Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mailbot? - jemand scheint SPAM in meinem Namen zu senden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.06.2013, 14:41   #1
Jollepisch
 
Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Unglücklich

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



Hallo,

seit einiger Zeit erhalte ich regelmäßig folgende E-Mails:

Zitat:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"Meine Mailadresse":
SMTP error from remote server after transfer of mail text:
host: mx.freenet.de
spam message rejected by 3.mx.freenet.de


--- The header of the original message is following. ---

Received: from s2024.nxs.nl ([217.148.85.35]) by mx-ha.web.de (mxweb001) with
ESMTP (Nemesis) id 0LkwPl-1U7WAA3P0v-00aqTp for <Meine Mailadresse">; Fri,
31 May 2013 03:12:27 +0200
Received: by s2024.nxs.nl (Postfix, from userid 1)
id 7FC8C3160A9; Thu, 30 May 2013 17:45:55 +0200 (CEST)
To: sportgemeinschaft92@web.de
Subject: Aktualisieren Sie Ihre Zahlungsinformationen !
X-PHP-Originating-Script: 1:zabiididididididididiididid.php(2) : eval()'d code
MIME-Version: 1.0

Content-type: text/html; charset=iso-8859-1

From: Paypal-Konto <Servics@Paypal.de>

Message-Id: <20130530154555.7FC8C3160A9@s2024.nxs.nl>
Date: Thu, 30 May 2013 17:45:55 +0200 (CEST)
oder

Zitat:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"Meine Mailadresse":
SMTP error from remote server after transfer of mail text:
host: mx.freenet.de
spam message rejected by 18.mx.freenet.de


--- The header of the original message is following. ---

Received: from 61-20-226-191.adsl.fetnet.net ([61.20.226.191]) by mx-ha.web.de
(mxweb007) with ESMTP (Nemesis) id 0LvVMB-1UH2Er2yOp-010Xc0 for
<Meine Mailadresse>; Thu, 30 May 2013 09:05:38 +0200
Date: Thu, 30 May 2013 00:05:38 -0700
From: Ruby Palace <no-reply@fetnet.net>
To: <sportgemeinschaft92@web.de>
Cc: <manipa@web.de>,
<walther.uwe@web.de>,
<bajak@web.de>
Subject: Der perfekte Willkommens-Bonus erwartet Sie jetzt im Ruby Palace
Message-ID: <8260841654235556.344583076625066833@fetnet.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Dabei kenne ich jedoch nur die Adresse sportgemeinschaft92@web.de.

Ich habe vor zwei Wochen meine Kennwörter geändert und dachte damit hat der Spuk ein Ende. Dies war jedoch nicht der Fall.

Seltsam ist auch, dass ich diese Mails erhalte, nachdem ich mehrer Tage den PC nicht eingeschaltet habe. Daraus schließe ich, dass ein Mailbot auf meinem PC nicht die Ursache sein, oder?

Alt 03.06.2013, 14:47   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



Hi,

von wo haste die PW geändert?
__________________

__________________

Alt 03.06.2013, 15:35   #3
Jollepisch
 
Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



Von meinem iPad. Hatte ich extra nicht am PC gemacht.
__________________

Alt 03.06.2013, 17:01   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



Mach das mal am PC:

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2013, 08:15   #5
Jollepisch
 
Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



ok, werde ich spätestens morgen Abend machen.


Alt 04.06.2013, 09:29   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



ok.
__________________
--> Mailbot? - jemand scheint SPAM in meinem Namen zu senden

Alt 05.06.2013, 08:29   #7
Jollepisch
 
Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



Hallo Schrauber,

ich habe nun gestern um 21:46 wieder solch eine Mail erhalten. Absender ist immer keineantwortadresse@web.de. Ich sehe es ja richtig, dass die Mails über Freenet an Web.de-Mailadressen geschickt werden, oder?

Ich war am Montag und Dienstag lediglich mit meinem iPhone und meinem Firmen PC online und habe auf dem iPhone Mail abgerufen und auf meinem Firmen PC mich ins Freenetportal eingewählt.

Ich werde jetzt sofort nochmal mein Kennwort bei Freenet vom iPhone ändern und heute Abend an meinen privaten PC die von dir vorgeschlagenen Schritte durchführen.

Gruß
Jollepisch

Alt 05.06.2013, 10:00   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



Ändere das PW von einem fremden Rechner.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.06.2013, 17:02   #9
Jollepisch
 
Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.06.2013 17:48:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\<Username>\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1022,72 Mb Total Physical Memory | 258,48 Mb Available Physical Memory | 25,27% Memory free
2,40 Gb Paging File | 1,75 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 15,26 Gb Free Space | 44,63% Space Free | Partition Type: NTFS
Drive D: | 7,45 Gb Total Space | 6,85 Gb Free Space | 91,89% Space Free | Partition Type: FAT32
Drive E: | 14,65 Gb Total Space | 11,42 Gb Free Space | 77,96% Space Free | Partition Type: NTFS
Drive F: | 70,92 Gb Total Space | 67,26 Gb Free Space | 94,83% Space Free | Partition Type: NTFS
Drive H: | 97,65 Gb Total Space | 33,71 Gb Free Space | 34,52% Space Free | Partition Type: NTFS
Drive M: | 97,65 Gb Total Space | 57,66 Gb Free Space | 59,04% Space Free | Partition Type: NTFS
Drive N: | 241,16 Gb Total Space | 240,79 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive P: | 29,29 Gb Total Space | 29,19 Gb Free Space | 99,66% Space Free | Partition Type: NTFS
Drive S: | 29,29 Gb Total Space | 29,19 Gb Free Space | 99,66% Space Free | Partition Type: NTFS
 
Computer Name: --- | User Name: ---| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\<Username>\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Programme\Internet\Opera\opera.exe (Opera Software)
PRC - C:\Documents and Settings\<Username>\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - E:\Programme\Sicherheit\Avast\AvastUI.exe (AVAST Software)
PRC - E:\Programme\Sicherheit\Avast\AvastSvc.exe (AVAST Software)
PRC - E:\Programme\Musik\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
PRC - E:\Programme\Musik\Streamripper\wstreamripper.exe ()
PRC - E:\Programme\Sicherheit\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\winamp.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\vis_milk2.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\vis_avs.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_pmp.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_wifi.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_ipod.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ombrowser.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_android.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\out_ds.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_wire.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_usb.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_transcode.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\vis_nsfs.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\out_wave.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\tagz.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\out_disk.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_rg.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_activesync.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\winampa.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_p4s.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\pmp_njb.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\playlist.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_local.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_disc.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_jumpex_original.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_jumpex.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_plg.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_classicart.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_mp3.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_ff.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_ml.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_midi.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_mod.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_wm.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_play_remove.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_online.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_cdda.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_playlists.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_nsv.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_skinmanager.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_hotkeys.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_vorbis.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_undo.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_timerestore.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_downloads.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_nopro.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_history.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_devices.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_tray.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_orgler.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_crasher.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_autotag.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_wav.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_dshow.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_wave.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_flac.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_impex.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_bookmarks.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_mp4.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_avi.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_enqplay.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_wv.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_mkv.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_orb.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\gen_find_on_disk.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_nowplaying.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\ml_addons.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_swf.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_linein.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\in_flv.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\burnlib.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\dsp_sps.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\auth.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\enc_fhgaac.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\enc_wma.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\enc_lame.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\enc_wav.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\enc_vorbis.lng ()
MOD - C:\Documents and Settings\<Username>\Local Settings\Temp\WLZB737.tmp\enc_flac.lng ()
MOD - E:\Programme\Sicherheit\Avast\defs\13060501\algo.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\gstreamer.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - E:\Programme\Internet\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - E:\Programme\Musik\Winamp\System\jpeg.w5s ()
MOD - E:\Programme\Musik\Winamp\System\xml.w5s ()
MOD - E:\Programme\Musik\Winamp\System\png.w5s ()
MOD - E:\Programme\Musik\Winamp\System\playlist.w5s ()
MOD - E:\Programme\Musik\Winamp\tataki.dll ()
MOD - E:\Programme\Musik\Winamp\zlib.dll ()
MOD - E:\Programme\Musik\Winamp\System\timer.w5s ()
MOD - E:\Programme\Musik\Winamp\System\tagz.w5s ()
MOD - E:\Programme\Musik\Winamp\System\primo.w5s ()
MOD - E:\Programme\Musik\Winamp\System\jnetlib.w5s ()
MOD - E:\Programme\Musik\Winamp\System\auth.w5s ()
MOD - E:\Programme\Musik\Winamp\Plugins\pmp_wifi.dll ()
MOD - E:\Programme\Musik\Winamp\System\devices.w5s ()
MOD - E:\Programme\Musik\Winamp\System\albumart.w5s ()
MOD - E:\Programme\Musik\Winamp\System\gif.w5s ()
MOD - E:\Programme\Musik\Winamp\System\bmp.w5s ()
MOD - E:\Programme\Musik\Winamp\System\dlmgr.w5s ()
MOD - E:\Programme\Musik\Winamp\System\gracenote.w5s ()
MOD - E:\Programme\Musik\Winamp\System\filereader.w5s ()
MOD - E:\Programme\Musik\Winamp\Plugins\pmp_ipod.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\pmp_p4s.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\pmp_android.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\pmp_usb.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\pmp_njb.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\out_wave.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\out_ds.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_transcode.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\out_disk.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_pmp.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_plg.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_rg.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_local.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_playlists.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_impex.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_history.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_wm.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_devices.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_disc.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_bookmarks.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\ml_autotag.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_wave.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_mp3.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_vorbis.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_mod.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_midi.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_cdda.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_nsv.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_dshow.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_avi.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_flac.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_mp4.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_mkv.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_flv.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\in_swf.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\gen_ff.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\freeform\wacs\freetype\freetype.wac ()
MOD - E:\Programme\Musik\Winamp\Plugins\gen_ml.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\gen_jumpex.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\gen_hotkeys.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\gen_tray.dll ()
MOD - E:\Programme\Musik\Winamp\nsutil.dll ()
MOD - E:\Programme\Musik\Winamp\nde.dll ()
MOD - E:\Programme\Musik\Winamp\libsndfile.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - E:\Programme\Musik\Streamripper\wstreamripper.exe ()
MOD - E:\Programme\Musik\Streamripper\streamripper.dll ()
MOD - E:\Programme\Musik\Winamp\Plugins\gen_sripper.dll ()
MOD - E:\Programme\Musik\Streamripper\zlib1.dll ()
MOD - E:\Programme\Musik\Streamripper\libintl-8.dll ()
MOD - E:\Programme\Musik\Streamripper\libiconv-2.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\Hama\Common\acAuth.dll ()
MOD - E:\Programme\Musik\Streamripper\ogg.dll ()
MOD - E:\Programme\Musik\Streamripper\vorbis.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- E:\Programme\Sicherheit\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (wsnm_usbctrl) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe (VMware, Inc.)
SRV - (wsnm) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (vmwvusb) -- C:\WINDOWS\system32\drivers\vmwvusb.sys (VMware, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yukonwxp.sys (Marvell Semiconductor Inc.)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM GmbH)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\Multimedia\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2013.04.29 21:14:19 | 000,447,199 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	???,????,????cr67com,????,??????,?????112scg,tt???8bc8,?????
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com - Informationen zum Thema 10sek.
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15358 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Sicherheit\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Programme\Sicherheit\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Programme\Sicherheit\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] E:\Programme\Sicherheit\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Programme\Sicherheit\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_7_700_169_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk = C:\Program Files\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
O4 - Startup: C:\Documents and Settings\<Username>\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\<Username>\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Sicherheit\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1364316029000 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29326270-2E47-4B02-BF33-A197A2AD039B}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\<Username>\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\<Username>\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Security Packages - (wsauth) - C:\WINDOWS\System32\wsauth.dll (VMware, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.22 18:56:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{105b8f16-7841-11e1-9286-404e57434431}\Shell\AutoRun\command - "" = D:\urDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.05 17:47:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\<Username>\Desktop\OTL.exe
[2013.05.15 20:12:50 | 000,000,000 | ---D | C] -- H:\PersBackup
[2013.05.15 20:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\<Username>\Application Data\PersBackup5
[2013.05.15 20:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Personal Backup
[2013.05.15 20:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Personal Backup 5
[2013.05.15 20:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\<Username>\Application Data\FreeFileSync
[2013.05.15 20:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileSync
[2013.05.15 20:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileSync
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.05 17:47:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\<Username>\Desktop\OTL.exe
[2013.06.05 17:27:48 | 000,000,348 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.06.05 17:25:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.06.05 17:25:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.06.05 17:25:36 | 1072,472,064 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.15 20:49:19 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\<Username>\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.13 20:10:38 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\<Username>\Desktop\Shortcut to Musik (M).lnk
[2013.05.13 20:09:46 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\<Username>\Desktop\Shortcut to Bilder.lnk
[2013.05.06 19:32:27 | 000,407,916 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.06 19:32:27 | 000,055,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.13 20:10:38 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\<Username>\Desktop\Shortcut to Musik (M).lnk
[2013.05.13 20:09:46 | 000,000,370 | ---- | C] () -- C:\Documents and Settings\<Username>\Desktop\Shortcut to Bilder.lnk
[2013.05.06 19:54:12 | 000,232,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-861567501-1450960922-1177238915-1003-0.dat
[2013.05.04 01:21:58 | 000,232,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013.03.09 11:52:52 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.09 11:52:51 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012.08.16 18:11:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.08.02 05:52:53 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\<Username>\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.31 06:13:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.31 05:58:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.07.30 22:29:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.07.30 22:26:55 | 000,255,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.30 22:20:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 19:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 19:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.06.2013 17:48:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\<Username>\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1022,72 Mb Total Physical Memory | 258,48 Mb Available Physical Memory | 25,27% Memory free
2,40 Gb Paging File | 1,75 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 15,26 Gb Free Space | 44,63% Space Free | Partition Type: NTFS
Drive D: | 7,45 Gb Total Space | 6,85 Gb Free Space | 91,89% Space Free | Partition Type: FAT32
Drive E: | 14,65 Gb Total Space | 11,42 Gb Free Space | 77,96% Space Free | Partition Type: NTFS
Drive F: | 70,92 Gb Total Space | 67,26 Gb Free Space | 94,83% Space Free | Partition Type: NTFS
Drive H: | 97,65 Gb Total Space | 33,71 Gb Free Space | 34,52% Space Free | Partition Type: NTFS
Drive M: | 97,65 Gb Total Space | 57,66 Gb Free Space | 59,04% Space Free | Partition Type: NTFS
Drive N: | 241,16 Gb Total Space | 240,79 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive P: | 29,29 Gb Total Space | 29,19 Gb Free Space | 99,66% Space Free | Partition Type: NTFS
Drive S: | 29,29 Gb Total Space | 29,19 Gb Free Space | 99,66% Space Free | Partition Type: NTFS
 
Computer Name: --- | User Name: --- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- E:\Programme\Internet\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- E:\Programme\Internet\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "E:\Programme\Internet\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "E:\Programme\Internet\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
"C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Programme\Internet\Opera\pluginwrapper\opera_plugin_wrapper.exe" = E:\Programme\Internet\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"E:\Programme\Internet\Opera\opera.exe" = E:\Programme\Internet\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"E:\Programme\Multimedia\iTunes\iTunes.exe" = E:\Programme\Multimedia\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\<Username>\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\<Username>\Application Data\Dropbox\bin\Dropbox.exe:*:Disabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
"C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"E:\Programme\Internet\TeamViewer\Version7\TeamViewer.exe" = E:\Programme\Internet\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"E:\Programme\Internet\TeamViewer\Version7\TeamViewer_Service.exe" = E:\Programme\Internet\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{19D6BEBB-18F9-45CC-A7B7-41F8C602105E}" = VMware View Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Hama Wireless LAN Adapter
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"Free Studio_is1" = Free Studio version 2013
"FreeFileSync" = FreeFileSync v3.11
"Freemake Video Converter_is1" = Freemake Video Converter Version 4.0.1
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Opera 12.15.1748" = Opera 12.15
"Personal Backup 5_is1" = Personal Backup 5.3
"Streamripper" = Streamripper (Remove only)
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.08.2012 17:48:03 | Computer Name = --- | Source = ESENT | ID = 481
Description = wuauclt (2184) An attempt to read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
 at offset 4276224 (0x0000000000414000) for 40960 (0x0000a000) bytes failed with
 system error 23 (0x00000017): "Data error (cyclic redundancy check). ".  The read
 operation will fail with error -1022 (0xfffffc02).  If this error persists then
 the file may be damaged and may need to be restored from a previous backup.
 
Error - 05.09.2012 14:12:16 | Computer Name = --- | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
 address 0x0000bc2c.
 
Error - 05.10.2012 11:27:56 | Computer Name = --- | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
 address 0x0000bc2c.
 
Error - 09.11.2012 12:43:20 | Computer Name = --- | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
 address 0x0000bc2c.
 
Error - 22.11.2012 14:48:54 | Computer Name = --- | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
 address 0x0000bc2c.
 
Error - 04.12.2012 13:30:05 | Computer Name = --- | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
 address 0x0000bc2c.
 
Error - 11.03.2013 16:47:43 | Computer Name = --- | Source = Application Hang | ID = 1002
Description = Hanging application AwesomePhotoFinder.exe, version 1.1.0.0, hang 
module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 12.03.2013 17:55:25 | Computer Name = --- | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 25.03.2013 13:55:43 | Computer Name = --- | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
Error - 02.04.2013 13:46:50 | Computer Name = --- | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
 faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
 address 0x0000bc2c.
 
[ OSession Events ]
Error - 05.09.2012 14:12:04 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3662
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2012 11:27:52 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1825
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 09.11.2012 12:43:11 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1841
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 22.11.2012 14:48:48 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3646
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 04.12.2012 13:30:00 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1842
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 02.04.2013 13:46:43 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3647
 seconds with 540 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.05.2013 08:55:32 | Computer Name = --- | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 19.05.2013 06:20:42 | Computer Name = --- | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 21.05.2013 11:43:22 | Computer Name = --- | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 21.05.2013 12:06:46 | Computer Name = --- | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 21.05.2013 12:07:11 | Computer Name = --- | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 27.05.2013 13:42:52 | Computer Name = --- | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 27.05.2013 14:20:38 | Computer Name = --- | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 27.05.2013 14:20:53 | Computer Name = --- | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 28.05.2013 13:57:07 | Computer Name = --- | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 05.06.2013 11:26:22 | Computer Name = --- | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
 
< End of report >
         
--- --- ---

Update: Die E-Mails werden alle an die Adresse sportgemeinschaft92@web.de gesendet. Absender ist jedes Mal keineantwortadresse@web.de.

Und jedes Mal wird der Spam von Freenet rejected.

Geändert von Jollepisch (05.06.2013 um 17:12 Uhr)

Alt 05.06.2013, 19:48   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



Immer noch?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.06.2013, 09:40   #11
Jollepisch
 
Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



Bisher kamen keine Mails mehr an.

Ich vermute, dass ich einen Rechner habe, wo was drauf ist. Kannst du mir ein paar Programme empfehlen, um nach Mailbots usw. zu suchen?

Alt 07.06.2013, 11:25   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



Wieviele Rechner könnten denn betroffen sein? Wir müssten jeden einzelnen von Hand checken.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.06.2013, 14:08   #13
Jollepisch
 
Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



Aktuell gehe ich von einem aus. Es könnten aber auch zwei sein. Daher sopllten wir zwei checken.

Alt 07.06.2013, 14:58   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



ISt einer davon der von dem Thread?
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
    Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die End Nutzer Lizenz.
    Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls was schief geht.
    Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.


Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.06.2013, 13:53   #15
Jollepisch
 
Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Standard

Mailbot? - jemand scheint SPAM in meinem Namen zu senden



Ja, einer ist der schon hier gepostete. Dort werde ich Combofix ausführen.

Bei dem zweiten auch schon?

Soeben habe ich gesehen, dass ich heute um 12:21 Uhr wieder solche eine E-Mail bekommen habe. Das Kennwort hatte ich ja an einem sauberen PC geändert.

Eine Idee, wie das sein kann?

Antwort

Themen zu Mailbot? - jemand scheint SPAM in meinem Namen zu senden
aktualisieren, charset, einiger, erhalte, fix, folge, folgende, geändert, kennwörter, mail delivery, mailadresse, mailbot, message, namen, nemesis, not, perfekte, remote, schei, schließe, senden, server, spam, spam-mail, this, transfer, ungewollte e-mails, woche, wochen, wörter



Ähnliche Themen: Mailbot? - jemand scheint SPAM in meinem Namen zu senden


  1. 1&1 Email Adressen senden Spam
    Überwachung, Datenschutz und Spam - 27.04.2016 (38)
  2. Malware? SPAM-Mails in meinem Namen an meine Kontakte
    Log-Analyse und Auswertung - 28.09.2015 (10)
  3. Spam-Versand unter meinem Namen - aber nicht über mein Account!
    Plagegeister aller Art und deren Bekämpfung - 25.08.2015 (24)
  4. Spam-Versand unter meinem Namen - aber nicht über mein Account!
    Plagegeister aller Art und deren Bekämpfung - 24.08.2015 (1)
  5. AOL Mail: Spam-Mails in meinem Namen (andere Mailadresse) an komplettes Adressbuch
    Log-Analyse und Auswertung - 11.04.2015 (19)
  6. Spam Mails in meinem Namen von anderen Seiten
    Plagegeister aller Art und deren Bekämpfung - 20.02.2015 (1)
  7. AOL Account sendet Spam-Mails in meinem Namen, Malware gefunden, nicht zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.04.2014 (5)
  8. E-Mail Konto bei Telekom verschickt in meinem Namen Spam Nachrichten.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (11)
  9. GMX versendet Spam-E-Mails unter meinen Namen an Leute aus meinem Adressbuch!
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (11)
  10. MS Exchange Server: Mail-Konten senden SPAM-Mails an sich selbst
    Überwachung, Datenschutz und Spam - 21.08.2012 (13)
  11. GMX verschickt spam links in meinem Namen
    Log-Analyse und Auswertung - 14.08.2012 (1)
  12. GMX verschickt spam links in meinem Namen (unter flascher Adresse)
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (0)
  13. Von GMX-Account wurde Spam ans Adressbuch versandt; Rechner scheint aber virenfrei
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  14. Hotmail (MSN) versendet SPAM-Mails in meinem Namen
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (1)
  15. Spam mails in meinem namen. Windows Live mail
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (2)
  16. Spam Emails werden in meinem Namen verschickt.
    Log-Analyse und Auswertung - 31.05.2009 (5)
  17. Wer verschickt Mails in meinem Namen, und wie???
    Plagegeister aller Art und deren Bekämpfung - 30.04.2005 (3)

Zum Thema Mailbot? - jemand scheint SPAM in meinem Namen zu senden - Hallo, seit einiger Zeit erhalte ich regelmäßig folgende E-Mails: Zitat: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one - Mailbot? - jemand scheint SPAM in meinem Namen zu senden...
Archiv
Du betrachtest: Mailbot? - jemand scheint SPAM in meinem Namen zu senden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.