driver\sptd \Device\1643113221 sphh.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{384B93C8-339C-4254-A486-144F63A04BFF} 8859B500
Device \Driver\VClone \Device\Scsi\VClone1 87C951F8
Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target2Lun0 87C951F8
Device \Driver\a4ct0sol \Device\Scsi\a4ct0sol1 87BD21F8
Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target1Lun0 87C951F8
Device \Driver\aqp3u5ww \Device\Scsi\aqp3u5ww1 87BE71F8
Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target0Lun0 87C951F8
Device \FileSystem\cdfs \Cdfs 8818C1F8

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] cwezora <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\cwezora@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\cwezora@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\cwezora@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\cwezora@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x09 0xEA 0x99 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE8 0x15 0xF7 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0x51 0xB0 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8C 0x8A 0xA7 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x36 0x5F 0xE3 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x36 0x5F 0xE3 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x36 0x5F 0xE3 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cwezora@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\cwezora@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\cwezora@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\cwezora@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x09 0xEA 0x99 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE8 0x15 0xF7 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0x51 0xB0 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8C 0x8A 0xA7 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x36 0x5F 0xE3 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x36 0x5F 0xE3 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x36 0x5F 0xE3 0xB2 ...

---- EOF - GMER 1.0.15 ----



Ist das überhaupt der Grund der Mailsperre oder liegts doch an was anderem?

Was ich nun tun muss, weiß ich allerdings nicht mehr.. Hoffe mir kann jemand helfen den Virus wegzukriegen...
Vielen dank im voraus
Andy

 

Themen zu Telekom Abuse - Mailversandsperre - Malware(?) gefunden
.dll, 0 bytes, abuse team, acer, antivir, antivirus, boot, cdrom, controlset002, datei, down, explorer, explorer.exe, free, gmer, hal.dll, i8042prt.sys, iastor.sys, ieframe.dll, iexplore.exe, internet, internet explorer, local\temp, malware, neu, notification, nvlddmkm.sys, registry, shell32.dll, spam, system, system32, tcp, telekom abuse team, temp, usbport.sys, windows


« TR/Agent. RUO. 3 | Rootkit auf meinem PC - Browser öffnet nicht, AntiVir findet nichts(!) »


Ähnliche Themen: Telekom Abuse - Mailversandsperre - Malware(?) gefunden


  1. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  2. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  3. Telekom Abuse-Meldung Bedep
    Log-Analyse und Auswertung - 15.06.2015 (15)
  4. Sicherheitswarnung Telekom Abuse Team
    Log-Analyse und Auswertung - 10.02.2015 (13)
  5. urlzone2 Infektion Meldung von abuse telekom
    Log-Analyse und Auswertung - 31.10.2014 (9)
  6. Windows 7- Telekom Abuse schreibt Brief mit Spamhinweis
    Log-Analyse und Auswertung - 13.09.2013 (17)
  7. Telekom Abuse Brief
    Log-Analyse und Auswertung - 09.09.2013 (19)
  8. Telekom schickt abuse Brief (Sinkhole)
    Log-Analyse und Auswertung - 06.07.2013 (36)
  9. Spam Verdacht Telekom Abuse
    Log-Analyse und Auswertung - 25.06.2013 (6)
  10. Telekom Abuse
    Log-Analyse und Auswertung - 12.03.2013 (20)
  11. Trojan.ZBot.SXGen nach E-Mail von abuse-telekom gefunden! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (4)
  12. Telekom Brief Abuse bzgl. Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (12)
  13. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  14. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)
  15. telekom Abuse Meldung malware
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (9)
  16. Telekom Abuse: Spamversand
    Log-Analyse und Auswertung - 23.07.2012 (1)
  17. Telekom Abuse Meldung: Rootkit
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (14)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Telekom Abuse - Mailversandsperre - Malware(?) gefunden - Hallo, bin neu hier, kenne mich nicht so gut aus mit dem ganzem Kram hier, hoffe ich mache alles richtig.. Habe vom Deutsche Telekom Abuse Team eine Mailversandsperre gekriegt, da - Telekom Abuse - Mailversandsperre - Malware(?) gefunden...
Archiv
Du betrachtest: Telekom Abuse - Mailversandsperre - Malware(?) gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19