Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mailbot? - jemand scheint SPAM in meinem Namen zu senden (https://www.trojaner-board.de/135978-mailbot-jemand-scheint-spam-meinem-namen-senden.html)

Jollepisch 03.06.2013 14:41
Mailbot? - jemand scheint SPAM in meinem Namen zu senden
 
Hallo,

seit einiger Zeit erhalte ich regelmäßig folgende E-Mails:

Zitat:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"Meine Mailadresse":
SMTP error from remote server after transfer of mail text:
host: mx.freenet.de
spam message rejected by 3.mx.freenet.de


--- The header of the original message is following. ---

Received: from s2024.nxs.nl ([217.148.85.35]) by mx-ha.web.de (mxweb001) with
ESMTP (Nemesis) id 0LkwPl-1U7WAA3P0v-00aqTp for <Meine Mailadresse">; Fri,
31 May 2013 03:12:27 +0200
Received: by s2024.nxs.nl (Postfix, from userid 1)
id 7FC8C3160A9; Thu, 30 May 2013 17:45:55 +0200 (CEST)
To: sportgemeinschaft92@web.de
Subject: Aktualisieren Sie Ihre Zahlungsinformationen !
X-PHP-Originating-Script: 1:zabiididididididididiididid.php(2) : eval()'d code
MIME-Version: 1.0

Content-type: text/html; charset=iso-8859-1

From: Paypal-Konto <Servics@Paypal.de>

Message-Id: <20130530154555.7FC8C3160A9@s2024.nxs.nl>
Date: Thu, 30 May 2013 17:45:55 +0200 (CEST)
oder

Zitat:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"Meine Mailadresse":
SMTP error from remote server after transfer of mail text:
host: mx.freenet.de
spam message rejected by 18.mx.freenet.de


--- The header of the original message is following. ---

Received: from 61-20-226-191.adsl.fetnet.net ([61.20.226.191]) by mx-ha.web.de
(mxweb007) with ESMTP (Nemesis) id 0LvVMB-1UH2Er2yOp-010Xc0 for
<Meine Mailadresse>; Thu, 30 May 2013 09:05:38 +0200
Date: Thu, 30 May 2013 00:05:38 -0700
From: Ruby Palace <no-reply@fetnet.net>
To: <sportgemeinschaft92@web.de>
Cc: <manipa@web.de>,
<walther.uwe@web.de>,
<bajak@web.de>
Subject: Der perfekte Willkommens-Bonus erwartet Sie jetzt im Ruby Palace
Message-ID: <8260841654235556.344583076625066833@fetnet.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Dabei kenne ich jedoch nur die Adresse sportgemeinschaft92@web.de.

Ich habe vor zwei Wochen meine Kennwörter geändert und dachte damit hat der Spuk ein Ende. Dies war jedoch nicht der Fall.

Seltsam ist auch, dass ich diese Mails erhalte, nachdem ich mehrer Tage den PC nicht eingeschaltet habe. Daraus schließe ich, dass ein Mailbot auf meinem PC nicht die Ursache sein, oder?

schrauber 03.06.2013 14:47
Hi,

von wo haste die PW geändert?

Jollepisch 03.06.2013 15:35
Von meinem iPad. Hatte ich extra nicht am PC gemacht.

schrauber 03.06.2013 17:01
Mach das mal am PC:

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Jollepisch 04.06.2013 08:15
ok, werde ich spätestens morgen Abend machen.

schrauber 04.06.2013 09:29
ok.

Jollepisch 05.06.2013 08:29
Hallo Schrauber,

ich habe nun gestern um 21:46 wieder solch eine Mail erhalten. Absender ist immer keineantwortadresse@web.de. Ich sehe es ja richtig, dass die Mails über Freenet an Web.de-Mailadressen geschickt werden, oder?

Ich war am Montag und Dienstag lediglich mit meinem iPhone und meinem Firmen PC online und habe auf dem iPhone Mail abgerufen und auf meinem Firmen PC mich ins Freenetportal eingewählt.

Ich werde jetzt sofort nochmal mein Kennwort bei Freenet vom iPhone ändern und heute Abend an meinen privaten PC die von dir vorgeschlagenen Schritte durchführen.

Gruß
Jollepisch

schrauber 05.06.2013 10:00
Ändere das PW von einem fremden Rechner.

Jollepisch 05.06.2013 17:02
OTL.txt:
OTL Logfile:
Code:
OTL logfile created on: 05.06.2013 17:48:07 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Documents and Settings\<Username>\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1022,72 Mb Total Physical Memory | 258,48 Mb Available Physical Memory | 25,27% Memory free
2,40 Gb Paging File | 1,75 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 15,26 Gb Free Space | 44,63% Space Free | Partition Type: NTFS
Drive D: | 7,45 Gb Total Space | 6,85 Gb Free Space | 91,89% Space Free | Partition Type: FAT32
Drive E: | 14,65 Gb Total Space | 11,42 Gb Free Space | 77,96% Space Free | Partition Type: NTFS
Drive F: | 70,92 Gb Total Space | 67,26 Gb Free Space | 94,83% Space Free | Partition Type: NTFS
Drive H: | 97,65 Gb Total Space | 33,71 Gb Free Space | 34,52% Space Free | Partition Type: NTFS
Drive M: | 97,65 Gb Total Space | 57,66 Gb Free Space | 59,04% Space Free | Partition Type: NTFS
Drive N: | 241,16 Gb Total Space | 240,79 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive P: | 29,29 Gb Total Space | 29,19 Gb Free Space | 99,66% Space Free | Partition Type: NTFS
Drive S: | 29,29 Gb Total Space | 29,19 Gb Free Space | 99,66% Space Free | Partition Type: NTFS
 
Computer Name: --- | User Name: ---| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\<Username>\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Programme\Internet\Opera\opera.exe (Opera Software)
PRC - C:\Documents and Settings\<Username>\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - E:\Programme\Sicherheit\Avast\AvastUI.exe (AVAST Software)
PRC - E:\Programme\Sicherheit\Avast\AvastSvc.exe (AVAST Software)
PRC - E:\Programme\Musik\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
PRC - E:\Programme\Musik\Streamripper\wstreamripper.exe ()
PRC - E:\Programme\Sicherheit\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\winamp.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\vis_milk2.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\vis_avs.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_pmp.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_wifi.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_ipod.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ombrowser.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_android.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\out_ds.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_wire.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_usb.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_transcode.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\vis_nsfs.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\out_wave.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\tagz.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\out_disk.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_rg.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_activesync.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\winampa.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_p4s.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_njb.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\playlist.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_local.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_disc.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_jumpex_original.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_jumpex.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_plg.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_classicart.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_mp3.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_ff.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_ml.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_midi.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_mod.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_wm.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_play_remove.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_online.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_cdda.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_playlists.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_nsv.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_skinmanager.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_hotkeys.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_vorbis.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_undo.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_timerestore.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_downloads.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_nopro.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_history.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_devices.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_tray.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_orgler.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_crasher.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_autotag.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_wav.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_dshow.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_wave.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_flac.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_impex.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_bookmarks.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_mp4.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_avi.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_enqplay.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_wv.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_mkv.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_orb.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_find_on_disk.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_nowplaying.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_addons.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_swf.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_linein.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_flv.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\burnlib.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\dsp_sps.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\auth.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\enc_fhgaac.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\enc_wma.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\enc_lame.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\enc_wav.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\enc_vorbis.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\enc_flac.lng ()
MOD - E:\Programme\Sicherheit\Avast\defs\13060501\algo.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\gstreamer.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - E:\Programme\Musik\Winamp\System\jpeg.w5s ()
MOD - E:\Programme\Musik\Winamp\System\xml.w5s ()
MOD - E:\Programme\Musik\Winamp\System\png.w5s ()
MOD - E:\Programme\Musik\Winamp\System\playlist.w5s ()
MOD - E:\Programme\Musik\Winamp\tataki.dll ()
MOD - E:\Programme\Musik\Winamp\zlib.dll ()
MOD - E:\Programme\Musik\Winamp\System\timer.w5s ()
MOD - E:\Programme\Musik\Winamp\System\tagz.w5s ()
MOD - E:\Programme\Musik\Winamp\System\primo.w5s ()
MOD - E:\Programme\Musik\Winamp\System\jnetlib.w5s ()
MOD - E:\Programme\Musik\Winamp\System\auth.w5s ()
MOD - E:\Programme\Musik\Winamp\Plugins\pmp_wifi.dll ()
MOD - E:\Programme\Musik\Winamp\System\devices.w5s ()
MOD - E:\Programme\Musik\Winamp\System\albumart.w5s ()
MOD - E:\Programme\Musik\Winamp\System\gif.w5s ()
MOD - E:\Programme\Musik\Winamp\System\bmp.w5s ()
MOD - E:\Programme\Musik\Winamp\System\dlmgr.w5s ()
MOD - E:\Programme\Musik\Winamp\System\gracenote.w5s ()
MOD - E:\Programme\Musik\Winamp\System\filereader.w5s ()
MOD - E:\Programme\Musik\Winamp\Plugins\pmp_ipod.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\pmp_p4s.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\pmp_android.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\pmp_usb.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\pmp_njb.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\out_wave.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\out_ds.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_transcode.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\out_disk.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_pmp.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_plg.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_rg.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_local.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_playlists.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_impex.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_history.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_wm.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_devices.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_disc.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_bookmarks.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_autotag.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_wave.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_mp3.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_vorbis.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_mod.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_midi.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_cdda.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_nsv.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_dshow.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_avi.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_flac.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_mp4.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_mkv.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_flv.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_swf.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\gen_ff.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\freeform\wacs\freetype\freetype.wac ()
MOD - E:\Programme\Musik\Winamp\Plugins\gen_ml.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\gen_jumpex.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\gen_hotkeys.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\gen_tray.dll ()
MOD - E:\Programme\Musik\Winamp\nsutil.dll ()
MOD - E:\Programme\Musik\Winamp\nde.dll ()
MOD - E:\Programme\Musik\Winamp\libsndfile.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - E:\Programme\Musik\Streamripper\wstreamripper.exe ()
MOD - E:\Programme\Musik\Streamripper\streamripper.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\gen_sripper.dll ()
MOD - E:\Programme\Musik\Streamripper\zlib1.dll ()
MOD - E:\Programme\Musik\Streamripper\libintl-8.dll ()
MOD - E:\Programme\Musik\Streamripper\libiconv-2.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\Hama\Common\acAuth.dll ()
MOD - E:\Programme\Musik\Streamripper\ogg.dll ()
MOD - E:\Programme\Musik\Streamripper\vorbis.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- E:\Programme\Sicherheit\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (wsnm_usbctrl) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
SRV - (wsnm) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (vmwvusb) -- C:\WINDOWS\system32\drivers\vmwvusb.sys (VMware, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yukonwxp.sys (Marvell Semiconductor Inc.)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM GmbH)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\Multimedia\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2013.04.29 21:14:19 | 000,447,199 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        ???,????,????cr67com,????,??????,?????112scg,tt???8bc8,?????
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        10sek.com - Informationen zum Thema 10sek.
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 15358 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Sicherheit\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Programme\Sicherheit\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Programme\Sicherheit\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] E:\Programme\Sicherheit\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Programme\Sicherheit\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_7_700_169_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk = C:\Program Files\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
O4 - Startup: C:\Documents and Settings\<Username>\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\<Username>\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Sicherheit\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1364316029000 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29326270-2E47-4B02-BF33-A197A2AD039B}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\<Username>\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\<Username>\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Security Packages - (wsauth) - C:\WINDOWS\System32\wsauth.dll (VMware, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.22 18:56:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{105b8f16-7841-11e1-9286-404e57434431}\Shell\AutoRun\command - "" = D:\urDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.05 17:47:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\<Username>\Desktop\OTL.exe
[2013.05.15 20:12:50 | 000,000,000 | ---D | C] -- H:\PersBackup
[2013.05.15 20:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\<Username>\Application Data\PersBackup5
[2013.05.15 20:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Personal Backup
[2013.05.15 20:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Personal Backup 5
[2013.05.15 20:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\<Username>\Application Data\FreeFileSync
[2013.05.15 20:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileSync
[2013.05.15 20:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileSync
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.05 17:47:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\<Username>\Desktop\OTL.exe
[2013.06.05 17:27:48 | 000,000,348 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.06.05 17:25:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.06.05 17:25:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.06.05 17:25:36 | 1072,472,064 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.15 20:49:19 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\<Username>\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.13 20:10:38 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\<Username>\Desktop\Shortcut to Musik (M).lnk
[2013.05.13 20:09:46 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\<Username>\Desktop\Shortcut to Bilder.lnk
[2013.05.06 19:32:27 | 000,407,916 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.06 19:32:27 | 000,055,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.13 20:10:38 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\<Username>\Desktop\Shortcut to Musik (M).lnk
[2013.05.13 20:09:46 | 000,000,370 | ---- | C] () -- C:\Documents and Settings\<Username>\Desktop\Shortcut to Bilder.lnk
[2013.05.06 19:54:12 | 000,232,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-861567501-1450960922-1177238915-1003-0.dat
[2013.05.04 01:21:58 | 000,232,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013.03.09 11:52:52 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.09 11:52:51 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012.08.16 18:11:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.08.02 05:52:53 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\<Username>\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.31 06:13:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.31 05:58:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.07.30 22:29:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.07.30 22:26:55 | 000,255,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.30 22:20:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 19:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 19:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


Extras.txt:
OTL Logfile:
Code:
OTL Extras logfile created on: 05.06.2013 17:48:07 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Documents and Settings\<Username>\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1022,72 Mb Total Physical Memory | 258,48 Mb Available Physical Memory | 25,27% Memory free
2,40 Gb Paging File | 1,75 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 15,26 Gb Free Space | 44,63% Space Free | Partition Type: NTFS
Drive D: | 7,45 Gb Total Space | 6,85 Gb Free Space | 91,89% Space Free | Partition Type: FAT32
Drive E: | 14,65 Gb Total Space | 11,42 Gb Free Space | 77,96% Space Free | Partition Type: NTFS
Drive F: | 70,92 Gb Total Space | 67,26 Gb Free Space | 94,83% Space Free | Partition Type: NTFS
Drive H: | 97,65 Gb Total Space | 33,71 Gb Free Space | 34,52% Space Free | Partition Type: NTFS
Drive M: | 97,65 Gb Total Space | 57,66 Gb Free Space | 59,04% Space Free | Partition Type: NTFS
Drive N: | 241,16 Gb Total Space | 240,79 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive P: | 29,29 Gb Total Space | 29,19 Gb Free Space | 99,66% Space Free | Partition Type: NTFS
Drive S: | 29,29 Gb Total Space | 29,19 Gb Free Space | 99,66% Space Free | Partition Type: NTFS
 
Computer Name: --- | User Name: --- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- E:\Programme\Internet\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- E:\Programme\Internet\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "E:\Programme\Internet\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "E:\Programme\Internet\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
"C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Programme\Internet\Opera\pluginwrapper\opera_plugin_wrapper.exe" = E:\Programme\Internet\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"E:\Programme\Internet\Opera\opera.exe" = E:\Programme\Internet\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"E:\Programme\Multimedia\iTunes\iTunes.exe" = E:\Programme\Multimedia\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\<Username>\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\<Username>\Application Data\Dropbox\bin\Dropbox.exe:*:Disabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
"C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"E:\Programme\Internet\TeamViewer\Version7\TeamViewer.exe" = E:\Programme\Internet\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"E:\Programme\Internet\TeamViewer\Version7\TeamViewer_Service.exe" = E:\Programme\Internet\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{19D6BEBB-18F9-45CC-A7B7-41F8C602105E}" = VMware View Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Hama Wireless LAN Adapter
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"Free Studio_is1" = Free Studio version 2013
"FreeFileSync" = FreeFileSync v3.11
"Freemake Video Converter_is1" = Freemake Video Converter Version 4.0.1
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Opera 12.15.1748" = Opera 12.15
"Personal Backup 5_is1" = Personal Backup 5.3
"Streamripper" = Streamripper (Remove only)
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.08.2012 17:48:03 | Computer Name = --- | Source = ESENT | ID = 481
Description = wuauclt (2184) An attempt to read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
 at offset 4276224 (0x0000000000414000) for 40960 (0x0000a000) bytes failed with
 system error 23 (0x00000017): "Data error (cyclic redundancy check). ".  The read
 operation will fail with error -1022 (0xfffffc02).  If this error persists then
 the file may be damaged and may need to be restored from a previous backup.
 
Error - 05.09.2012 14:12:16 | Computer Name = --- | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
 address 0x0000bc2c.
 
Error - 05.10.2012 11:27:56 | Computer Name = --- | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
 address 0x0000bc2c.
 
Error - 09.11.2012 12:43:20 | Computer Name = --- | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
 address 0x0000bc2c.
 
Error - 22.11.2012 14:48:54 | Computer Name = --- | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
 address 0x0000bc2c.
 
Error - 04.12.2012 13:30:05 | Computer Name = --- | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
 address 0x0000bc2c.
 
Error - 11.03.2013 16:47:43 | Computer Name = --- | Source = Application Hang | ID = 1002
Description = Hanging application AwesomePhotoFinder.exe, version 1.1.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 12.03.2013 17:55:25 | Computer Name = --- | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 25.03.2013 13:55:43 | Computer Name = --- | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
Error - 02.04.2013 13:46:50 | Computer Name = --- | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
 address 0x0000bc2c.
 
[ OSession Events ]
Error - 05.09.2012 14:12:04 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3662
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2012 11:27:52 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1825
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 09.11.2012 12:43:11 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1841
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 22.11.2012 14:48:48 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3646
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 04.12.2012 13:30:00 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1842
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 02.04.2013 13:46:43 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3647
 seconds with 540 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.05.2013 08:55:32 | Computer Name = --- | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:  %%1058
 
Error - 19.05.2013 06:20:42 | Computer Name = --- | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:  %%1058
 
Error - 21.05.2013 11:43:22 | Computer Name = --- | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:  %%1058
 
Error - 21.05.2013 12:06:46 | Computer Name = --- | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 21.05.2013 12:07:11 | Computer Name = --- | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 27.05.2013 13:42:52 | Computer Name = --- | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:  %%1058
 
Error - 27.05.2013 14:20:38 | Computer Name = --- | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 27.05.2013 14:20:53 | Computer Name = --- | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 28.05.2013 13:57:07 | Computer Name = --- | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:  %%1058
 
Error - 05.06.2013 11:26:22 | Computer Name = --- | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:  %%1058
 
 
< End of report >
--- --- ---

Update: Die E-Mails werden alle an die Adresse sportgemeinschaft92@web.de gesendet. Absender ist jedes Mal keineantwortadresse@web.de.

Und jedes Mal wird der Spam von Freenet rejected.

schrauber 05.06.2013 19:48
Immer noch?

Jollepisch 07.06.2013 09:40
Bisher kamen keine Mails mehr an.

Ich vermute, dass ich einen Rechner habe, wo was drauf ist. Kannst du mir ein paar Programme empfehlen, um nach Mailbots usw. zu suchen?

schrauber 07.06.2013 11:25
Wieviele Rechner könnten denn betroffen sein? Wir müssten jeden einzelnen von Hand checken.

Jollepisch 07.06.2013 14:08
Aktuell gehe ich von einem aus. Es könnten aber auch zwei sein. Daher sopllten wir zwei checken.

schrauber 07.06.2013 14:58
ISt einer davon der von dem Thread?
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
    Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die End Nutzer Lizenz.
    Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls was schief geht.
    Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.


Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Jollepisch 10.06.2013 13:53
Ja, einer ist der schon hier gepostete. Dort werde ich Combofix ausführen.

Bei dem zweiten auch schon?

Soeben habe ich gesehen, dass ich heute um 12:21 Uhr wieder solche eine E-Mail bekommen habe. Das Kennwort hatte ich ja an einem sauberen PC geändert.

Eine Idee, wie das sein kann?


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:49 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131