Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
facebook.vbs und USB-Verknüpfungen

facebook.vbs und USB-Verknüpfungen


Log-Analyse und Auswertung: facebook.vbs und USB-Verknüpfungen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 15.03.2014, 00:06   #1
llasse
 
facebook.vbs und USB-Verknüpfungen - Icon22

facebook.vbs und USB-Verknüpfungen


Hallo,
erstmal: großartig, dass es euch gibt, meine Panik nimmt ein wenig ab.

Ich arbeite z.Zt. an einem Projekt für meine Doktorarbeit und hab den ganzen Tag in Matlab rumgecodet. Jetzt wollte ich einem Freund einen USB Stick mitgeben, und auf dem USB Stick waren auf einmal nur Verknüpfungen (und vermutlich versteckte Dateien). Einem zweiten USB Stick ereilte das gleiche Schicksal.
Ich habe dann sofort die VPN-Verbindung mit meiner Uni gekappt (was kann da passiert sein? wem sollte ich was melden?) und avast neuinstalliert - ich hatte das für eine kleine Winterabschluss-Age-of-Empires-2-Session gestern abend ausgemacht, sowas blödes.

Der Scan hat was gefunden, gleichzeitig habe ich bei der Onlinereschersche euch gefunden und erstmal alles von avast geschlossen und eure Vorgehensweise befolgt, hier die Logs:
Hallo,
erstmal: großartig, dass es euch gibt, meine Panik nimmt ein wenig ab.

Ich arbeite z.Zt. an einem Projekt für meine Doktorarbeit und hab den ganzen Tag in Matlab rumgecodet. Jetzt wollte ich einem Freund einen USB Stick mitgeben, und auf dem USB Stick waren auf einmal nur Verknüpfungen (und vermutlich versteckte Dateien). Einem zweiten USB Stick ereilte das gleiche Schicksal.
Ich habe dann sofort die VPN-Verbindung mit meiner Uni gekappt (was kann da passiert sein? wem sollte ich was melden?) und avast neuinstalliert - ich hatte das für eine kleine Winterabschluss-Age-of-Empires-2-Session gestern abend ausgemacht, sowas blödes.

Der Scan hat was gefunden, gleichzeitig habe ich bei der Onlinereschersche euch gefunden und erstmal alles von avast geschlossen und eure Vorgehensweise befolgt, hier die Logs: (bei avast wusste ich nicht welches Logfile intersannt ist)

Vielen Dank schonmal im Voraus!

FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Lasse (administrator) on BLACKBLOCK on 14-03-2014 23:17:31
Running from C:\Users\Lasse\Desktop\Virus
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\shtctky.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\System32\WScript.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Dropbox, Inc.) C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Ventis Media Inc.) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUi.exe
(Farbar) C:\Users\Lasse\Desktop\Virus\2-FRST64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-05-29] (Synaptics Incorporated)
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] ()
HKLM\...\Run: [TPFanControl] - C:\Program Files\TPFanControl\TPFanControl.exe [154112 2013-03-20] (troubadix)
HKLM\...\Run: [Facebook.vbs] - C:\Users\Lasse\AppData\Local\Temp\Facebook.vbs [6796 2013-02-23] () <===== ATTENTION
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-14] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1034707596-2023432411-3572616019-1000\...\Run: [Facebook.vbs] - C:\Users\Lasse\AppData\Local\Temp\Facebook.vbs [6796 2013-02-23] () <===== ATTENTION
HKU\S-1-5-21-1034707596-2023432411-3572616019-1000\...\MountPoints2: {28bf4651-757d-11e3-9456-00234dfa26bc} - F:\aocsetup.exe /autorun
Startup: C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
Startup: C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
ShortcutTarget: FlashPlayerPlug.lnk -> C:\Users\Lasse\AppData\Local\Temp\FlashPlayerMsj.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=e66fde5700000000000000ff8910d9d6
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {C3A74DD2-1D88-4A57-A2E0-2309F6FBB42F} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=e66fde5700000000000000ff8910d9d6&r=786
SearchScopes: HKCU - {C3A74DD2-1D88-4A57-A2E0-2309F6FBB42F} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=e66fde5700000000000000ff8910d9d6&r=786
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default
FF user.js: detected! => C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\user.js
FF Homepage: hxxp://stressfaktor.squat.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChangeViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\foxyproxy@eric.h.jung [2014-02-05]
FF Extension: Ghostery - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\firefox@ghostery.com.xpi [2013-09-18]
FF Extension: Clearly - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\readable@evernote.com.xpi [2014-02-13]
FF Extension: Adblock Plus - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-14]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Lasse\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-12-05]
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonic.crx [2013-06-11]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-14] (AVAST Software)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-06-03] (The OpenVPN Project)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

S3 a8djavs; C:\Windows\System32\Drivers\a8djavs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 a8djusb_svc; C:\Windows\System32\Drivers\a8djusb.sys [100712 2012-12-18] (Native Instruments GmbH)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-14] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-14] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-14] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-14] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-04] (Disc Soft Ltd)
S3 kz1avs; C:\Windows\System32\Drivers\kz1avs.sys [359120 2013-05-17] (Native Instruments GmbH)
S3 kz1usb_svc; C:\Windows\System32\Drivers\kz1usb.sys [83152 2013-05-17] (Native Instruments GmbH)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)
S3 ta2avs; C:\Windows\System32\Drivers\ta2avs.sys [358480 2012-02-22] (Native Instruments GmbH)
S3 ta2usb_svc; C:\Windows\System32\Drivers\ta2usb.sys [79952 2012-02-22] (Native Instruments GmbH)
S3 NETw5s64; system32\DRIVERS\NETw5s64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-14 23:17 - 2014-03-14 23:17 - 00000000 ____D () C:\FRST
2014-03-14 23:16 - 2014-03-14 23:16 - 00000168 _____ () C:\Users\Lasse\defogger_reenable
2014-03-14 23:08 - 2014-03-14 23:17 - 00000000 ____D () C:\Users\Lasse\Desktop\Virus
2014-03-14 22:52 - 2014-03-14 22:52 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-14 22:51 - 2014-03-14 22:51 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-14 22:50 - 2014-03-14 22:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-14 22:42 - 2014-03-14 22:42 - 00000000 ____D () C:\Users\Lasse\Desktop\Modernist Cuisine
2014-03-14 21:07 - 2014-03-14 21:07 - 00004638 _____ () C:\Users\Lasse\AppData\Local\recently-used.xbel
2014-03-14 13:57 - 2014-03-14 13:57 - 00000000 ____D () C:\Lasse
2014-03-09 14:40 - 2014-03-09 15:09 - 2163979941 _____ () C:\Users\Lasse\Desktop\Maiks Indien.zip
2014-02-28 15:54 - 2014-02-28 21:34 - 00000000 ____D () C:\Users\Lasse\Desktop\Musik
2014-02-24 16:07 - 2010-03-17 23:02 - 00000000 ____D () C:\Users\Lasse\Downloads\Sleep Party People
2014-02-24 16:06 - 2014-02-24 16:07 - 88968102 _____ () C:\Users\Lasse\Downloads\Sleep Party People.rar
2014-02-23 18:51 - 2014-02-23 18:51 - 00000000 ____D () C:\Users\Lasse\Desktop\Arduino Stater Kit Tutorals 100-104
2014-02-21 15:46 - 2014-02-21 15:55 - 31685816 _____ () C:\Users\Lasse\Downloads\Skybound Stylizer 5.1.12.326   Portable.zip
2014-02-21 15:44 - 2014-02-21 15:45 - 90578216 _____ (AVAST Software) C:\Users\Lasse\Desktop\avast_free_antivirus_setup.exe
2014-02-21 00:53 - 2014-02-21 01:42 - 151920761 _____ () C:\Users\Lasse\Downloads\Vacation.rar
2014-02-20 21:14 - 2014-02-20 21:49 - 106235540 _____ () C:\Users\Lasse\Downloads\Message_to_Bears_-_Maps_(2013)-NaR.rar
2014-02-20 12:07 - 2014-02-20 12:07 - 03987342 _____ () C:\Users\Lasse\Downloads\Mir ham se als jeheilt entlassen(360p_H.264-AAC).mp4
2014-02-20 11:01 - 2014-02-20 11:02 - 00000000 ____D () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals
2014-02-19 00:17 - 2014-02-19 01:18 - 186073933 _____ () C:\Users\Lasse\Downloads\f8psz.Message.to.Bears..Maps.2013.Lossless.rar
2014-02-18 21:17 - 2014-02-18 21:21 - 264915882 _____ () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals.zip
2014-02-18 18:37 - 2011-07-23 09:15 - 00000000 ____D () C:\Users\Lasse\Downloads\Ryoma_Takemasa--Deepn_(Gonno_Remix)-(USDC-0007)-WEB-2011-dh
2014-02-18 17:47 - 2014-02-18 17:47 - 00000000 ____D () C:\Users\Lasse\.thumbnails
2014-02-17 20:32 - 2014-02-21 00:50 - 00000000 ____D () C:\Users\Lasse\Desktop\Evolution of Face
2014-02-17 19:14 - 2014-02-17 19:14 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-02-15 23:46 - 2014-02-15 23:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 21:09 - 2014-02-05 11:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 21:09 - 2014-02-05 11:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 21:09 - 2014-02-05 11:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 21:09 - 2014-02-05 10:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 21:09 - 2014-02-05 10:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 21:09 - 2014-02-05 10:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 21:09 - 2014-02-05 10:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 21:09 - 2014-02-05 10:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 21:09 - 2014-02-05 10:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 21:09 - 2014-02-05 10:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 21:09 - 2014-02-05 10:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 21:09 - 2014-02-05 10:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 21:09 - 2014-02-05 10:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 21:09 - 2014-02-05 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 21:09 - 2014-02-05 10:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 21:09 - 2014-02-05 10:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 21:09 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 21:09 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 21:09 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 21:09 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 21:09 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 21:09 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 21:09 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-13 21:09 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 21:09 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-13 21:09 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 21:09 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 21:09 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 21:09 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 21:09 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 21:09 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-13 21:09 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 21:00 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-13 21:00 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-02-13 21:00 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-02-13 21:00 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-13 21:00 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-02-13 21:00 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-02-13 21:00 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-02-13 21:00 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-02-13 21:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-02-13 21:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-02-13 21:00 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-02-13 21:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-02-13 21:00 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-02-13 21:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-02-13 21:00 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-02-13 21:00 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-02-13 21:00 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-02-13 21:00 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-02-13 21:00 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-02-13 21:00 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-13 21:00 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-02-13 21:00 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-13 21:00 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-02-13 21:00 - 2011-03-11 07:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-02-13 21:00 - 2011-03-11 07:41 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-02-13 21:00 - 2011-03-11 07:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-02-13 21:00 - 2011-03-11 07:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-02-13 21:00 - 2011-03-11 07:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-02-13 21:00 - 2011-03-11 07:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-02-13 21:00 - 2011-03-11 07:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-02-13 21:00 - 2011-03-11 07:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-02-13 21:00 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-02-13 21:00 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-02-13 21:00 - 2011-03-11 05:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-02-13 20:57 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-13 20:57 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-13 20:57 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-13 20:56 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-13 20:56 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-13 20:56 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-02-13 20:56 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-02-13 20:56 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-02-13 20:56 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-02-13 20:56 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-02-13 20:56 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-02-13 20:56 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-02-13 20:56 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-13 20:56 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-13 20:56 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-02-13 20:56 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-02-13 20:56 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-02-13 20:56 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-02-13 20:56 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-02-13 20:56 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-13 20:56 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-02-13 20:56 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-02-13 20:56 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-02-13 20:56 - 2012-07-06 21:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-02-13 20:56 - 2011-04-28 04:54 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS

==================== One Month Modified Files and Folders =======

2014-03-14 23:17 - 2014-03-14 23:17 - 00000000 ____D () C:\FRST
2014-03-14 23:17 - 2014-03-14 23:08 - 00000000 ____D () C:\Users\Lasse\Desktop\Virus
2014-03-14 23:17 - 2013-08-29 17:57 - 00000000 ___RD () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-14 23:16 - 2014-03-14 23:16 - 00000168 _____ () C:\Users\Lasse\defogger_reenable
2014-03-14 23:16 - 2013-08-29 17:57 - 00000000 ____D () C:\Users\Lasse
2014-03-14 22:52 - 2014-03-14 22:52 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-14 22:52 - 2013-12-06 00:26 - 00000000 ____D () C:\Users\Lasse\.gimp-2.8
2014-03-14 22:52 - 2013-09-02 11:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-14 22:51 - 2014-03-14 22:51 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-14 22:51 - 2013-09-02 11:35 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-14 22:51 - 2011-04-12 08:43 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 22:51 - 2011-04-12 08:43 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 22:51 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 22:50 - 2014-03-14 22:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-14 22:49 - 2013-09-02 11:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-14 22:43 - 2013-08-29 17:48 - 01362314 _____ () C:\Windows\WindowsUpdate.log
2014-03-14 22:42 - 2014-03-14 22:42 - 00000000 ____D () C:\Users\Lasse\Desktop\Modernist Cuisine
2014-03-14 22:42 - 2009-07-14 05:51 - 00085030 _____ () C:\Windows\setupact.log
2014-03-14 21:07 - 2014-03-14 21:07 - 00004638 _____ () C:\Users\Lasse\AppData\Local\recently-used.xbel
2014-03-14 21:07 - 2013-12-06 00:52 - 00000000 ____D () C:\Users\Lasse\AppData\Local\gtk-2.0
2014-03-14 20:57 - 2014-01-21 23:46 - 00000000 ____D () C:\Users\Lasse\Documents\MATLAB
2014-03-14 16:52 - 2013-09-02 14:00 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\MediaMonkey
2014-03-14 13:57 - 2014-03-14 13:57 - 00000000 ____D () C:\Lasse
2014-03-14 13:09 - 2013-10-20 15:02 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2014-03-13 20:09 - 2013-09-04 22:49 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Dropbox
2014-03-09 15:09 - 2014-03-09 14:40 - 2163979941 _____ () C:\Users\Lasse\Desktop\Maiks Indien.zip
2014-03-06 15:31 - 2013-09-02 12:03 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\vlc
2014-03-06 12:08 - 2009-07-14 05:45 - 00025696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 12:08 - 2009-07-14 05:45 - 00025696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 12:01 - 2013-09-04 22:55 - 00000000 ___RD () C:\Users\Lasse\Dropbox
2014-03-06 11:59 - 2013-09-02 00:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-06 11:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 21:34 - 2014-02-28 15:54 - 00000000 ____D () C:\Users\Lasse\Desktop\Musik
2014-02-24 16:07 - 2014-02-24 16:06 - 88968102 _____ () C:\Users\Lasse\Downloads\Sleep Party People.rar
2014-02-23 18:51 - 2014-02-23 18:51 - 00000000 ____D () C:\Users\Lasse\Desktop\Arduino Stater Kit Tutorals 100-104
2014-02-21 15:55 - 2014-02-21 15:46 - 31685816 _____ () C:\Users\Lasse\Downloads\Skybound Stylizer 5.1.12.326   Portable.zip
2014-02-21 15:45 - 2014-02-21 15:44 - 90578216 _____ (AVAST Software) C:\Users\Lasse\Desktop\avast_free_antivirus_setup.exe
2014-02-21 01:42 - 2014-02-21 00:53 - 151920761 _____ () C:\Users\Lasse\Downloads\Vacation.rar
2014-02-21 00:50 - 2014-02-17 20:32 - 00000000 ____D () C:\Users\Lasse\Desktop\Evolution of Face
2014-02-20 21:49 - 2014-02-20 21:14 - 106235540 _____ () C:\Users\Lasse\Downloads\Message_to_Bears_-_Maps_(2013)-NaR.rar
2014-02-20 12:07 - 2014-02-20 12:07 - 03987342 _____ () C:\Users\Lasse\Downloads\Mir ham se als jeheilt entlassen(360p_H.264-AAC).mp4
2014-02-20 11:02 - 2014-02-20 11:01 - 00000000 ____D () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals
2014-02-19 01:18 - 2014-02-19 00:17 - 186073933 _____ () C:\Users\Lasse\Downloads\f8psz.Message.to.Bears..Maps.2013.Lossless.rar
2014-02-18 21:21 - 2014-02-18 21:17 - 264915882 _____ () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals.zip
2014-02-18 17:47 - 2014-02-18 17:47 - 00000000 ____D () C:\Users\Lasse\.thumbnails
2014-02-17 19:14 - 2014-02-17 19:14 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-02-17 19:14 - 2013-12-08 21:22 - 00018365 _____ () C:\QcOSD.txt
2014-02-15 23:46 - 2014-02-15 23:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 00:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 22:15 - 2013-08-29 17:57 - 00000000 ___RD () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-13 22:14 - 2009-07-14 05:45 - 00305520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 21:03 - 2013-09-19 00:32 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

Files to move or delete:
====================
C:\Users\Lasse\AppData\Local\Temp\Facebook.vbs


Some content of TEMP:
====================
C:\Users\Lasse\AppData\Local\Temp\adffmpeg1.1.4.dll
C:\Users\Lasse\AppData\Local\Temp\vlc-2.1.2-win64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 01:11

==================== End Of Log ============================
FSRT Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Lasse at 2014-03-14 23:18:15
Running from C:\Users\Lasse\Desktop\Virus
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.70.00 - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5 - Arduino LLC)
ATI Catalyst Install Manager (HKLM\...\{9B0EAC89-4331-A96E-C7D3-754192589BEE}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.792.5.2-120504a-138564C-Lenovo - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Brother MFL-Pro Suite MFC-255CW (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2012.0504.2334.40448 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0504.2334.40448 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0504.2334.40448 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Dutch (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help English (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help French (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help German (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Italian (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Japanese (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Korean (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Spanish (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Swedish (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
ccc-core-static (x32 Version: 2012.0504.2334.40448 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2012.0504.2334.40448 - ATI) Hidden
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
FreeFileSync 6.0 (HKLM-x32\...\FreeFileSync) (Version: 6.0 - Zenju)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Live 8.0.1 (HKLM-x32\...\Live 8.0.1) (Version:  - )
MATLAB R2012b (HKLM\...\Matlab R2012b) (Version: 8.0 - The MathWorks, Inc.)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
MediaMonkey Remote Server version 1.7.460A (HKLM-x32\...\{DFE645FA-57F3-4EE8-8DD4-7521660D9C30}_is1) (Version: 1.7.460A - Erlend Dahl)
Mendeley Desktop 1.9.2 (HKLM-x32\...\Mendeley Desktop) (Version: 1.9.2 - Mendeley Ltd.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.5.6.1344 - Native Instruments)
Native Instruments Controller Editor (Version: 1.5.6.1344 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.3.1177 - Native Instruments)
Native Instruments Service Center (Version: 2.4.3.1177 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.3.144 - Native Instruments)
Native Instruments Traktor 2 (Version: 2.6.3.144 - Native Instruments) Hidden
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 Driver (Version: 3.0.3.696 - Native Instruments) Hidden
Native Instruments Traktor Kontrol X1 (HKLM-x32\...\Native Instruments Traktor Kontrol X1) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 (Version: 3.0.1.648 - Native Instruments) Hidden
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (Version: 3.1.1.780 - Native Instruments) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
OpenVPN 2.3.2-I001  (HKLM\...\OpenVPN) (Version: 2.3.2-I001 - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
SDK Debuggers (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Softonic toolbar  on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.21.14 - Softonic) <==== ATTENTION
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.9 - )
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.11 - Lenovo)
TPFanControl v0.62 (HKLM\...\{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1) (Version:  - troubadix)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Software Development Kit (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit EULA (x32 Version: 8.100.25984 - Microsoft Corporations) Hidden
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{2fc72c67-2837-46c2-b20a-9acb0d3cb2b2}) (Version: 8.100.25984 - Microsoft Corporation)
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit Redistributables (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
WPT Redistributables (x32 Version: 8.100.25984 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.25984 - Microsoft) Hidden

==================== Restore Points  =========================

21-02-2014 12:54:46 Geplanter Prüfpunkt
06-03-2014 11:50:12 Geplanter Prüfpunkt
14-03-2014 21:50:03 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3C486446-8E05-4417-B6CB-45C82BACE135} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-14] (AVAST Software)
Task: {AAF16CD3-9A70-4692-A9DF-C90CA0BDE289} - System32\Tasks\MATLAB R2012b Startup Accelerator => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-07-20] ()
Task: C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) =============

2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-01-24 12:28 - 2011-01-24 12:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-05-04 22:33 - 2012-05-04 22:33 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-06-03 12:57 - 2013-06-03 12:57 - 00409312 _____ () C:\Program Files\OpenVPN\bin\openvpn-gui.exe
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Lasse\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-15 23:46 - 2014-02-15 23:46 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00054376 _____ () C:\Program Files (x86)\MediaMonkey\MMHelper.dll
2013-09-02 14:00 - 2012-11-08 23:38 - 00581632 _____ () C:\Program Files (x86)\MediaMonkey\sqlite3MM.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00391272 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_aac.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00326760 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_ape.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00306280 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_AVI.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00154216 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_flac.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00185448 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_flac_codec.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00260200 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_FLV.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00348776 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_mkv.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00384104 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_MP4.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00327272 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_mpc.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00265320 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_MPG.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00246888 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_ogg.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00139368 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_video.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00333928 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_wave.dll
2013-09-02 14:00 - 2012-11-08 23:38 - 00367616 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_WMV.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00061032 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_mfaudio.dll
2013-09-02 14:00 - 2011-12-23 18:04 - 00077824 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_mpc.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00164968 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_vorbis.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00081512 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_wav.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00222312 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_wma.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00103528 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_wmp3.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00347752 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\out_MMDS.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00378472 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\out_WASAPI.dll
2013-09-02 14:00 - 2011-12-23 18:04 - 00013824 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\out_wave.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00103528 _____ () C:\Program Files (x86)\MediaMonkey\Equalize.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 01036904 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_iPhone.dll
2013-09-02 14:00 - 2012-11-08 23:38 - 01232896 _____ () C:\Program Files (x86)\MediaMonkey\iPhoneCalc.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00898152 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_iPod.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00399464 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_iRiverH.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00300136 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_USBMass1.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00409704 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_WMDM.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00132200 _____ () C:\Program Files (x86)\MediaMonkey\WMAuth.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00136296 _____ () C:\Program Files (x86)\MediaMonkey\hpCDBurn.dll
2013-10-16 16:54 - 2013-10-16 16:54 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
2014-03-14 22:51 - 2014-01-21 23:40 - 02156032 _____ () C:\Program Files\AVAST Software\Avast\defs\14012101\algo.dll
2014-03-14 22:56 - 2014-03-14 19:36 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031401\algo.dll
2014-03-14 22:51 - 2014-03-14 22:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: Media Monkey Remote Server => "C:\Program Files (x86)\MediaMonkey Remote Server\MediaMonkey Remote Server.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: uTorrent => "C:\PORTABLES\uTorrentPortable\App\uTorrent\uTorrent.exe"  /MINIMIZED

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2014 10:50:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary fehuppwj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/14/2014 08:56:26 PM) (Source: Application Hang) (User: )
Description: Programm MATLAB.exe, Version 8.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2070

Startzeit: 01cf3fbef07e1414

Endzeit: 8

Anwendungspfad: C:\Program Files\MATLAB\R2012b\bin\win64\MATLAB.exe

Berichts-ID: b75c51e1-abb2-11e3-a2b9-00234dfa26bc

Error: (03/14/2014 02:16:29 PM) (Source: Application Hang) (User: )
Description: Programm MATLAB.exe, Version 8.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2220

Startzeit: 01cf3f8236aaf8c9

Endzeit: 34

Anwendungspfad: C:\Program Files\MATLAB\R2012b\bin\win64\MATLAB.exe

Berichts-ID:

Error: (03/14/2014 00:23:20 AM) (Source: Application Hang) (User: )
Description: Programm age2_x1.Exe, Version 0.7.22.627 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1258

Startzeit: 01cf3ef560bc8bab

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe

Berichts-ID:

Error: (03/09/2014 00:24:25 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 27.0.1.5156 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4f8

Startzeit: 01cf394cd9051fdc

Endzeit: 90

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: c5f205bc-a718-11e3-a2b9-00234dfa26bc

Error: (03/06/2014 00:00:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 04:22:42 PM) (Source: Application Hang) (User: )
Description: Programm MediaMonkey.exe, Version 4.0.7.1510 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10a0

Startzeit: 01cf29bcb6c5df8a

Endzeit: 714

Anwendungspfad: C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe

Berichts-ID: cf7e6b1e-9ef9-11e3-91ea-001c2599ae9e

Error: (02/25/2014 08:35:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WScript.exe, Version: 5.8.7601.18283, Zeitstempel: 0x5258a6e6
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x2ae8
Startzeit der fehlerhaften Anwendung: 0xWScript.exe0
Pfad der fehlerhaften Anwendung: WScript.exe1
Pfad des fehlerhaften Moduls: WScript.exe2
Berichtskennung: WScript.exe3

Error: (02/22/2014 07:12:35 PM) (Source: Application Hang) (User: )
Description: Programm vlc.exe, Version 2.1.2.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b0c

Startzeit: 01cf2ff99de65a5e

Endzeit: 15

Anwendungspfad: C:\Program Files\VideoLAN\VLC\vlc.exe

Berichts-ID: e568cd06-9bec-11e3-91ea-001c2599ae9e

Error: (02/18/2014 08:12:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gimp-2.8.exe, Version: 2.8.10.0, Zeitstempel: 0x529a15f8
Name des fehlerhaften Moduls: libglib-2.0-0.dll, Version: 2.38.0.0, Zeitstempel: 0x52990f4e
Ausnahmecode: 0x40000015
Fehleroffset: 0x00000000000372cf
ID des fehlerhaften Prozesses: 0x1a6c
Startzeit der fehlerhaften Anwendung: 0xgimp-2.8.exe0
Pfad der fehlerhaften Anwendung: gimp-2.8.exe1
Pfad des fehlerhaften Moduls: gimp-2.8.exe2
Berichtskennung: gimp-2.8.exe3


System errors:
=============
Error: (03/09/2014 06:06:52 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (03/09/2014 06:06:46 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (03/09/2014 06:06:40 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (03/09/2014 06:06:34 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (03/09/2014 06:06:28 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (03/09/2014 06:06:22 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (03/09/2014 06:06:16 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (03/09/2014 06:06:10 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (03/09/2014 06:06:04 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (03/09/2014 06:05:58 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.


Microsoft Office Sessions:
=========================
Error: (03/14/2014 10:50:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary fehuppwj.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/14/2014 08:56:26 PM) (Source: Application Hang)(User: )
Description: MATLAB.exe8.0.0.0207001cf3fbef07e14148C:\Program Files\MATLAB\R2012b\bin\win64\MATLAB.exeb75c51e1-abb2-11e3-a2b9-00234dfa26bc

Error: (03/14/2014 02:16:29 PM) (Source: Application Hang)(User: )
Description: MATLAB.exe8.0.0.0222001cf3f8236aaf8c934C:\Program Files\MATLAB\R2012b\bin\win64\MATLAB.exe

Error: (03/14/2014 00:23:20 AM) (Source: Application Hang)(User: )
Description: age2_x1.Exe0.7.22.627125801cf3ef560bc8bab15C:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe

Error: (03/09/2014 00:24:25 AM) (Source: Application Hang)(User: )
Description: firefox.exe27.0.1.51564f801cf394cd9051fdc90C:\Program Files (x86)\Mozilla Firefox\firefox.exec5f205bc-a718-11e3-a2b9-00234dfa26bc

Error: (03/06/2014 00:00:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 04:22:42 PM) (Source: Application Hang)(User: )
Description: MediaMonkey.exe4.0.7.151010a001cf29bcb6c5df8a714C:\Program Files (x86)\MediaMonkey\MediaMonkey.execf7e6b1e-9ef9-11e3-91ea-001c2599ae9e

Error: (02/25/2014 08:35:52 PM) (Source: Application Error)(User: )
Description: WScript.exe5.8.7601.182835258a6e6ntdll.dll6.1.7601.18247521eaf24c000037400000000000c41022ae801cf32602c4d4422C:\Windows\System32\WScript.exeC:\Windows\SYSTEM32\ntdll.dll08c91e65-9e54-11e3-91ea-001c2599ae9e

Error: (02/22/2014 07:12:35 PM) (Source: Application Hang)(User: )
Description: vlc.exe2.1.2.01b0c01cf2ff99de65a5e15C:\Program Files\VideoLAN\VLC\vlc.exee568cd06-9bec-11e3-91ea-001c2599ae9e

Error: (02/18/2014 08:12:34 PM) (Source: Application Error)(User: )
Description: gimp-2.8.exe2.8.10.0529a15f8libglib-2.0-0.dll2.38.0.052990f4e4000001500000000000372cf1a6c01cf2caf152da1dcC:\Program Files\GIMP 2\bin\gimp-2.8.exeC:\Program Files\GIMP 2\bin\libglib-2.0-0.dll9e702b29-98d0-11e3-91ea-001c2599ae9e


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 3992.03 MB
Available physical RAM: 1764.97 MB
Total Pagefile: 7982.23 MB
Available Pagefile: 4628.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:72.85 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:155.65 GB) NTFS
Drive f: (AGE2_X1) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 77CA8C87)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9E5AA1AD)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

GMER Quick Scan:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-14 23:43:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160411AS rev.LV13 149,05GB
Running: 3-GMER.exe; Driver: C:\Users\Lasse\AppData\Local\Temp\uwldiaog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                             fffff80002fae000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592                                                                                                                             fffff80002fae040 13 bytes [01, 90, 12, 19, A0, F8, FF, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\taskmgr.exe[7136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                    0000000076edeecd 1 byte [62]
.text     C:\Program Files\AVAST Software\Avast\avastUi.exe[2408] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                  000000007529a30a 1 byte [62]
.text     C:\Users\Lasse\Desktop\Virus\3-GMER.exe[7536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                            000000007529a30a 1 byte [62]

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\AUDIODG.EXE [3464:9740]                                                                                                                                                    00000000686388e4
Thread    C:\Windows\system32\AUDIODG.EXE [3464:9572]                                                                                                                                                    0000000068625608
---- Processes - GMER 2.1 ----

Library   C:\Users\Lasse\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe [3504](2014-01-03 00:45:04)                          0000000003f10000
Library   C:\Users\Lasse\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe [3504](2013-10-18 23:55:02)                                000000006ee20000
Library   C:\Users\Lasse\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe [3504] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)  000000006e490000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234dfa26bc                                                                                                                    
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234dfa26bc@109addcc9400                                                                                                       0x16 0xBE 0xD3 0x0B ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234dfa26bc (not active ControlSet)                                                                                                
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234dfa26bc@109addcc9400                                                                                                           0x16 0xBE 0xD3 0x0B ...

---- EOF - GMER 2.1 ----

 

Themen zu facebook.vbs und USB-Verknüpfungen
antivirus, bluestacks, branding, browser, desktop, fehler, festplatte, firefox, flash player, google, iexplore.exe, lnk/agent.ak, logfile, nsis/startpage.cc, object, programm, pup.optional.opencandy, scan, software, svchost.exe, system, tracker, win32/kryptik.bwam, win32/mabezat.a


« TrojanDownloader:Win32/Adload.DA richtig entfernen | Windows 7: Verdacht auf Trojaner (Probleme über Probleme) »


Ähnliche Themen: facebook.vbs und USB-Verknüpfungen


  1. Desktop-Verknüpfungen verschwinden
    Alles rund um Windows - 07.07.2015 (23)
  2. USB-Stick nur noch mit Verknüpfungen
    Log-Analyse und Auswertung - 01.05.2015 (13)
  3. WIN 7: USB Stick beinhaltet nur Verknüpfungen!
    Plagegeister aller Art und deren Bekämpfung - 22.04.2015 (18)
  4. Windows 8.1: Nur Verknüpfungen auf USB-Stick
    Log-Analyse und Auswertung - 19.04.2015 (34)
  5. Trojaner aus dem CopyShop (Verknüpfungen)
    Plagegeister aller Art und deren Bekämpfung - 17.01.2015 (5)
  6. Verknüpfungen statt Ordner
    Plagegeister aller Art und deren Bekämpfung - 12.08.2014 (45)
  7. USB Stick: Verknüpfungen Windows 8.0
    Plagegeister aller Art und deren Bekämpfung - 24.01.2014 (13)
  8. Nur noch Verknüpfungen auf USB-STick
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (33)
  9. Nur Verknüpfungen auf USB-Sticks
    Log-Analyse und Auswertung - 26.10.2013 (27)
  10. USB Stick zeigt nur Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 29.04.2013 (20)
  11. USB nur noch Verknüpfungen
    Log-Analyse und Auswertung - 11.10.2012 (1)
  12. nur Verknüpfungen auf SD Karte
    Log-Analyse und Auswertung - 24.11.2011 (2)
  13. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  14. Facebook-Trojaner (?) als JPEG getarnt - Verknüpfungen statt Ordnerinhalt
    Log-Analyse und Auswertung - 20.11.2011 (13)
  15. Nur noch Verknüpfungen auf Wechseldatenträger
    Log-Analyse und Auswertung - 09.09.2011 (50)
  16. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  17. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema facebook.vbs und USB-Verknüpfungen - Hallo, erstmal: großartig, dass es euch gibt, meine Panik nimmt ein wenig ab. Ich arbeite z.Zt. an einem Projekt für meine Doktorarbeit und hab den ganzen Tag in Matlab rumgecodet. - facebook.vbs und USB-Verknüpfungen...
Archiv
Du betrachtest: facebook.vbs und USB-Verknüpfungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27