Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: computer versendet spams (antivirus meldet trojaner)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.05.2010, 16:43   #1
supermiguel
 
computer versendet spams (antivirus meldet trojaner) - Standard

computer versendet spams (antivirus meldet trojaner)



hallo allerseits!
mein problem ist folgendes:
ich kann keine emails mehr versenden (empfangen schon, da anderer server).
mein provider teilte mir mit, ich sei gesperrt, da mein computer permanent spams versendet.
nun wurde ich wieder freigeschalten, aber diverse server (unten angeführt) sperren uns weiterhin.

Avira meldet trojaner :
TR/Agent.42496.BD
TR/Gendal.64512.B
und noch welche: Crypt.XPACK.Gen, Dropper.Gen, Magnia.ctuo, ...

das virenprogramm hat auch einige in karantäne gestellt.
im forum bin ich auf einen artikel gestossen, in dem drinnensteht, es könnte die "Ntos.exe" der grund sein. habe daraufhin hijack durchrennen lassen, aber diese datei nicht gefunden.
hier mein hijack file:


Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:38, on 12.05.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Programme\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\IncrediMail\bin\ImApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
c:\programme\avira\antivir desktop\avcenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Dokumente und Einstellungen\All Users\Dokumente\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
         
und hier die server, die mich sperren:
BARRACUDA LISTED Detail
Return codes were: 127.0.0.2 900 234
CBL LISTED Blocked - see Detail
Return codes were: 127.0.0.2 2103 234
IMP-SPAM LISTED 1273570368: 11.5.2010 11:XX: IP 80.108.250.88 with name chello080108250088.17.14.vie.surfer.at. listed. (105.232) See Detail Listed by filter7.imp.ch
Return codes were: 127.0.0.5 120 702
ivmSIP LISTED Return codes were: 127.0.0.2 240 281
NIXSPAM LISTED Spam sent to the mailhost mail.ixlab.de was detected by NiX Spam at Wed, 12 May 2010 07:55:13 +0200, see Detail
Return codes were: 127.0.0.2 60 406
NOMOREFUNN LISTED surfer.at. Dynamic IP or generic rDNS. Use your ISPs mail service, or whitelist at: Detail based on reverse dns samples 1030744800
Return codes were: 127.0.0.3 603 234
RATS-Dyna LISTED SPAMRATS IP Addresses See: Detail
Return codes were: 127.0.0.36 2103 250
SORBS-DUHL LISTED Dynamic IP Addresses See: Detail
Return codes were: 127.0.0.10 2103 250
SPAMCOP LISTED Blocked - see Detail
Return codes were: 127.0.0.2 603 296
Spamhaus-ZEN LISTED Detail
Return codes were: 127.0.0.11, 127.0.0.4 900 437
UCEPROTECTL1 LISTED IP 80.108.250.88 is UCEPROTECT-Level 1 listed. See Detail
Return codes were: 127.0.0.2 603 328
UCEPROTECTL3 LISTED Your ISP UPC UPC Broadband/AS6830 is UCEPROTECT-Level3 listed for hosting a total of 10949 abusers. See: Detail
Return codes were: 127.0.0.2 603 328

_____________________
mit der begründung, meine ip sei nicht vertrauenswürdig?!
bitte um hilfe, möglichst ohne system neu aufsetzen.

allerliebsten dank für eure mühe,

miguelito

Alt 12.05.2010, 18:56   #2
uptodate
 

computer versendet spams (antivirus meldet trojaner) - Standard

computer versendet spams (antivirus meldet trojaner)



Hallo Supermiguel,


http://www.trojaner-board.de/51187-a...i-malware.html

+

http://www.trojaner-board.de/85104-o...-oldtimer.html


bitte die logs posten ...

(bitte komplett, Hijackthis log ist nicht komplett)

Warum fährst Du noch Xp ServicePack 2 + InternetExplorer 6 ???

Grüße

uptodate
__________________


Alt 14.05.2010, 12:54   #3
supermiguel
 
computer versendet spams (antivirus meldet trojaner) - Standard

computer versendet spams (antivirus meldet trojaner)



Danke für deinen Vorschlag!

XP & servicePack2 sehr stabil, könnte es noch updaten, dauert aber lange und liegt nicht am Problem. Danke für Hinweis. Als Browser aktuellen Mozilla Firefox.

Hoffentlich funktioniert es jetzt.

Greetings Miguelito

Hier mal die Logs von Malewarebytes & OTL

LOG Malewarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4099

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

14.05.2010 12:08:13
mbam-log-2010-05-14 (12-08-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Durchsuchte Objekte: 264835
Laufzeit: 1 Stunde(n), 56 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 19
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 89

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Dokumente und Einstellungen\Bobek\Lokale Einstellungen\Temp\dsoqq0.dll (Worm.Taterf) -> Delete on reboot.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09803dd4-4ad7-4fba-8d2a-246cf5030bc2} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18036237-d2bf-4154-8fa4-17d653d04d68} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a896cda-2c15-49c1-a48e-5cd637e7b253} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{26adf13b-9526-403e-99c4-662691488eae} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3c4de4a6-a757-44b7-9c99-80c79546aa09} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{449865e4-ee67-40a6-a115-8c3882e90f34} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{47f45dad-6888-4c97-b1eb-bfab48c0ac30} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a0faf5d-2196-499d-8cfa-2c100bfeabc7} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6de2350f-8a7d-45cc-9c20-dba7579b095f} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{95b649f4-87ee-476f-ad49-01d40324aa08} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a1031708-57d9-466b-b819-2ec62b873492} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b9e1be20-e1f5-47a7-a949-86545e80635b} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cba9b97c-e410-4e59-81fa-d01988c48594} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d224577f-3f7a-42aa-85b7-192dd182dc3f} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ed977095-6347-4e39-8644-a3bbe7bb594c} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1912489-59c2-434f-9aed-d3b6209c0c12} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nod32 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dso32 (Worm.Magania) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Dokumente und Einstellungen\Bobek\Lokale Einstellungen\Temp\dsoqq0.dll (Worm.Taterf) -> Delete on reboot.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Bobek\Lokale Einstellungen\Temp\nodqq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Bobek\Lokale Einstellungen\Temp\dsoqq.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\12gn6id2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\1thes92p.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\9rfpp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\ca.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\autorun.inf (Worm.Magania) -> Quarantined and deleted successfully.
C:\p9rs.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\rpw.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\TEMP\AVSCAN-20100514-100328-494F9E7C\ARK42.tmp (Trojan.GootKit) -> Delete on reboot.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP261\A0044815.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP262\A0044983.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP263\A0044990.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP263\A0045081.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP264\A0045086.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP264\A0045109.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP264\A0045133.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP266\A0045166.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP267\A0045190.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP267\A0045397.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP267\A0045411.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP267\A0045438.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP268\A0045481.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP268\A0045492.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP269\A0046551.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP269\A0045512.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP269\A0046506.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP269\A0046532.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP269\A0046541.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP270\A0046563.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP270\A0046592.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046597.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046628.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046661.dll (Trojan.GootKit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046673.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046687.dll (Trojan.GootKit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046689.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046759.dll (Trojan.GootKit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046760.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP272\A0046766.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2D.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2F.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN30.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN31.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN32.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN33.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN34.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.
D:\12gn6id2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\1thes92p.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\9rfpp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\ca.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\p9rs.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\rpw.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP261\A0044817.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP262\A0044985.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP263\A0044992.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP263\A0045083.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP264\A0045088.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP264\A0045111.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP264\A0045135.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP266\A0045168.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP267\A0045192.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP267\A0045399.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP267\A0045413.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP267\A0045440.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP268\A0045483.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP268\A0045494.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP269\A0045514.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP269\A0046508.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP269\A0046534.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP269\A0046543.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP269\A0046553.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP270\A0046565.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP270\A0046594.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046599.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046630.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046675.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046691.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP271\A0046762.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E92F70F0-A235-4931-BDCC-D35BE8046CA4}\RP272\A0046768.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\i8ikdjwt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h7t.wt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgtd.ruy (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Bobek\Lokale Einstellungen\Temp\nodqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Bobek\Lokale Einstellungen\Temp\nodqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Bobek\ctfmon.exe (Trojan.Agent) -> Delete on reboot.


LOG OTL

OTL logfile created on: 14.05.2010 12:42:41 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\All Users\Dokumente
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 478,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,27 Gb Total Space | 17,51 Gb Free Space | 46,99% Space Free | Partition Type: NTFS
Drive D: | 74,55 Gb Total Space | 28,70 Gb Free Space | 38,50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAUSSEN
Current User Name: Bobek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\All Users\Dokumente\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\All Users\Dokumente\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (Sophos AutoUpdate Service) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Plc)
DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Plc)
DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.06 09:13:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.28 15:09:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.14 08:55:44 | 000,000,000 | ---D | M]

[2009.05.11 14:48:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bobek\Anwendungsdaten\Mozilla\Extensions
[2010.04.29 06:55:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bobek\Anwendungsdaten\Mozilla\Firefox\Profiles\2gc8v9l6.default\extensions
[2010.04.29 14:41:06 | 000,002,149 | ---- | M] () -- C:\Dokumente und Einstellungen\Bobek\Anwendungsdaten\Mozilla\Firefox\Profiles\2gc8v9l6.default\searchplugins\MyStart Search.xml
[2009.05.11 14:48:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.12 14:36:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 14:36:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 14:36:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 14:36:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 14:36:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.04.27 10:04:58 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241772123060 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\Bobek\ctfmon.exe) - C:\Dokumente und Einstellungen\Bobek\ctfmon.exe File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Bobek\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Bobek\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.07 14:39:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.05.14 12:08:02 | 000,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{088ac286-d2a8-11de-adc7-0013d472e138}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe -- File not found
O33 - MountPoints2\{088ac286-d2a8-11de-adc7-0013d472e138}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe -- File not found
O33 - MountPoints2\{0d54210a-4c3a-11de-ad40-0013d472e138}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe -- File not found
O33 - MountPoints2\{0d54210a-4c3a-11de-ad40-0013d472e138}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe -- File not found
O33 - MountPoints2\{7c2ba201-4135-11de-ad34-0013d472e138}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe -- File not found
O33 - MountPoints2\{7c2ba201-4135-11de-ad34-0013d472e138}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Dokumente und Einstellungen\All Users\Dokumente\Logo Trévou-Tréguignec.doc
File not found -- C:\Dokumente und Einstellungen\All Users\Dokumente\Logo Conseil général.doc
[2010.05.14 12:41:38 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\All Users\Dokumente\OTL.exe
[2010.05.14 10:01:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Bobek\Anwendungsdaten\Malwarebytes
[2010.05.14 10:00:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.14 10:00:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.05.14 10:00:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.14 10:00:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.14 10:00:11 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\All Users\Dokumente\mbam-setup.exe
[2010.05.12 15:38:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Bobek\Desktop\virus
[2010.05.05 16:16:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Bobek\Desktop\IncrediMai.Xe.Premium.5.86.Build.4130
[2010.05.05 15:09:12 | 000,000,000 | ---D | C] -- C:\Programme\IncrediMail
[2010.04.30 13:19:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Bobek\Lokale Einstellungen\Anwendungsdaten\Sophos
[2010.04.30 13:04:06 | 000,130,088 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll
[2010.04.30 13:01:58 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Cisco Systems
[2010.04.30 13:01:03 | 000,023,552 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SophosBootTasks.exe
[2010.04.30 13:00:38 | 000,000,000 | ---D | C] -- C:\Programme\Sophos
[2010.04.30 13:00:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos
[2010.04.30 12:57:58 | 000,014,976 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\SophosBootDriver.sys
[2010.04.30 12:57:57 | 000,104,704 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccesscontrol.sys
[2010.04.30 12:57:57 | 000,035,584 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccessfilter.sys
[2010.04.30 12:57:15 | 000,000,000 | ---D | C] -- C:\Programme\Sophos Virusprogramm
[2010.04.30 10:45:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Bobek\Anwendungsdaten\Avira
[2010.04.30 10:40:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.04.30 10:40:05 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.04.30 10:40:05 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.04.30 10:40:05 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.04.30 10:40:05 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.04.30 10:40:03 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.04.30 10:40:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.04.27 10:26:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.04.27 06:33:49 | 000,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Dokumente und Einstellungen\All Users\Dokumente\Logo Trévou-Tréguignec.doc
File not found -- C:\Dokumente und Einstellungen\All Users\Dokumente\Logo Conseil général.doc
[2010.05.14 12:48:34 | 000,043,970 | ---- | M] () -- C:\WINDOWS\System32\ifarmed.html
[2010.05.14 12:41:40 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\All Users\Dokumente\OTL.exe
[2010.05.14 12:32:56 | 005,767,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Bobek\ntuser.dat
[2010.05.14 12:23:11 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.14 12:23:06 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.14 12:12:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.14 12:11:55 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\{a02d1e87-5240-4413-a00f-11f3fccb1b39}
[2010.05.14 12:11:52 | 000,042,496 | ---- | M] () -- C:\WINDOWS\System32\msxsltsso.dll
[2010.05.14 12:11:45 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.14 12:11:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.14 12:10:32 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Bobek\ntuser.ini
[2010.05.14 12:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010.05.14 11:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010.05.14 10:00:18 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\All Users\Dokumente\mbam-setup.exe
[2010.05.14 10:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010.05.14 09:08:27 | 000,000,215 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010.05.14 09:08:13 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Bobek\Desktop\Word.lnk
[2010.05.14 09:00:03 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010.05.14 08:55:44 | 000,001,749 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.05.12 18:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010.05.12 17:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010.05.12 16:00:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010.05.12 15:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010.05.12 14:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010.05.12 13:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010.05.12 08:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010.05.12 07:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010.05.10 16:08:30 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\online_{a02d1e87-5240-4413-a00f-11f3fccb1b39}
[2010.05.10 13:36:20 | 000,268,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Brainstorming_Transidentität.doc
[2010.05.05 15:09:30 | 000,001,658 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\IncrediMail.lnk
[2010.05.05 14:54:46 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Bobek\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.03 13:34:06 | 000,134,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Dispo_AktionBunker_250210-1.xls
[2010.04.30 12:56:31 | 049,358,880 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\std20sasfx.exe
[2010.04.30 10:36:49 | 044,151,368 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\avira_antivir_personal_de1000567.exe
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 15:17:00 | 000,000,446 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\url(4).htm
[2010.04.28 13:12:25 | 1072,513,024 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010.04.27 10:01:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010.04.27 10:01:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010.04.27 10:01:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010.04.27 10:01:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010.04.27 10:01:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010.04.27 10:01:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010.04.27 10:01:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010.04.27 10:01:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010.04.27 10:01:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010.04.27 10:01:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010.04.27 10:01:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010.04.27 10:01:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.04.27 06:33:49 | 000,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010.04.21 15:51:13 | 000,003,179 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\out.php
[2010.04.21 12:55:20 | 004,041,283 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\HEUTE+WETTBEWERB+KINDERFOTOS.zip
[2010.04.14 15:44:53 | 000,003,512 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\imgres.htm
[2010.04.14 15:14:05 | 000,000,425 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\url(3).htm
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.14 12:11:52 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\msxsltsso.dll
[2010.05.14 08:55:44 | 000,001,749 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.05.10 13:36:15 | 000,268,288 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Brainstorming_Transidentität.doc
[2010.05.10 06:32:44 | 000,047,132 | ---- | C] () -- C:\WINDOWS\System32\ifarmed.html
[2010.05.05 15:40:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\online_{a02d1e87-5240-4413-a00f-11f3fccb1b39}
[2010.05.05 15:40:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\{a02d1e87-5240-4413-a00f-11f3fccb1b39}
[2010.05.05 15:09:30 | 000,001,658 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\IncrediMail.lnk
[2010.05.03 13:34:05 | 000,134,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Dispo_AktionBunker_250210-1.xls
[2010.04.30 12:56:04 | 049,358,880 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\std20sasfx.exe
[2010.04.30 10:36:25 | 044,151,368 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\avira_antivir_personal_de1000567.exe
[2010.04.28 15:16:54 | 000,000,446 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\url(4).htm
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010.04.27 06:32:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010.04.22 07:29:56 | 005,767,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Bobek\ntuser.dat
[2010.04.21 15:51:13 | 000,003,179 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\out.php
[2010.04.21 12:55:14 | 004,041,283 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\HEUTE+WETTBEWERB+KINDERFOTOS.zip
[2010.04.14 15:44:53 | 000,003,512 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\imgres.htm
[2010.04.14 15:14:05 | 000,000,425 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\url(3).htm
[2009.05.18 13:49:29 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.05.15 10:38:57 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009.05.08 10:32:59 | 000,000,215 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009.05.08 10:08:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.05.07 16:53:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.05.07 16:52:54 | 000,003,192 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.05.07 16:52:53 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004.11.11 02:16:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2004.11.10 05:42:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2004.11.10 05:42:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2004.11.10 05:42:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2004.11.02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2004.11.02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2004.11.02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2004.11.02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2004.11.02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2004.08.04 09:57:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003.10.06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.08.23 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >


Extras .TXT von OTL LOG


OTL Extras logfile created on: 14.05.2010 12:42:41 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\All Users\Dokumente
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 478,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,27 Gb Total Space | 17,51 Gb Free Space | 46,99% Space Free | Partition Type: NTFS
Drive D: | 74,55 Gb Total Space | 28,70 Gb Free Space | 38,50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRAUSSEN
Current User Name: Bobek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\IncrediMail\bin\ImApp.exe" = C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Programme\FileZilla FTP Client\filezilla.exe" = C:\Programme\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- File not found
"C:\Programme\FileZilla FTP Client\fzsftp.exe" = C:\Programme\FileZilla FTP Client\fzsftp.exe:*:Enabled:fzsftp -- File not found
"C:\Dokumente und Einstellungen\Bobek\Lokale Einstellungen\Temp\ImInstaller\incredimail_installer.exe" = C:\Dokumente und Einstellungen\Bobek\Lokale Einstellungen\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer -- (IncrediMail Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C65AEAA-EDF4-42E0-AA43-D74A5362CA02}" = Adobe Setup
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEB79508-7D67-4A2F-9FB3-54C2B68E9532}" = PC Connectivity Solution
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C7E1449D-7638-6832-426D-589655951033}" = Nero 7 Demo
"{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}" = Nokia Software Updater
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_71c180716438072ebd356ce2549df41" = Adobe Premiere Pro CS3 Third Party Content
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3)
"Free YouTube Download_is1" = Free YouTube Download 2.2
"FTP Commander" = FTP Commander
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP LaserJet 1200 Uninstaller" = HP LaserJet 1200 Deinstallationsprogramm
"IncrediMail" = IncrediMail
"JunkFilterPlus" = IncrediMail JunkFilter Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Driver" = NVIDIA Display Driver
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpeedCrunch_is1" = SpeedCrunch 0.10
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XMedia Recode" = XMedia Recode 2.1.2.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.05.2010 09:02:14 | Computer Name = DRAUSSEN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 11.0.5604.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 12.05.2010 09:00:00 | Computer Name = DRAUSSEN | Source = Schedule | ID = 7901
Description = Der Befehl "At16.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 12.05.2010 10:00:01 | Computer Name = DRAUSSEN | Source = Schedule | ID = 7901
Description = Der Befehl "At17.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 12.05.2010 11:00:00 | Computer Name = DRAUSSEN | Source = Schedule | ID = 7901
Description = Der Befehl "At18.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 12.05.2010 12:00:00 | Computer Name = DRAUSSEN | Source = Schedule | ID = 7901
Description = Der Befehl "At19.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 14.05.2010 03:00:05 | Computer Name = DRAUSSEN | Source = Schedule | ID = 7901
Description = Der Befehl "At10.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 14.05.2010 04:00:00 | Computer Name = DRAUSSEN | Source = Schedule | ID = 7901
Description = Der Befehl "At11.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 14.05.2010 04:04:47 | Computer Name = DRAUSSEN | Source = SAVOnAccessFilter | ID = 3997759
Description = Vom Mount Manager konnten keine Volume-Daten abgerufen werden.

Error - 14.05.2010 04:05:08 | Computer Name = DRAUSSEN | Source = SAVOnAccessFilter | ID = 3997759
Description = Vom Mount Manager konnten keine Volume-Daten abgerufen werden.

Error - 14.05.2010 05:00:00 | Computer Name = DRAUSSEN | Source = Schedule | ID = 7901
Description = Der Befehl "At12.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 14.05.2010 06:00:00 | Computer Name = DRAUSSEN | Source = Schedule | ID = 7901
Description = Der Befehl "At13.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402


< End of report >


Könnte das Problem gelöst sein??? Vielen Dank euch allen.
__________________

Alt 14.05.2010, 14:58   #4
uptodate
 

computer versendet spams (antivirus meldet trojaner) - Standard

computer versendet spams (antivirus meldet trojaner)



Hallo !

89 infizierte Datein !!!

Bitte

http://www.trojaner-board.de/74908-a...t-scanner.html

anwenden und log posten, vermute Du hast noch einen oderer mehrere Rootkits drauf hast ...

Bitte diesen Thread lesen

http://www.trojaner-board.de/75622-d...ittierung.html

Ich empfehle Dir aber trotz allem ein Neuaufsetzen unbedingt mit
ServicePack 3 !

Dass das Sp2 stabiler läuft kann ich nicht bestätigen.

Fakt ist, dass durch veraltete Systemdateien Dein eigenes System angreifbar wird...

Grüße

uptodate

Antwort

Themen zu computer versendet spams (antivirus meldet trojaner)
antivir, antivirus, ask toolbar, bonjour, computer, crypt.xpack.gen, dropper.gen, einstellungen, generic.bot.h, hijack.system.hidden, hijackthis, internet explorer, malware.trace, mozilla, programm, reverse, software, spyware.onlinegames, system neu, trojan.agent, trojan.gootkit, trojan.sasfis, trojaner, windows, windows xp, worm.magania, worm.taterf



Ähnliche Themen: computer versendet spams (antivirus meldet trojaner)


  1. Avira free antivirus meldet TR/Dropper.A.25752
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (17)
  2. Avira Free Antivirus meldet Adware/InstallCore7
    Log-Analyse und Auswertung - 19.01.2014 (9)
  3. Panda Cloud Antivirus meldet mehrfach Virenbefall (Trojaner) in 800000cb.@
    Log-Analyse und Auswertung - 01.07.2013 (14)
  4. SpyHunter4.12.13.4202 meldet 131 Bedrohungen u.a. RK Antivirus Blocking Rules
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (11)
  5. AVG Antivirus meldet 525 Infektionen?
    Log-Analyse und Auswertung - 13.05.2013 (11)
  6. Telekom-Brief: Netzwerk versendet Spams
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (19)
  7. Passwort geknackt und Spams und Viren an alle in meinem Adressbuch versendet!
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (21)
  8. Computer versendet Emails an gesamtes Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (2)
  9. Weiteres Opfer wie "Computer versendet Emails an gesamtes Adressbuch"
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (1)
  10. Virus:Win32:InstallCore-AM ; E-Mail-Konto gehackt: Spams wurden versendet
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (3)
  11. Win 7 Antivirus 2012 meldet Trojaner, blockiert alle Programme
    Log-Analyse und Auswertung - 29.12.2011 (11)
  12. Computer versendet automatisch mit Hotmail an alle Kontakte Spam-Mails
    Log-Analyse und Auswertung - 08.02.2011 (13)
  13. Avira AntiVirus meldet: HTML/Infected.WebPage.Gen
    Plagegeister aller Art und deren Bekämpfung - 07.07.2009 (0)
  14. Antivirus meldet trojan.downloader.win32.agent
    Log-Analyse und Auswertung - 09.04.2009 (7)
  15. Antivirus scan meldet: TR/Hijack
    Mülltonne - 12.11.2008 (0)
  16. Symantec AntiVirus meldet: Adware.VirtuMonde
    Log-Analyse und Auswertung - 14.12.2007 (41)
  17. AntiVir meldet Lovgate bei Systemcheck durch Norton AntiVirus
    Plagegeister aller Art und deren Bekämpfung - 23.01.2006 (11)

Zum Thema computer versendet spams (antivirus meldet trojaner) - hallo allerseits! mein problem ist folgendes: ich kann keine emails mehr versenden (empfangen schon, da anderer server). mein provider teilte mir mit, ich sei gesperrt, da mein computer permanent spams - computer versendet spams (antivirus meldet trojaner)...
Archiv
Du betrachtest: computer versendet spams (antivirus meldet trojaner) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.