Laptop (Vista) versendet Spam - Logs anbei

karlheinz1 · 21.07.2012, 01:30

Hallo Zusammen,

das Laptop einer Bekannten versendet seit vorgestern Spammails über Ihren GMX-Account.
Eigentlich dürfte das nicht passiert sein, da das Laptop "mindestens" im Ruhezustand war.
Deswegen sende ich auch noch ein Mailheader mit, vielleicht hilft es ja.
Reihenfolge der Scans:
1-Malwarebytes
2-Eset Online
3-OTL
4-GMER
OTL-Extra und GMER mussten leider gezippt werden.

Ach, noch mehr Infos:
Laptop funktioniert eigentlich einwandfrei, im Startmenu fehlt nichts, keine leeren oder verschlüsselten Ordner und die Geschwindigkeit ist auch OK.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.20.06

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Lamia :: MAUSTEIL [Administrator]

20.07.2012 19:16:16
mbam-log-2012-07-20 (19-16-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 356629
Laufzeit: 43 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1517bc298d427e40b2dc53bdecb66a36
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 07:25:22
# local_time=2012-07-20 09:25:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 95 53672928 180340609 0 0
# compatibility_mode=8192 67108863 100 0 113 113 0 0
# scanned=172821
# found=1
# cleaned=0
# scan_time=4441
C:\Users\Lamia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\13a09623-52211f83	Java/TrojanDownloader.Agent.NCA trojan (unable to clean)	00000000000000000000000000000000	I

Code:

ATTFilter

OTL logfile created on: 21.07.2012 00:54:01 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Lamia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,89% Memory free
6,13 Gb Paging File | 5,09 Gb Available in Paging File | 83,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 69,76 Gb Free Space | 59,91% Space Free | Partition Type: NTFS
Drive E: | 114,98 Gb Total Space | 22,59 Gb Free Space | 19,64% Space Free | Partition Type: NTFS
 
Computer Name: MAUSTEIL | User Name: Lamia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lamia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA)
PRC - C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
PRC - C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3398.36836__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3398.36908__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3398.36818__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3398.36838__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3398.36889__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3398.36827__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3398.36871__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3398.36832__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3398.36862__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3398.36827__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3398.36864__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3398.36839__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3398.36828__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3398.36884__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3398.36876__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3398.36838__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3398.36908__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3398.36876__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3398.36869__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3398.36863__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3398.36875__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3398.36909__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3398.36907__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3398.36842__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3398.36868__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3398.36863__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3398.36858__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3398.36870__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3398.36843__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3010.30489__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3398.36862__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3398.36863__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3010.30487__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3398.36870__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3010.30488__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3010.30539__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3010.30503__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3010.30507__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3010.30503__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3010.30495__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3010.30511__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3010.30523__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3010.30513__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3010.30526__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3010.30525__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3010.30512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3010.30525__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3398.36832__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3398.36903__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3398.36902__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3010.30518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3010.30504__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3398.36818__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3398.36816__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3010.30518__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3010.30516__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3010.30516__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3010.30516__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3010.30512__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3398.36914__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3010.30492__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3010.30523__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3010.30517__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3010.30497__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3010.30509__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3010.30522__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3010.30515__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3010.30514__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3010.30512__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3010.30512__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3010.30517__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3010.30500__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3010.30511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3010.30495__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3010.30514__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3010.30511__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3010.30502__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3010.30515__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3010.30514__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3010.30502__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3398.36814__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3398.36823__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3398.36816__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3398.36814__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3010.30507__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3010.30510__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3010.30518__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3398.36903__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File not found
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (camsvc) -- C:\Programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA)
SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Programme\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (GameConsoleService) -- C:\Programme\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sr) -- System32\DRIVERS\sr.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
IE - HKLM\..\SearchScopes,DefaultScope = {D2ACE17D-8B45-40D8-ADBC-A0C93BC27D80}
IE - HKLM\..\SearchScopes\{D2ACE17D-8B45-40D8-ADBC-A0C93BC27D80}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
IE - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7TSEG_deDE350&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=H2hU1x01P8i0_1fVLW_iK0Nb66w?q={searchTerms}
IE - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\..\SearchScopes\{D2ACE17D-8B45-40D8-ADBC-A0C93BC27D80}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG_de
IE - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: firenes@facundo.zaldo:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.http: "84.41.108.74"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.07 09:38:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 20:07:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.10 12:10:49 | 000,000,000 | ---D | M]
 
[2009.10.25 18:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lamia\AppData\Roaming\mozilla\Extensions
[2012.07.15 12:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lamia\AppData\Roaming\mozilla\Firefox\Profiles\a4kdhpt7.default\extensions
[2011.01.10 23:08:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lamia\AppData\Roaming\mozilla\Firefox\Profiles\a4kdhpt7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.02 21:43:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lamia\AppData\Roaming\mozilla\Firefox\Profiles\a4kdhpt7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.16 00:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.15 12:35:20 | 000,057,496 | ---- | M] () (No name found) -- C:\USERS\LAMIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A4KDHPT7.DEFAULT\EXTENSIONS\FFEXTENSION@WEHEARTIT.COM.XPI
[2012.01.17 20:49:52 | 000,071,254 | ---- | M] () (No name found) -- C:\USERS\LAMIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A4KDHPT7.DEFAULT\EXTENSIONS\FIRENES@FACUNDO.ZALDO.XPI
[2012.07.20 20:07:36 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.18 11:15:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.18 11:15:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.18 11:15:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 11:15:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 11:15:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 11:15:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Lamia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O7 - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2963136980-3546074515-2844673316-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED78BA75-123E-4903-AC42-21A43F689177}: NameServer = 62.220.18.8 89.246.64.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7EA2DC7-22BA-4A45-AEA3-C8F7065D27F1}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) -  File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.20 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.20 17:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.20 17:40:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.20 17:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.20 15:40:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Lamia\Desktop\OTL.exe
[2012.07.20 15:37:53 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Lamia\Desktop\esetsmartinstaller_enu.exe
[2012.07.13 06:22:04 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.13 06:14:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.13 06:14:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.13 06:14:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.13 06:14:49 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.13 06:14:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.13 06:14:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.13 06:14:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 23:01:50 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.06.21 19:16:33 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 19:16:33 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 19:16:13 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 19:16:13 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 19:16:13 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 19:16:03 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 19:16:03 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.21 00:22:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.21 00:00:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.21 00:00:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 20:22:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.20 20:09:23 | 000,647,064 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.20 20:09:23 | 000,603,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.20 20:09:23 | 000,137,902 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.20 20:09:23 | 000,109,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.20 20:00:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 20:00:38 | 3184,394,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 17:40:43 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 15:45:10 | 000,302,592 | ---- | M] () -- C:\Users\Lamia\Desktop\dj3yoxyg.exe
[2012.07.20 15:40:54 | 000,632,023 | ---- | M] () -- C:\Users\Lamia\Desktop\adwcleaner.exe
[2012.07.20 15:40:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lamia\Desktop\OTL.exe
[2012.07.20 15:37:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Lamia\Desktop\esetsmartinstaller_enu.exe
[2012.07.13 17:43:01 | 000,327,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.08 11:19:04 | 000,009,122 | ---- | M] () -- C:\Users\Lamia\Documents\We heart.odt
[2012.07.08 09:13:50 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.08 09:13:50 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.07 09:39:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.02 00:08:49 | 000,033,795 | ---- | M] () -- C:\Users\Lamia\Documents\After work.odt
[2012.07.01 23:59:06 | 000,011,054 | ---- | M] () -- C:\Users\Lamia\Documents\Rehrücken rp.odt
 
========== Files Created - No Company Name ==========
 
[2012.07.20 20:00:38 | 3184,394,240 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.20 17:40:43 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 15:45:25 | 000,302,592 | ---- | C] () -- C:\Users\Lamia\Desktop\dj3yoxyg.exe
[2012.07.20 15:40:56 | 000,632,023 | ---- | C] () -- C:\Users\Lamia\Desktop\adwcleaner.exe
[2012.07.08 09:31:02 | 000,009,122 | ---- | C] () -- C:\Users\Lamia\Documents\We heart.odt
[2012.07.01 23:58:27 | 000,011,054 | ---- | C] () -- C:\Users\Lamia\Documents\Rehrücken rp.odt
[2011.11.25 21:18:04 | 000,001,624 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.11.06 19:27:12 | 000,000,006 | ---- | C] () -- C:\Users\Lamia\AppData\Roaming\start
[2010.04.17 15:15:47 | 000,196,608 | ---- | C] () -- C:\Users\Lamia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2009.10.25 23:23:55 | 000,000,000 | ---D | M] -- C:\Users\Hase\AppData\Roaming\OpenOffice.org
[2011.12.24 13:49:50 | 000,000,000 | ---D | M] -- C:\Users\Lamia\AppData\Roaming\Canneverbe Limited
[2009.10.25 19:05:16 | 000,000,000 | ---D | M] -- C:\Users\Lamia\AppData\Roaming\OpenOffice.org
[2011.10.30 21:33:10 | 000,000,000 | ---D | M] -- C:\Users\Lamia\AppData\Roaming\TeamViewer
[2012.02.04 15:33:56 | 000,000,000 | ---D | M] -- C:\Users\Lamia\AppData\Roaming\Wildlife Park 2
[2012.02.12 22:21:17 | 000,000,000 | ---D | M] -- C:\Users\Lamia\AppData\Roaming\Wildlife Park 2 - Crazy Zoo
[2012.02.04 15:50:05 | 000,000,000 | ---D | M] -- C:\Users\Lamia\AppData\Roaming\Wildlife Park 2 - Farm World
[2009.10.25 18:28:19 | 000,000,000 | ---D | M] -- C:\Users\Lamia\AppData\Roaming\WildTangent
[2012.07.20 17:31:54 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Mailheader:

[code/]
Received: (qmail 525 invoked from network); 19 Jul 2012 12:24:28 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamkill05do.versatel-west.de
X-Spam-Status: No, score=2.7
Received: from mailout-de.gmx.net ([213.165.64.22])
(envelope-sender <Lamia69@gmx.de>)
by mail06do.versatel.de (qmail-ldap-1.03) with SMTP
for <peter-guttowsky@versanet.de>; 19 Jul 2012 12:24:24 -0000
Received: (qmail 14326 invoked by uid 0); 19 Jul 2012 12:24:22 -0000
Received: from 196.218.154.220 by www012.gmx.net with HTTP;
Thu, 19 Jul 2012 14:24:21 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Date: Thu, 19 Jul 2012 14:24:21 +0200
From: "Lamia Lisjak" <Lamia69@gmx.de>
Message-ID: <20120719122421.87080@gmx.net>
MIME-Version: 1.0
To: anna.forster@gmx.de, p.guttowsky@infocity.de, barbara.heckes@web.de,
annegret.langkau@klinik-blankenstein.de, peter-guttowsky@versanet.de
X-Authenticated: #18911002
X-Flags: 0001
X-Mailer: WWW-Mail 6100 (Global Message Exchange)
X-Priority: 3
X-Provags-ID: V01U2FsdGVkX18wLwQdmJIw3wJC2TfYXfRt07MEK4CZeeILPLkmLD
LsobruUHZUsS0fAFsqbZjWQSRMIqaHQsPS4w==
Content-Transfer-Encoding: 8bit
X-GMX-UID: Ipl1cGBDeSEqXXvsS3UhmnB+IGRvb8B8
X-VT-Original-To: peter-guttowsky@versanet.de

hxxp://siteaseek.com/wp-admin/love.php?agree208.jpeg
[/code]

Danke fürs überblicken!

Laptop (Vista) versendet Spam - Logs anbei

Log-Analyse und Auswertung: Laptop (Vista) versendet Spam - Logs anbei

Laptop (Vista) versendet Spam - Logs anbei

Ähnliche Themen: Laptop (Vista) versendet Spam - Logs anbei