Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen"

Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen"


Log-Analyse und Auswertung: Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 2 1 2
Alt 24.07.2014, 17:19   #16
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen" - Standard

Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen"


poste bitte nochmal ein frisches FRST log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.07.2014, 19:09   #17
Beamling
 
Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen" - Standard

Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen"


FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by Standardbenutzer (ATTENTION: The logged in user is not administrator) on *********-PC on 25-07-2014 20:05:51
Running from C:\Users\Standardbenutzer\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
(AVAST Software) C:\Program Files\AVAST\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\OSD.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [Kone] => C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE [1666560 2011-02-18] (ROCCAT)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST\AvastUI.exe [4086432 2014-07-06] (AVAST Software)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D (the data entry has 60 more characters).
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D (the data entry has 60 more characters).
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D (the data entry has 60 more characters).
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D (the data entry has 112 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D (the data entry has 112 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e (the data entry has 118 more characters).
HKU\S-1-5-21-3278078431-535217013-2662550515-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Standardbenutzer\AppData\Local\Akamai\netsession_win.exe" 
HKU\S-1-5-21-3278078431-535217013-2662550515-1001\...\MountPoints2: {0972c94d-c786-11e1-8265-00241ddf508f} - J:\unlock.exe autoplay=true
HKU\S-1-5-21-3278078431-535217013-2662550515-1001\...\MountPoints2: {11fe8b0a-099a-11e2-b644-00241ddf508f} - G:\Autorun.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFA19FFF41745CE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {BF3DE226-70BD-4BE9-BC47-D3612B7920ED} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=F65F8253-4059-4066-B74C-50FAC716EF22&apn_sauid=B7E7D51B-4BC9-40D9-8A38-9D18BF2A5BEA
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3AE06AF8-C412-41B8-A0A4-481AA6EFCF70}: [NameServer]73.42.43.62,82.212.62.62

FireFox:
========
FF ProfilePath: C:\Users\Standardbenutzer\AppData\Roaming\Mozilla\Firefox\Profiles\jnn9fg5b.default-1372953077302
FF Homepage: https://www.startpage.com/
FF NetworkProxy: "backup.ftp", "190.0.17.202"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "190.0.17.202"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "190.0.17.202"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "190.0.17.202"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "190.0.17.202"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "190.0.17.202"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "190.0.17.202"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Standardbenutzer\AppData\Roaming\Mozilla\Firefox\Profiles\jnn9fg5b.default-1372953077302\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Adblock Plus - C:\Users\Standardbenutzer\AppData\Roaming\Mozilla\Firefox\Profiles\jnn9fg5b.default-1372953077302\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST\WebRep\FF [2012-09-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S3 Asushwio; C:\Windows\SysWOW64\drivers\Asushwio.sys [5824 2000-03-29] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] ()
R3 kncbda; C:\Windows\System32\DRIVERS\kncbda64.sys [180736 2008-08-13] (ODSoft multimedia)
R3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-13] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 20:05 - 2014-07-25 20:06 - 00011127 _____ () C:\Users\Standardbenutzer\Desktop\FRST.txt
2014-07-25 20:05 - 2014-07-25 20:05 - 02093568 _____ (Farbar) C:\Users\Standardbenutzer\Desktop\FRST64.exe
2014-07-25 20:05 - 2014-07-25 20:05 - 00000000 ____D () C:\FRST
2014-07-23 20:13 - 2014-07-23 20:14 - 00000824 _____ () C:\DelFix.txt
2014-07-23 20:11 - 2014-07-23 20:14 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-20 23:01 - 2014-07-24 22:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-20 22:01 - 2014-07-23 20:13 - 00000000 ____D () C:\Windows\ERUNT
2014-07-19 23:10 - 2014-07-23 20:12 - 00000000 ____D () C:\Windows\erdnt
2014-07-19 00:06 - 2014-07-19 18:31 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\Thunderbird
2014-07-18 16:52 - 2014-07-18 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 18:02 - 2014-07-17 18:02 - 00001679 _____ () C:\Users\Standardbenutzer\Desktop\Player.exe - Verknüpfung.lnk
2014-07-17 17:53 - 2014-07-17 17:53 - 00001493 _____ () C:\Users\Standardbenutzer\Desktop\ts3client_win64.exe - Verknüpfung.lnk
2014-07-17 17:36 - 2014-07-17 17:36 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-07-16 20:29 - 2014-07-16 20:29 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-07-16 20:29 - 2014-07-16 20:29 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\Windows\de
2014-07-15 20:14 - 2014-07-16 20:23 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Local\Windows Live
2014-07-15 19:41 - 2014-07-15 19:41 - 00000000 ____D () C:\Users\Standardbenutzer\Documents\DVDVideoSoft
2014-07-15 19:41 - 2014-07-15 19:41 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\DVDVideoSoft
2014-07-15 19:40 - 2014-07-15 20:05 - 00000000 ____D () C:\Users\*********\AppData\Roaming\DVDVideoSoft
2014-07-13 13:40 - 2014-07-13 13:47 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\AquaSoft
2014-07-13 13:40 - 2014-07-13 13:40 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Local\AquaSoft
2014-07-13 13:30 - 2014-07-13 13:30 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-07-13 13:29 - 2014-07-13 13:29 - 00001083 _____ () C:\Users\Public\Desktop\DiaShow 8 Ultimate.lnk
2014-07-13 13:29 - 2014-07-13 13:29 - 00000000 __HDC () C:\ProgramData\{3C060505-DF86-4BC0-8DF4-E59FE3326A8A}
2014-07-13 13:29 - 2014-07-13 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AquaSoft
2014-07-13 13:29 - 2014-07-13 13:29 - 00000000 ____D () C:\Program Files (x86)\AquaSoft
2014-07-13 13:01 - 2014-07-13 13:12 - 00000000 ____D () C:\Users\Standardbenutzer\.DVDslideshowGUI
2014-07-13 13:01 - 2014-07-13 13:01 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\ImgBurn
2014-07-13 12:54 - 2014-07-13 13:00 - 00000000 ____D () C:\Users\*********\.DVDslideshowGUI
2014-07-13 12:54 - 2014-07-13 12:54 - 00034936 _____ () C:\Windows\SysWOW64\uninstHelixYUV.exe
2014-07-13 12:54 - 2014-07-13 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-13 12:54 - 2014-07-13 12:54 - 00000000 ____D () C:\Program Files (x86)\Haali
2014-07-13 12:53 - 2014-07-13 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-07-13 12:53 - 2014-07-13 12:53 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-07-09 20:01 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 20:01 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 20:01 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 20:01 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 20:01 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 20:01 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 20:01 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 20:01 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 20:00 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 20:00 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 20:00 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 20:00 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 20:00 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 20:00 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 20:00 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 20:00 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 20:00 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 20:00 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 20:00 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 20:00 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 20:00 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 20:00 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 20:00 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 20:00 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 20:00 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 20:00 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 20:00 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 20:00 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 20:00 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 20:00 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 20:00 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 20:00 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 20:00 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 20:00 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 20:00 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 20:00 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 20:00 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 20:00 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 20:00 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 20:00 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 20:00 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 20:00 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 20:00 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 20:00 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 20:00 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 20:00 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 20:00 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 20:00 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 20:00 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 20:00 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 20:00 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 20:00 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 20:00 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 20:00 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 20:00 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 20:00 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 20:00 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 20:00 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 20:00 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 20:00 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 20:00 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 20:00 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 20:00 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 20:00 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 20:00 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 20:00 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 20:00 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 09:25 - 2014-07-06 09:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-05 22:39 - 2014-07-05 22:39 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\LibreOffice
2014-07-05 15:56 - 2014-07-05 15:56 - 00000719 _____ () C:\Users\Standardbenutzer\Desktop\USA Praesentation - Verknüpfung.lnk
2014-07-05 14:19 - 2014-07-05 14:20 - 00000000 ____D () C:\Program Files (x86)\w3arena
2014-07-05 14:19 - 2014-07-05 14:19 - 00000925 _____ () C:\Users\Public\Desktop\w3arena.lnk
2014-07-05 14:19 - 2014-07-05 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\w3arena.net Launcher 1.8.7

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 20:06 - 2014-07-25 20:05 - 00011127 _____ () C:\Users\Standardbenutzer\Desktop\FRST.txt
2014-07-25 20:05 - 2014-07-25 20:05 - 02093568 _____ (Farbar) C:\Users\Standardbenutzer\Desktop\FRST64.exe
2014-07-25 20:05 - 2014-07-25 20:05 - 00000000 ____D () C:\FRST
2014-07-25 19:40 - 2009-07-14 06:45 - 00014752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 19:40 - 2009-07-14 06:45 - 00014752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 19:39 - 2013-07-04 20:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 19:36 - 2012-07-01 12:21 - 01300315 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 19:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 19:33 - 2009-07-14 06:51 - 00180086 _____ () C:\Windows\setupact.log
2014-07-25 15:55 - 2014-03-05 20:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 15:55 - 2014-03-05 20:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 22:24 - 2014-03-05 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 22:16 - 2009-07-14 19:58 - 01790082 _____ () C:\Windows\system32\perfh007.dat
2014-07-24 22:16 - 2009-07-14 19:58 - 00488422 _____ () C:\Windows\system32\perfc007.dat
2014-07-24 22:16 - 2009-07-14 07:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-24 22:01 - 2014-07-20 23:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-24 07:56 - 2012-07-01 18:14 - 00323906 _____ () C:\Windows\PFRO.log
2014-07-23 20:14 - 2014-07-23 20:13 - 00000824 _____ () C:\DelFix.txt
2014-07-23 20:14 - 2014-07-23 20:11 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-23 20:13 - 2014-07-20 22:01 - 00000000 ____D () C:\Windows\ERUNT
2014-07-23 20:12 - 2014-07-19 23:10 - 00000000 ____D () C:\Windows\erdnt
2014-07-23 20:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-23 19:55 - 2012-07-01 12:21 - 00000000 ____D () C:\Users\*********
2014-07-23 07:43 - 2012-08-05 16:44 - 00000000 ____D () C:\Users\Standardbenutzer\Documents\Meine PSP-Dateien
2014-07-19 23:18 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-19 23:18 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-19 18:31 - 2014-07-19 00:06 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\Thunderbird
2014-07-18 17:03 - 2014-04-07 22:03 - 00000000 ____D () C:\Users\*********\AppData\Local\DM
2014-07-18 16:52 - 2014-07-18 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 16:43 - 2012-11-10 10:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-17 18:02 - 2014-07-17 18:02 - 00001679 _____ () C:\Users\Standardbenutzer\Desktop\Player.exe - Verknüpfung.lnk
2014-07-17 17:53 - 2014-07-17 17:53 - 00001493 _____ () C:\Users\Standardbenutzer\Desktop\ts3client_win64.exe - Verknüpfung.lnk
2014-07-17 17:36 - 2014-07-17 17:36 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-07-17 17:36 - 2012-07-01 19:05 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-17 17:30 - 2012-07-01 20:08 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\TS3Client
2014-07-17 17:30 - 2012-07-01 19:06 - 00000000 ____D () C:\Users\*********\AppData\Roaming\TS3Client
2014-07-16 20:29 - 2014-07-16 20:29 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-07-16 20:29 - 2014-07-16 20:29 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\Windows\de
2014-07-16 20:28 - 2013-06-23 14:46 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-16 20:27 - 2012-07-28 20:12 - 00064120 _____ () C:\Windows\DirectX.log
2014-07-16 20:23 - 2014-07-15 20:14 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Local\Windows Live
2014-07-15 20:05 - 2014-07-15 19:40 - 00000000 ____D () C:\Users\*********\AppData\Roaming\DVDVideoSoft
2014-07-15 19:41 - 2014-07-15 19:41 - 00000000 ____D () C:\Users\Standardbenutzer\Documents\DVDVideoSoft
2014-07-15 19:41 - 2014-07-15 19:41 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\DVDVideoSoft
2014-07-13 13:47 - 2014-07-13 13:40 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\AquaSoft
2014-07-13 13:40 - 2014-07-13 13:40 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Local\AquaSoft
2014-07-13 13:32 - 2012-07-01 20:01 - 00076712 _____ () C:\Users\Standardbenutzer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-13 13:31 - 2009-07-14 06:45 - 00321040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 13:30 - 2014-07-13 13:30 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-07-13 13:29 - 2014-07-13 13:29 - 00001083 _____ () C:\Users\Public\Desktop\DiaShow 8 Ultimate.lnk
2014-07-13 13:29 - 2014-07-13 13:29 - 00000000 __HDC () C:\ProgramData\{3C060505-DF86-4BC0-8DF4-E59FE3326A8A}
2014-07-13 13:29 - 2014-07-13 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AquaSoft
2014-07-13 13:29 - 2014-07-13 13:29 - 00000000 ____D () C:\Program Files (x86)\AquaSoft
2014-07-13 13:23 - 2012-07-01 17:48 - 00076712 _____ () C:\Users\*********\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-13 13:12 - 2014-07-13 13:01 - 00000000 ____D () C:\Users\Standardbenutzer\.DVDslideshowGUI
2014-07-13 13:01 - 2014-07-13 13:01 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\ImgBurn
2014-07-13 13:01 - 2012-07-01 20:01 - 00000000 ____D () C:\Users\Standardbenutzer
2014-07-13 13:00 - 2014-07-13 12:54 - 00000000 ____D () C:\Users\*********\.DVDslideshowGUI
2014-07-13 12:54 - 2014-07-13 12:54 - 00034936 _____ () C:\Windows\SysWOW64\uninstHelixYUV.exe
2014-07-13 12:54 - 2014-07-13 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-13 12:54 - 2014-07-13 12:54 - 00000000 ____D () C:\Program Files (x86)\Haali
2014-07-13 12:53 - 2014-07-13 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-07-13 12:53 - 2014-07-13 12:53 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-07-12 16:26 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 09:11 - 2014-03-21 20:01 - 00000000 ____D () C:\Users\Standardbenutzer\Documents\Adobe
2014-07-12 09:11 - 2012-07-01 20:12 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\Adobe
2014-07-10 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 18:41 - 2014-05-06 10:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 18:41 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 18:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 18:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 23:21 - 2013-08-09 16:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 23:20 - 2012-07-01 17:44 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 19:39 - 2013-04-13 16:31 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 19:39 - 2013-04-13 16:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-06 19:25 - 2013-07-12 11:47 - 00000000 ____D () C:\Users\Standardbenutzer\Desktop\Domi
2014-07-06 17:45 - 2012-09-22 20:39 - 00000000 ____D () C:\Program Files\AVAST
2014-07-06 09:25 - 2014-07-06 09:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-06 09:25 - 2014-04-20 11:24 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-06 09:25 - 2014-04-02 16:50 - 00001763 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-06 09:25 - 2013-12-20 16:32 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-06 09:25 - 2013-03-06 18:44 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-06 09:25 - 2013-03-06 18:44 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-06 09:25 - 2012-09-22 20:40 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-06 09:25 - 2012-09-22 20:40 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-06 09:25 - 2012-09-22 20:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-06 09:25 - 2012-09-22 20:39 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-06 09:25 - 2012-09-22 20:39 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-05 22:39 - 2014-07-05 22:39 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\LibreOffice
2014-07-05 15:56 - 2014-07-05 15:56 - 00000719 _____ () C:\Users\Standardbenutzer\Desktop\USA Praesentation - Verknüpfung.lnk
2014-07-05 14:20 - 2014-07-05 14:19 - 00000000 ____D () C:\Program Files (x86)\w3arena
2014-07-05 14:19 - 2014-07-05 14:19 - 00000925 _____ () C:\Users\Public\Desktop\w3arena.lnk
2014-07-05 14:19 - 2014-07-05 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\w3arena.net Launcher 1.8.7
2014-06-30 04:09 - 2014-07-09 20:01 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 20:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---
__________________
Alt 26.07.2014, 18:37   #18
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen" - Standard

Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen"


Zitat:
Ran by Standardbenutzer (ATTENTION: The logged in user is not administrator) on *********-PC on 25-07-2014 20:05:51
wir brauchen immer Adminrechte.
__________________
__________________
Alt 26.07.2014, 19:44   #19
Beamling
 
Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen" - Standard

Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen"



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by ****** (administrator) on ******-PC on 26-07-2014 20:42:16
Running from C:\Users\Standardbenutzer\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
(AVAST Software) C:\Program Files\AVAST\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\OSD.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [Kone] => C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE [1666560 2011-02-18] (ROCCAT)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST\AvastUI.exe [4086432 2014-07-06] (AVAST Software)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D (the data entry has 60 more characters).
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D (the data entry has 60 more characters).
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D (the data entry has 60 more characters).
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D (the data entry has 112 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D (the data entry has 112 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e (the data entry has 118 more characters).
HKU\S-1-5-21-3278078431-535217013-2662550515-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Standardbenutzer\AppData\Local\Akamai\netsession_win.exe" 
HKU\S-1-5-21-3278078431-535217013-2662550515-1001\...\MountPoints2: {0972c94d-c786-11e1-8265-00241ddf508f} - J:\unlock.exe autoplay=true
HKU\S-1-5-21-3278078431-535217013-2662550515-1001\...\MountPoints2: {11fe8b0a-099a-11e2-b644-00241ddf508f} - G:\Autorun.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3AE06AF8-C412-41B8-A0A4-481AA6EFCF70}: [NameServer]73.42.43.62,82.212.62.62

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\uzjhbkbi.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\uzjhbkbi.default\Extensions\amazon-icon@giga.de [2014-05-08]
FF Extension: NoScript - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\uzjhbkbi.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-01]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\uzjhbkbi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST\WebRep\FF [2012-09-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST\AvastSvc.exe [50344 2014-07-06] (AVAST Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S3 Asushwio; C:\Windows\SysWOW64\drivers\Asushwio.sys [5824 2000-03-29] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] ()
R3 kncbda; C:\Windows\System32\DRIVERS\kncbda64.sys [180736 2008-08-13] (ODSoft multimedia)
R3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-13] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 20:35 - 2014-07-26 20:42 - 00010466 _____ () C:\Users\Standardbenutzer\Desktop\FRST.txt
2014-07-26 20:33 - 2014-07-26 20:33 - 02093568 _____ (Farbar) C:\Users\Standardbenutzer\Desktop\FRST64.exe
2014-07-26 14:07 - 2014-07-26 20:32 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-07-26 14:07 - 2014-07-26 14:07 - 00002001 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-07-26 14:07 - 2014-07-26 14:07 - 00001945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-07-26 14:07 - 2014-07-26 14:07 - 00001924 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-07-25 21:59 - 2014-07-26 16:47 - 00000000 ____D () C:\Users\Standardbenutzer\Desktop\Erich Bilder
2014-07-25 21:06 - 2014-07-25 21:06 - 00000000 ____D () C:\Users\Standardbenutzer\Desktop\Bilder Erich alt
2014-07-25 20:05 - 2014-07-26 20:42 - 00000000 ____D () C:\FRST
2014-07-23 20:13 - 2014-07-23 20:14 - 00000824 _____ () C:\DelFix.txt
2014-07-23 20:11 - 2014-07-23 20:14 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-20 23:01 - 2014-07-24 22:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-20 22:01 - 2014-07-23 20:13 - 00000000 ____D () C:\Windows\ERUNT
2014-07-19 23:10 - 2014-07-23 20:12 - 00000000 ____D () C:\Windows\erdnt
2014-07-19 00:06 - 2014-07-26 11:50 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\Thunderbird
2014-07-18 16:52 - 2014-07-18 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 18:02 - 2014-07-17 18:02 - 00001679 _____ () C:\Users\Standardbenutzer\Desktop\Player.exe - Verknüpfung.lnk
2014-07-17 17:53 - 2014-07-17 17:53 - 00001493 _____ () C:\Users\Standardbenutzer\Desktop\ts3client_win64.exe - Verknüpfung.lnk
2014-07-17 17:36 - 2014-07-17 17:36 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-07-16 20:29 - 2014-07-16 20:29 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-07-16 20:29 - 2014-07-16 20:29 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\Windows\de
2014-07-15 20:14 - 2014-07-16 20:23 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Local\Windows Live
2014-07-15 19:41 - 2014-07-15 19:41 - 00000000 ____D () C:\Users\Standardbenutzer\Documents\DVDVideoSoft
2014-07-15 19:41 - 2014-07-15 19:41 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\DVDVideoSoft
2014-07-15 19:40 - 2014-07-15 20:05 - 00000000 ____D () C:\Users\******\AppData\Roaming\DVDVideoSoft
2014-07-13 13:40 - 2014-07-13 13:47 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\AquaSoft
2014-07-13 13:40 - 2014-07-13 13:40 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Local\AquaSoft
2014-07-13 13:30 - 2014-07-13 13:30 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-07-13 13:29 - 2014-07-13 13:29 - 00001083 _____ () C:\Users\Public\Desktop\DiaShow 8 Ultimate.lnk
2014-07-13 13:29 - 2014-07-13 13:29 - 00000000 __HDC () C:\ProgramData\{3C060505-DF86-4BC0-8DF4-E59FE3326A8A}
2014-07-13 13:29 - 2014-07-13 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AquaSoft
2014-07-13 13:29 - 2014-07-13 13:29 - 00000000 ____D () C:\Program Files (x86)\AquaSoft
2014-07-13 13:01 - 2014-07-13 13:12 - 00000000 ____D () C:\Users\Standardbenutzer\.DVDslideshowGUI
2014-07-13 13:01 - 2014-07-13 13:01 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\ImgBurn
2014-07-13 12:54 - 2014-07-13 13:00 - 00000000 ____D () C:\Users\******\.DVDslideshowGUI
2014-07-13 12:54 - 2014-07-13 12:54 - 00034936 _____ () C:\Windows\SysWOW64\uninstHelixYUV.exe
2014-07-13 12:54 - 2014-07-13 12:54 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-13 12:54 - 2014-07-13 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-13 12:54 - 2014-07-13 12:54 - 00000000 ____D () C:\Program Files (x86)\Haali
2014-07-13 12:53 - 2014-07-13 12:53 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-07-13 12:53 - 2014-07-13 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-07-13 12:53 - 2014-07-13 12:53 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-07-09 20:01 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 20:01 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 20:01 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 20:01 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 20:01 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 20:01 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 20:01 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 20:01 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 20:01 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 20:01 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 20:00 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 20:00 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 20:00 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 20:00 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 20:00 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 20:00 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 20:00 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 20:00 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 20:00 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 20:00 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 20:00 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 20:00 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 20:00 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 20:00 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 20:00 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 20:00 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 20:00 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 20:00 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 20:00 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 20:00 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 20:00 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 20:00 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 20:00 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 20:00 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 20:00 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 20:00 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 20:00 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 20:00 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 20:00 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 20:00 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 20:00 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 20:00 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 20:00 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 20:00 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 20:00 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 20:00 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 20:00 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 20:00 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 20:00 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 20:00 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 20:00 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 20:00 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 20:00 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 20:00 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 20:00 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 20:00 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 20:00 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 20:00 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 20:00 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 20:00 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 20:00 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 20:00 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 20:00 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 20:00 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 20:00 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 20:00 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 20:00 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 20:00 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 20:00 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 09:25 - 2014-07-06 09:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-05 22:39 - 2014-07-05 22:39 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\LibreOffice
2014-07-05 14:19 - 2014-07-05 14:20 - 00000000 ____D () C:\Program Files (x86)\w3arena
2014-07-05 14:19 - 2014-07-05 14:19 - 00000925 _____ () C:\Users\Public\Desktop\w3arena.lnk
2014-07-05 14:19 - 2014-07-05 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\w3arena.net Launcher 1.8.7

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 20:42 - 2014-07-26 20:35 - 00010466 _____ () C:\Users\Standardbenutzer\Desktop\FRST.txt
2014-07-26 20:42 - 2014-07-25 20:05 - 00000000 ____D () C:\FRST
2014-07-26 20:39 - 2013-07-04 20:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-26 20:33 - 2014-07-26 20:33 - 02093568 _____ (Farbar) C:\Users\Standardbenutzer\Desktop\FRST64.exe
2014-07-26 20:32 - 2014-07-26 14:07 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-07-26 18:58 - 2009-07-14 06:45 - 00014752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 18:58 - 2009-07-14 06:45 - 00014752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 18:54 - 2012-07-01 12:21 - 01322898 _____ () C:\Windows\WindowsUpdate.log
2014-07-26 18:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-26 18:51 - 2009-07-14 06:51 - 00180310 _____ () C:\Windows\setupact.log
2014-07-26 16:47 - 2014-07-25 21:59 - 00000000 ____D () C:\Users\Standardbenutzer\Desktop\Erich Bilder
2014-07-26 14:14 - 2012-08-05 16:44 - 00000000 ____D () C:\Users\Standardbenutzer\Documents\Meine PSP-Dateien
2014-07-26 14:07 - 2014-07-26 14:07 - 00002001 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-07-26 14:07 - 2014-07-26 14:07 - 00001945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-07-26 14:07 - 2014-07-26 14:07 - 00001924 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-07-26 11:50 - 2014-07-19 00:06 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\Thunderbird
2014-07-25 21:06 - 2014-07-25 21:06 - 00000000 ____D () C:\Users\Standardbenutzer\Desktop\Bilder Erich alt
2014-07-25 20:16 - 2009-07-14 19:58 - 01804624 _____ () C:\Windows\system32\perfh007.dat
2014-07-25 20:16 - 2009-07-14 19:58 - 00492940 _____ () C:\Windows\system32\perfc007.dat
2014-07-25 20:16 - 2009-07-14 07:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-25 15:55 - 2014-03-05 20:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 15:55 - 2014-03-05 20:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 22:24 - 2014-03-05 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 22:01 - 2014-07-20 23:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-24 19:56 - 2012-09-22 20:39 - 00004152 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-24 07:56 - 2012-07-01 18:14 - 00323906 _____ () C:\Windows\PFRO.log
2014-07-23 20:14 - 2014-07-23 20:13 - 00000824 _____ () C:\DelFix.txt
2014-07-23 20:14 - 2014-07-23 20:11 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-23 20:13 - 2014-07-20 22:01 - 00000000 ____D () C:\Windows\ERUNT
2014-07-23 20:12 - 2014-07-19 23:10 - 00000000 ____D () C:\Windows\erdnt
2014-07-23 20:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-23 19:55 - 2012-07-01 12:21 - 00000000 ____D () C:\Users\******
2014-07-19 23:18 - 2012-07-01 12:22 - 00001381 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-19 23:18 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-19 23:18 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-18 17:03 - 2014-04-07 22:03 - 00000000 ____D () C:\Users\******\AppData\Local\DM
2014-07-18 16:52 - 2014-07-18 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 18:02 - 2014-07-17 18:02 - 00001679 _____ () C:\Users\Standardbenutzer\Desktop\Player.exe - Verknüpfung.lnk
2014-07-17 17:53 - 2014-07-17 17:53 - 00001493 _____ () C:\Users\Standardbenutzer\Desktop\ts3client_win64.exe - Verknüpfung.lnk
2014-07-17 17:36 - 2014-07-17 17:36 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-07-17 17:36 - 2012-07-01 19:05 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-17 17:30 - 2012-07-01 20:08 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\TS3Client
2014-07-17 17:30 - 2012-07-01 19:06 - 00000000 ____D () C:\Users\******\AppData\Roaming\TS3Client
2014-07-16 20:29 - 2014-07-16 20:29 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-07-16 20:29 - 2014-07-16 20:29 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\Windows\de
2014-07-16 20:28 - 2013-06-23 14:46 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-16 20:27 - 2012-07-28 20:12 - 00064120 _____ () C:\Windows\DirectX.log
2014-07-16 20:23 - 2014-07-15 20:14 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Local\Windows Live
2014-07-15 20:05 - 2014-07-15 19:40 - 00000000 ____D () C:\Users\******\AppData\Roaming\DVDVideoSoft
2014-07-15 19:41 - 2014-07-15 19:41 - 00000000 ____D () C:\Users\Standardbenutzer\Documents\DVDVideoSoft
2014-07-15 19:41 - 2014-07-15 19:41 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\DVDVideoSoft
2014-07-13 13:47 - 2014-07-13 13:40 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\AquaSoft
2014-07-13 13:40 - 2014-07-13 13:40 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Local\AquaSoft
2014-07-13 13:32 - 2012-07-01 20:01 - 00076712 _____ () C:\Users\Standardbenutzer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-13 13:31 - 2009-07-14 06:45 - 00321040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 13:30 - 2014-07-13 13:30 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-07-13 13:29 - 2014-07-13 13:29 - 00001083 _____ () C:\Users\Public\Desktop\DiaShow 8 Ultimate.lnk
2014-07-13 13:29 - 2014-07-13 13:29 - 00000000 __HDC () C:\ProgramData\{3C060505-DF86-4BC0-8DF4-E59FE3326A8A}
2014-07-13 13:29 - 2014-07-13 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AquaSoft
2014-07-13 13:29 - 2014-07-13 13:29 - 00000000 ____D () C:\Program Files (x86)\AquaSoft
2014-07-13 13:23 - 2012-07-01 17:48 - 00076712 _____ () C:\Users\******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-13 13:12 - 2014-07-13 13:01 - 00000000 ____D () C:\Users\Standardbenutzer\.DVDslideshowGUI
2014-07-13 13:01 - 2014-07-13 13:01 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\ImgBurn
2014-07-13 13:01 - 2012-07-01 20:01 - 00000000 ____D () C:\Users\Standardbenutzer
2014-07-13 13:00 - 2014-07-13 12:54 - 00000000 ____D () C:\Users\******\.DVDslideshowGUI
2014-07-13 12:54 - 2014-07-13 12:54 - 00034936 _____ () C:\Windows\SysWOW64\uninstHelixYUV.exe
2014-07-13 12:54 - 2014-07-13 12:54 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-13 12:54 - 2014-07-13 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-13 12:54 - 2014-07-13 12:54 - 00000000 ____D () C:\Program Files (x86)\Haali
2014-07-13 12:53 - 2014-07-13 12:53 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-07-13 12:53 - 2014-07-13 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-07-13 12:53 - 2014-07-13 12:53 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-07-12 16:26 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 09:11 - 2014-03-21 20:01 - 00000000 ____D () C:\Users\Standardbenutzer\Documents\Adobe
2014-07-12 09:11 - 2012-07-01 20:12 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\Adobe
2014-07-10 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 18:41 - 2014-05-06 10:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 18:41 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 18:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 18:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 23:21 - 2013-08-09 16:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 23:20 - 2012-07-01 17:44 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 19:39 - 2013-07-04 20:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 19:39 - 2013-04-13 16:31 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 19:39 - 2013-04-13 16:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-06 19:25 - 2013-07-12 11:47 - 00000000 ____D () C:\Users\Standardbenutzer\Desktop\Domi
2014-07-06 17:45 - 2012-09-22 20:39 - 00000000 ____D () C:\Program Files\AVAST
2014-07-06 09:25 - 2014-07-06 09:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-06 09:25 - 2014-04-20 11:24 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-06 09:25 - 2014-04-02 16:50 - 00001763 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-06 09:25 - 2013-12-20 16:32 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-06 09:25 - 2013-03-06 18:44 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-06 09:25 - 2013-03-06 18:44 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-06 09:25 - 2012-09-22 20:40 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-06 09:25 - 2012-09-22 20:40 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-06 09:25 - 2012-09-22 20:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-06 09:25 - 2012-09-22 20:39 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-06 09:25 - 2012-09-22 20:39 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-05 22:39 - 2014-07-05 22:39 - 00000000 ____D () C:\Users\Standardbenutzer\AppData\Roaming\LibreOffice
2014-07-05 14:20 - 2014-07-05 14:19 - 00000000 ____D () C:\Program Files (x86)\w3arena
2014-07-05 14:19 - 2014-07-05 14:19 - 00000925 _____ () C:\Users\Public\Desktop\w3arena.lnk
2014-07-05 14:19 - 2014-07-05 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\w3arena.net Launcher 1.8.7
2014-06-30 04:09 - 2014-07-09 20:01 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 20:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\******\AppData\Local\temp\JDSetup130508499731166458.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 12:10

==================== End Of Log ============================
--- --- ---
Alt 27.07.2014, 10:10   #20
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen" - Standard

Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen"


sieht gut aus

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 2 von 2 1 2

Themen zu Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen"
anhang, conduit.search, conduit.search entfernen, emailadresse, erhalte, folgendes, freunde, live, nemesis, please, sweet-page, sweet-page entfernen, trojaner, version, win32/conduit.searchprotect.q, win32/downloadsponsor.a, win32/installcore.ln, win32/installmonetizer.az, win32/thinknice.b, win32/toolbar.conduit.r, windows, windows live, windows live mail, zusammen


« Halle es geht um System Theme File Patch Detection | Windows 8.1: Mein System hat ein paar Warnungen + Funde. »


Ähnliche Themen: Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen"


  1. Er konnte es nicht lassen: "Spam King" wegen Facebook-Spam am Haken
    Nachrichten - 26.08.2015 (0)
  2. Yahoo account verschickt links an Adressen aus dem Adressbuch
    Log-Analyse und Auswertung - 08.02.2015 (9)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Millionenfacher Identätsklau: "Fiktive" Mail-Adressen in BSI-Sammlung
    Nachrichten - 24.01.2014 (0)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. SPAM-Vorwurf durch Internet-Anbieter / "Malwarebytes Anti-Malware"-Abstürze / Nachfrage zu "Secunia PSI"
    Log-Analyse und Auswertung - 30.08.2013 (17)
  7. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  8. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  9. Mein GMX-Account verschickte Spammails an Adressbuch-Adressen - Laptop war aus
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (21)
  10. thunderbird verschickt Spam an mein gesamtes Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (3)
  11. Weiteres Opfer wie "Computer versendet Emails an gesamtes Adressbuch"
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  12. verschlüsselte Dateien durch Trojaner - auch Adressbuch in Thunderbird defekt
    Log-Analyse und Auswertung - 17.06.2012 (3)
  13. web.de verschickt automatisch e-Mails an alle Adressen aus dem Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 19.01.2012 (20)
  14. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  15. Thunderbird verschickt automatisch Spam-Emails an Adressbuch
    Log-Analyse und Auswertung - 11.09.2010 (1)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen" - poste bitte nochmal ein frisches FRST log. - Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen"...
Archiv
Du betrachtest: Win 7: Spam an Thunderbird portables Adressbuch "gesammelte Adressen" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55