| |
| |||||||
Log-Analyse und Auswertung: facebook.vbs und USB-VerknüpfungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.03.2014, 00:06
| #1 |
| |  facebook.vbs und USB-Verknüpfungen Hallo, erstmal: großartig, dass es euch gibt, meine Panik nimmt ein wenig ab. Ich arbeite z.Zt. an einem Projekt für meine Doktorarbeit und hab den ganzen Tag in Matlab rumgecodet. Jetzt wollte ich einem Freund einen USB Stick mitgeben, und auf dem USB Stick waren auf einmal nur Verknüpfungen (und vermutlich versteckte Dateien). Einem zweiten USB Stick ereilte das gleiche Schicksal. Ich habe dann sofort die VPN-Verbindung mit meiner Uni gekappt (was kann da passiert sein? wem sollte ich was melden?) und avast neuinstalliert - ich hatte das für eine kleine Winterabschluss-Age-of-Empires-2-Session gestern abend ausgemacht, sowas blödes. Der Scan hat was gefunden, gleichzeitig habe ich bei der Onlinereschersche euch gefunden und erstmal alles von avast geschlossen und eure Vorgehensweise befolgt, hier die Logs: Hallo, erstmal: großartig, dass es euch gibt, meine Panik nimmt ein wenig ab. Ich arbeite z.Zt. an einem Projekt für meine Doktorarbeit und hab den ganzen Tag in Matlab rumgecodet. Jetzt wollte ich einem Freund einen USB Stick mitgeben, und auf dem USB Stick waren auf einmal nur Verknüpfungen (und vermutlich versteckte Dateien). Einem zweiten USB Stick ereilte das gleiche Schicksal. Ich habe dann sofort die VPN-Verbindung mit meiner Uni gekappt (was kann da passiert sein? wem sollte ich was melden?) und avast neuinstalliert - ich hatte das für eine kleine Winterabschluss-Age-of-Empires-2-Session gestern abend ausgemacht, sowas blödes. Der Scan hat was gefunden, gleichzeitig habe ich bei der Onlinereschersche euch gefunden und erstmal alles von avast geschlossen und eure Vorgehensweise befolgt, hier die Logs: (bei avast wusste ich nicht welches Logfile intersannt ist) Vielen Dank schonmal im Voraus! FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Lasse (administrator) on BLACKBLOCK on 14-03-2014 23:17:31
Running from C:\Users\Lasse\Desktop\Virus
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\shtctky.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\System32\WScript.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Dropbox, Inc.) C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Ventis Media Inc.) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUi.exe
(Farbar) C:\Users\Lasse\Desktop\Virus\2-FRST64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-05-29] (Synaptics Incorporated)
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] ()
HKLM\...\Run: [TPFanControl] - C:\Program Files\TPFanControl\TPFanControl.exe [154112 2013-03-20] (troubadix)
HKLM\...\Run: [Facebook.vbs] - C:\Users\Lasse\AppData\Local\Temp\Facebook.vbs [6796 2013-02-23] () <===== ATTENTION
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-14] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1034707596-2023432411-3572616019-1000\...\Run: [Facebook.vbs] - C:\Users\Lasse\AppData\Local\Temp\Facebook.vbs [6796 2013-02-23] () <===== ATTENTION
HKU\S-1-5-21-1034707596-2023432411-3572616019-1000\...\MountPoints2: {28bf4651-757d-11e3-9456-00234dfa26bc} - F:\aocsetup.exe /autorun
Startup: C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
Startup: C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
ShortcutTarget: FlashPlayerPlug.lnk -> C:\Users\Lasse\AppData\Local\Temp\FlashPlayerMsj.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=e66fde5700000000000000ff8910d9d6
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {C3A74DD2-1D88-4A57-A2E0-2309F6FBB42F} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=e66fde5700000000000000ff8910d9d6&r=786
SearchScopes: HKCU - {C3A74DD2-1D88-4A57-A2E0-2309F6FBB42F} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=e66fde5700000000000000ff8910d9d6&r=786
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default
FF user.js: detected! => C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\user.js
FF Homepage: hxxp://stressfaktor.squat.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChangeViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\foxyproxy@eric.h.jung [2014-02-05]
FF Extension: Ghostery - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\firefox@ghostery.com.xpi [2013-09-18]
FF Extension: Clearly - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\readable@evernote.com.xpi [2014-02-13]
FF Extension: Adblock Plus - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-14]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Lasse\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-12-05]
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonic.crx [2013-06-11]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-14] (AVAST Software)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-06-03] (The OpenVPN Project)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
S3 a8djavs; C:\Windows\System32\Drivers\a8djavs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 a8djusb_svc; C:\Windows\System32\Drivers\a8djusb.sys [100712 2012-12-18] (Native Instruments GmbH)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-14] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-14] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-14] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-14] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-04] (Disc Soft Ltd)
S3 kz1avs; C:\Windows\System32\Drivers\kz1avs.sys [359120 2013-05-17] (Native Instruments GmbH)
S3 kz1usb_svc; C:\Windows\System32\Drivers\kz1usb.sys [83152 2013-05-17] (Native Instruments GmbH)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)
S3 ta2avs; C:\Windows\System32\Drivers\ta2avs.sys [358480 2012-02-22] (Native Instruments GmbH)
S3 ta2usb_svc; C:\Windows\System32\Drivers\ta2usb.sys [79952 2012-02-22] (Native Instruments GmbH)
S3 NETw5s64; system32\DRIVERS\NETw5s64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-14 23:17 - 2014-03-14 23:17 - 00000000 ____D () C:\FRST
2014-03-14 23:16 - 2014-03-14 23:16 - 00000168 _____ () C:\Users\Lasse\defogger_reenable
2014-03-14 23:08 - 2014-03-14 23:17 - 00000000 ____D () C:\Users\Lasse\Desktop\Virus
2014-03-14 22:52 - 2014-03-14 22:52 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-14 22:51 - 2014-03-14 22:51 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-14 22:50 - 2014-03-14 22:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-14 22:42 - 2014-03-14 22:42 - 00000000 ____D () C:\Users\Lasse\Desktop\Modernist Cuisine
2014-03-14 21:07 - 2014-03-14 21:07 - 00004638 _____ () C:\Users\Lasse\AppData\Local\recently-used.xbel
2014-03-14 13:57 - 2014-03-14 13:57 - 00000000 ____D () C:\Lasse
2014-03-09 14:40 - 2014-03-09 15:09 - 2163979941 _____ () C:\Users\Lasse\Desktop\Maiks Indien.zip
2014-02-28 15:54 - 2014-02-28 21:34 - 00000000 ____D () C:\Users\Lasse\Desktop\Musik
2014-02-24 16:07 - 2010-03-17 23:02 - 00000000 ____D () C:\Users\Lasse\Downloads\Sleep Party People
2014-02-24 16:06 - 2014-02-24 16:07 - 88968102 _____ () C:\Users\Lasse\Downloads\Sleep Party People.rar
2014-02-23 18:51 - 2014-02-23 18:51 - 00000000 ____D () C:\Users\Lasse\Desktop\Arduino Stater Kit Tutorals 100-104
2014-02-21 15:46 - 2014-02-21 15:55 - 31685816 _____ () C:\Users\Lasse\Downloads\Skybound Stylizer 5.1.12.326 Portable.zip
2014-02-21 15:44 - 2014-02-21 15:45 - 90578216 _____ (AVAST Software) C:\Users\Lasse\Desktop\avast_free_antivirus_setup.exe
2014-02-21 00:53 - 2014-02-21 01:42 - 151920761 _____ () C:\Users\Lasse\Downloads\Vacation.rar
2014-02-20 21:14 - 2014-02-20 21:49 - 106235540 _____ () C:\Users\Lasse\Downloads\Message_to_Bears_-_Maps_(2013)-NaR.rar
2014-02-20 12:07 - 2014-02-20 12:07 - 03987342 _____ () C:\Users\Lasse\Downloads\Mir ham se als jeheilt entlassen(360p_H.264-AAC).mp4
2014-02-20 11:01 - 2014-02-20 11:02 - 00000000 ____D () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals
2014-02-19 00:17 - 2014-02-19 01:18 - 186073933 _____ () C:\Users\Lasse\Downloads\f8psz.Message.to.Bears..Maps.2013.Lossless.rar
2014-02-18 21:17 - 2014-02-18 21:21 - 264915882 _____ () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals.zip
2014-02-18 18:37 - 2011-07-23 09:15 - 00000000 ____D () C:\Users\Lasse\Downloads\Ryoma_Takemasa--Deepn_(Gonno_Remix)-(USDC-0007)-WEB-2011-dh
2014-02-18 17:47 - 2014-02-18 17:47 - 00000000 ____D () C:\Users\Lasse\.thumbnails
2014-02-17 20:32 - 2014-02-21 00:50 - 00000000 ____D () C:\Users\Lasse\Desktop\Evolution of Face
2014-02-17 19:14 - 2014-02-17 19:14 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-02-15 23:46 - 2014-02-15 23:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 21:09 - 2014-02-05 11:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 21:09 - 2014-02-05 11:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 21:09 - 2014-02-05 11:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 21:09 - 2014-02-05 10:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 21:09 - 2014-02-05 10:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 21:09 - 2014-02-05 10:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 21:09 - 2014-02-05 10:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 21:09 - 2014-02-05 10:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 21:09 - 2014-02-05 10:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 21:09 - 2014-02-05 10:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 21:09 - 2014-02-05 10:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 21:09 - 2014-02-05 10:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 21:09 - 2014-02-05 10:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 21:09 - 2014-02-05 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 21:09 - 2014-02-05 10:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 21:09 - 2014-02-05 10:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 21:09 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 21:09 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 21:09 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 21:09 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 21:09 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 21:09 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 21:09 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-13 21:09 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 21:09 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-13 21:09 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 21:09 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 21:09 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 21:09 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 21:09 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 21:09 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-13 21:09 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 21:00 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-13 21:00 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-02-13 21:00 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-02-13 21:00 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-13 21:00 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-02-13 21:00 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-02-13 21:00 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-02-13 21:00 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-02-13 21:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-02-13 21:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-02-13 21:00 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-02-13 21:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-02-13 21:00 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-02-13 21:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-02-13 21:00 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-02-13 21:00 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-02-13 21:00 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-02-13 21:00 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-02-13 21:00 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-02-13 21:00 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-13 21:00 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-02-13 21:00 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-13 21:00 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-02-13 21:00 - 2011-03-11 07:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-02-13 21:00 - 2011-03-11 07:41 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-02-13 21:00 - 2011-03-11 07:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-02-13 21:00 - 2011-03-11 07:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-02-13 21:00 - 2011-03-11 07:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-02-13 21:00 - 2011-03-11 07:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-02-13 21:00 - 2011-03-11 07:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-02-13 21:00 - 2011-03-11 07:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-02-13 21:00 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-02-13 21:00 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-02-13 21:00 - 2011-03-11 05:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-02-13 20:57 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-13 20:57 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-13 20:57 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-13 20:56 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-13 20:56 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-13 20:56 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-02-13 20:56 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-02-13 20:56 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-02-13 20:56 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-02-13 20:56 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-02-13 20:56 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-02-13 20:56 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-02-13 20:56 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-13 20:56 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-13 20:56 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-02-13 20:56 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-02-13 20:56 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-02-13 20:56 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-02-13 20:56 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-02-13 20:56 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-13 20:56 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-02-13 20:56 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-02-13 20:56 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-02-13 20:56 - 2012-07-06 21:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-02-13 20:56 - 2011-04-28 04:54 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
==================== One Month Modified Files and Folders =======
2014-03-14 23:17 - 2014-03-14 23:17 - 00000000 ____D () C:\FRST
2014-03-14 23:17 - 2014-03-14 23:08 - 00000000 ____D () C:\Users\Lasse\Desktop\Virus
2014-03-14 23:17 - 2013-08-29 17:57 - 00000000 ___RD () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-14 23:16 - 2014-03-14 23:16 - 00000168 _____ () C:\Users\Lasse\defogger_reenable
2014-03-14 23:16 - 2013-08-29 17:57 - 00000000 ____D () C:\Users\Lasse
2014-03-14 22:52 - 2014-03-14 22:52 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-14 22:52 - 2013-12-06 00:26 - 00000000 ____D () C:\Users\Lasse\.gimp-2.8
2014-03-14 22:52 - 2013-09-02 11:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-14 22:51 - 2014-03-14 22:51 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-14 22:51 - 2013-09-02 11:35 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-14 22:51 - 2011-04-12 08:43 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 22:51 - 2011-04-12 08:43 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 22:51 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 22:50 - 2014-03-14 22:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-14 22:49 - 2013-09-02 11:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-14 22:43 - 2013-08-29 17:48 - 01362314 _____ () C:\Windows\WindowsUpdate.log
2014-03-14 22:42 - 2014-03-14 22:42 - 00000000 ____D () C:\Users\Lasse\Desktop\Modernist Cuisine
2014-03-14 22:42 - 2009-07-14 05:51 - 00085030 _____ () C:\Windows\setupact.log
2014-03-14 21:07 - 2014-03-14 21:07 - 00004638 _____ () C:\Users\Lasse\AppData\Local\recently-used.xbel
2014-03-14 21:07 - 2013-12-06 00:52 - 00000000 ____D () C:\Users\Lasse\AppData\Local\gtk-2.0
2014-03-14 20:57 - 2014-01-21 23:46 - 00000000 ____D () C:\Users\Lasse\Documents\MATLAB
2014-03-14 16:52 - 2013-09-02 14:00 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\MediaMonkey
2014-03-14 13:57 - 2014-03-14 13:57 - 00000000 ____D () C:\Lasse
2014-03-14 13:09 - 2013-10-20 15:02 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2014-03-13 20:09 - 2013-09-04 22:49 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Dropbox
2014-03-09 15:09 - 2014-03-09 14:40 - 2163979941 _____ () C:\Users\Lasse\Desktop\Maiks Indien.zip
2014-03-06 15:31 - 2013-09-02 12:03 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\vlc
2014-03-06 12:08 - 2009-07-14 05:45 - 00025696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 12:08 - 2009-07-14 05:45 - 00025696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 12:01 - 2013-09-04 22:55 - 00000000 ___RD () C:\Users\Lasse\Dropbox
2014-03-06 11:59 - 2013-09-02 00:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-06 11:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 21:34 - 2014-02-28 15:54 - 00000000 ____D () C:\Users\Lasse\Desktop\Musik
2014-02-24 16:07 - 2014-02-24 16:06 - 88968102 _____ () C:\Users\Lasse\Downloads\Sleep Party People.rar
2014-02-23 18:51 - 2014-02-23 18:51 - 00000000 ____D () C:\Users\Lasse\Desktop\Arduino Stater Kit Tutorals 100-104
2014-02-21 15:55 - 2014-02-21 15:46 - 31685816 _____ () C:\Users\Lasse\Downloads\Skybound Stylizer 5.1.12.326 Portable.zip
2014-02-21 15:45 - 2014-02-21 15:44 - 90578216 _____ (AVAST Software) C:\Users\Lasse\Desktop\avast_free_antivirus_setup.exe
2014-02-21 01:42 - 2014-02-21 00:53 - 151920761 _____ () C:\Users\Lasse\Downloads\Vacation.rar
2014-02-21 00:50 - 2014-02-17 20:32 - 00000000 ____D () C:\Users\Lasse\Desktop\Evolution of Face
2014-02-20 21:49 - 2014-02-20 21:14 - 106235540 _____ () C:\Users\Lasse\Downloads\Message_to_Bears_-_Maps_(2013)-NaR.rar
2014-02-20 12:07 - 2014-02-20 12:07 - 03987342 _____ () C:\Users\Lasse\Downloads\Mir ham se als jeheilt entlassen(360p_H.264-AAC).mp4
2014-02-20 11:02 - 2014-02-20 11:01 - 00000000 ____D () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals
2014-02-19 01:18 - 2014-02-19 00:17 - 186073933 _____ () C:\Users\Lasse\Downloads\f8psz.Message.to.Bears..Maps.2013.Lossless.rar
2014-02-18 21:21 - 2014-02-18 21:17 - 264915882 _____ () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals.zip
2014-02-18 17:47 - 2014-02-18 17:47 - 00000000 ____D () C:\Users\Lasse\.thumbnails
2014-02-17 19:14 - 2014-02-17 19:14 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-02-17 19:14 - 2013-12-08 21:22 - 00018365 _____ () C:\QcOSD.txt
2014-02-15 23:46 - 2014-02-15 23:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 00:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 22:15 - 2013-08-29 17:57 - 00000000 ___RD () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-13 22:14 - 2009-07-14 05:45 - 00305520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 21:03 - 2013-09-19 00:32 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
Files to move or delete:
====================
C:\Users\Lasse\AppData\Local\Temp\Facebook.vbs
Some content of TEMP:
====================
C:\Users\Lasse\AppData\Local\Temp\adffmpeg1.1.4.dll
C:\Users\Lasse\AppData\Local\Temp\vlc-2.1.2-win64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-10 01:11
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Lasse at 2014-03-14 23:18:15
Running from C:\Users\Lasse\Desktop\Virus
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.70.00 - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5 - Arduino LLC)
ATI Catalyst Install Manager (HKLM\...\{9B0EAC89-4331-A96E-C7D3-754192589BEE}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.792.5.2-120504a-138564C-Lenovo - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Brother MFL-Pro Suite MFC-255CW (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2012.0504.2334.40448 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0504.2334.40448 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0504.2334.40448 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Dutch (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help English (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help French (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help German (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Italian (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Japanese (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Korean (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Spanish (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
CCC Help Swedish (x32 Version: 2012.0504.2333.40448 - ATI) Hidden
ccc-core-static (x32 Version: 2012.0504.2334.40448 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2012.0504.2334.40448 - ATI) Hidden
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
FreeFileSync 6.0 (HKLM-x32\...\FreeFileSync) (Version: 6.0 - Zenju)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Live 8.0.1 (HKLM-x32\...\Live 8.0.1) (Version: - )
MATLAB R2012b (HKLM\...\Matlab R2012b) (Version: 8.0 - The MathWorks, Inc.)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
MediaMonkey Remote Server version 1.7.460A (HKLM-x32\...\{DFE645FA-57F3-4EE8-8DD4-7521660D9C30}_is1) (Version: 1.7.460A - Erlend Dahl)
Mendeley Desktop 1.9.2 (HKLM-x32\...\Mendeley Desktop) (Version: 1.9.2 - Mendeley Ltd.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version: - Native Instruments)
Native Instruments Audio 8 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.5.6.1344 - Native Instruments)
Native Instruments Controller Editor (Version: 1.5.6.1344 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.3.1177 - Native Instruments)
Native Instruments Service Center (Version: 2.4.3.1177 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.3.144 - Native Instruments)
Native Instruments Traktor 2 (Version: 2.6.3.144 - Native Instruments) Hidden
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version: - Native Instruments)
Native Instruments Traktor Audio 2 Driver (Version: 3.0.3.696 - Native Instruments) Hidden
Native Instruments Traktor Kontrol X1 (HKLM-x32\...\Native Instruments Traktor Kontrol X1) (Version: - Native Instruments)
Native Instruments Traktor Kontrol X1 (Version: 3.0.1.648 - Native Instruments) Hidden
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version: - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (Version: 3.1.1.780 - Native Instruments) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
OpenVPN 2.3.2-I001 (HKLM\...\OpenVPN) (Version: 2.3.2-I001 - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
SDK Debuggers (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Softonic toolbar on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.21.14 - Softonic) <==== ATTENTION
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.9 - )
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.11 - Lenovo)
TPFanControl v0.62 (HKLM\...\{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1) (Version: - troubadix)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Software Development Kit (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit EULA (x32 Version: 8.100.25984 - Microsoft Corporations) Hidden
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{2fc72c67-2837-46c2-b20a-9acb0d3cb2b2}) (Version: 8.100.25984 - Microsoft Corporation)
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit Redistributables (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
WPT Redistributables (x32 Version: 8.100.25984 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.25984 - Microsoft) Hidden
==================== Restore Points =========================
21-02-2014 12:54:46 Geplanter Prüfpunkt
06-03-2014 11:50:12 Geplanter Prüfpunkt
14-03-2014 21:50:03 avast! antivirus system restore point
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {3C486446-8E05-4417-B6CB-45C82BACE135} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-14] (AVAST Software)
Task: {AAF16CD3-9A70-4692-A9DF-C90CA0BDE289} - System32\Tasks\MATLAB R2012b Startup Accelerator => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-07-20] ()
Task: C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe
==================== Loaded Modules (whitelisted) =============
2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-01-24 12:28 - 2011-01-24 12:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-05-04 22:33 - 2012-05-04 22:33 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-06-03 12:57 - 2013-06-03 12:57 - 00409312 _____ () C:\Program Files\OpenVPN\bin\openvpn-gui.exe
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Lasse\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-15 23:46 - 2014-02-15 23:46 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00054376 _____ () C:\Program Files (x86)\MediaMonkey\MMHelper.dll
2013-09-02 14:00 - 2012-11-08 23:38 - 00581632 _____ () C:\Program Files (x86)\MediaMonkey\sqlite3MM.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00391272 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_aac.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00326760 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_ape.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00306280 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_AVI.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00154216 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_flac.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00185448 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_flac_codec.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00260200 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_FLV.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00348776 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_mkv.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00384104 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_MP4.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00327272 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_mpc.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00265320 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_MPG.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00246888 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_ogg.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00139368 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_video.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00333928 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_wave.dll
2013-09-02 14:00 - 2012-11-08 23:38 - 00367616 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_WMV.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00061032 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_mfaudio.dll
2013-09-02 14:00 - 2011-12-23 18:04 - 00077824 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_mpc.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00164968 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_vorbis.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00081512 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_wav.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00222312 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_wma.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00103528 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_wmp3.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00347752 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\out_MMDS.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00378472 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\out_WASAPI.dll
2013-09-02 14:00 - 2011-12-23 18:04 - 00013824 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\out_wave.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00103528 _____ () C:\Program Files (x86)\MediaMonkey\Equalize.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 01036904 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_iPhone.dll
2013-09-02 14:00 - 2012-11-08 23:38 - 01232896 _____ () C:\Program Files (x86)\MediaMonkey\iPhoneCalc.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00898152 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_iPod.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00399464 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_iRiverH.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00300136 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_USBMass1.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00409704 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_WMDM.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00132200 _____ () C:\Program Files (x86)\MediaMonkey\WMAuth.dll
2013-09-02 14:00 - 2012-11-08 23:44 - 00136296 _____ () C:\Program Files (x86)\MediaMonkey\hpCDBurn.dll
2013-10-16 16:54 - 2013-10-16 16:54 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
2014-03-14 22:51 - 2014-01-21 23:40 - 02156032 _____ () C:\Program Files\AVAST Software\Avast\defs\14012101\algo.dll
2014-03-14 22:56 - 2014-03-14 19:36 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031401\algo.dll
2014-03-14 22:51 - 2014-03-14 22:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: Media Monkey Remote Server => "C:\Program Files (x86)\MediaMonkey Remote Server\MediaMonkey Remote Server.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: uTorrent => "C:\PORTABLES\uTorrentPortable\App\uTorrent\uTorrent.exe" /MINIMIZED
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/14/2014 10:50:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary fehuppwj.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (03/14/2014 08:56:26 PM) (Source: Application Hang) (User: )
Description: Programm MATLAB.exe, Version 8.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2070
Startzeit: 01cf3fbef07e1414
Endzeit: 8
Anwendungspfad: C:\Program Files\MATLAB\R2012b\bin\win64\MATLAB.exe
Berichts-ID: b75c51e1-abb2-11e3-a2b9-00234dfa26bc
Error: (03/14/2014 02:16:29 PM) (Source: Application Hang) (User: )
Description: Programm MATLAB.exe, Version 8.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2220
Startzeit: 01cf3f8236aaf8c9
Endzeit: 34
Anwendungspfad: C:\Program Files\MATLAB\R2012b\bin\win64\MATLAB.exe
Berichts-ID:
Error: (03/14/2014 00:23:20 AM) (Source: Application Hang) (User: )
Description: Programm age2_x1.Exe, Version 0.7.22.627 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1258
Startzeit: 01cf3ef560bc8bab
Endzeit: 15
Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe
Berichts-ID:
Error: (03/09/2014 00:24:25 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 27.0.1.5156 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 4f8
Startzeit: 01cf394cd9051fdc
Endzeit: 90
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: c5f205bc-a718-11e3-a2b9-00234dfa26bc
Error: (03/06/2014 00:00:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 04:22:42 PM) (Source: Application Hang) (User: )
Description: Programm MediaMonkey.exe, Version 4.0.7.1510 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 10a0
Startzeit: 01cf29bcb6c5df8a
Endzeit: 714
Anwendungspfad: C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
Berichts-ID: cf7e6b1e-9ef9-11e3-91ea-001c2599ae9e
Error: (02/25/2014 08:35:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WScript.exe, Version: 5.8.7601.18283, Zeitstempel: 0x5258a6e6
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x2ae8
Startzeit der fehlerhaften Anwendung: 0xWScript.exe0
Pfad der fehlerhaften Anwendung: WScript.exe1
Pfad des fehlerhaften Moduls: WScript.exe2
Berichtskennung: WScript.exe3
Error: (02/22/2014 07:12:35 PM) (Source: Application Hang) (User: )
Description: Programm vlc.exe, Version 2.1.2.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b0c
Startzeit: 01cf2ff99de65a5e
Endzeit: 15
Anwendungspfad: C:\Program Files\VideoLAN\VLC\vlc.exe
Berichts-ID: e568cd06-9bec-11e3-91ea-001c2599ae9e
Error: (02/18/2014 08:12:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gimp-2.8.exe, Version: 2.8.10.0, Zeitstempel: 0x529a15f8
Name des fehlerhaften Moduls: libglib-2.0-0.dll, Version: 2.38.0.0, Zeitstempel: 0x52990f4e
Ausnahmecode: 0x40000015
Fehleroffset: 0x00000000000372cf
ID des fehlerhaften Prozesses: 0x1a6c
Startzeit der fehlerhaften Anwendung: 0xgimp-2.8.exe0
Pfad der fehlerhaften Anwendung: gimp-2.8.exe1
Pfad des fehlerhaften Moduls: gimp-2.8.exe2
Berichtskennung: gimp-2.8.exe3
System errors:
=============
Error: (03/09/2014 06:06:52 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (03/09/2014 06:06:46 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (03/09/2014 06:06:40 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (03/09/2014 06:06:34 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (03/09/2014 06:06:28 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (03/09/2014 06:06:22 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (03/09/2014 06:06:16 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (03/09/2014 06:06:10 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (03/09/2014 06:06:04 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (03/09/2014 06:05:58 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Microsoft Office Sessions:
=========================
Error: (03/14/2014 10:50:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary fehuppwj.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (03/14/2014 08:56:26 PM) (Source: Application Hang)(User: )
Description: MATLAB.exe8.0.0.0207001cf3fbef07e14148C:\Program Files\MATLAB\R2012b\bin\win64\MATLAB.exeb75c51e1-abb2-11e3-a2b9-00234dfa26bc
Error: (03/14/2014 02:16:29 PM) (Source: Application Hang)(User: )
Description: MATLAB.exe8.0.0.0222001cf3f8236aaf8c934C:\Program Files\MATLAB\R2012b\bin\win64\MATLAB.exe
Error: (03/14/2014 00:23:20 AM) (Source: Application Hang)(User: )
Description: age2_x1.Exe0.7.22.627125801cf3ef560bc8bab15C:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe
Error: (03/09/2014 00:24:25 AM) (Source: Application Hang)(User: )
Description: firefox.exe27.0.1.51564f801cf394cd9051fdc90C:\Program Files (x86)\Mozilla Firefox\firefox.exec5f205bc-a718-11e3-a2b9-00234dfa26bc
Error: (03/06/2014 00:00:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 04:22:42 PM) (Source: Application Hang)(User: )
Description: MediaMonkey.exe4.0.7.151010a001cf29bcb6c5df8a714C:\Program Files (x86)\MediaMonkey\MediaMonkey.execf7e6b1e-9ef9-11e3-91ea-001c2599ae9e
Error: (02/25/2014 08:35:52 PM) (Source: Application Error)(User: )
Description: WScript.exe5.8.7601.182835258a6e6ntdll.dll6.1.7601.18247521eaf24c000037400000000000c41022ae801cf32602c4d4422C:\Windows\System32\WScript.exeC:\Windows\SYSTEM32\ntdll.dll08c91e65-9e54-11e3-91ea-001c2599ae9e
Error: (02/22/2014 07:12:35 PM) (Source: Application Hang)(User: )
Description: vlc.exe2.1.2.01b0c01cf2ff99de65a5e15C:\Program Files\VideoLAN\VLC\vlc.exee568cd06-9bec-11e3-91ea-001c2599ae9e
Error: (02/18/2014 08:12:34 PM) (Source: Application Error)(User: )
Description: gimp-2.8.exe2.8.10.0529a15f8libglib-2.0-0.dll2.38.0.052990f4e4000001500000000000372cf1a6c01cf2caf152da1dcC:\Program Files\GIMP 2\bin\gimp-2.8.exeC:\Program Files\GIMP 2\bin\libglib-2.0-0.dll9e702b29-98d0-11e3-91ea-001c2599ae9e
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 3992.03 MB
Available physical RAM: 1764.97 MB
Total Pagefile: 7982.23 MB
Available Pagefile: 4628.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:72.85 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:155.65 GB) NTFS
Drive f: (AGE2_X1) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 77CA8C87)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9E5AA1AD)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER Quick Scan: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-14 23:43:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160411AS rev.LV13 149,05GB
Running: 3-GMER.exe; Driver: C:\Users\Lasse\AppData\Local\Temp\uwldiaog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fae000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002fae040 13 bytes [01, 90, 12, 19, A0, F8, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\taskmgr.exe[7136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUi.exe[2408] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007529a30a 1 byte [62]
.text C:\Users\Lasse\Desktop\Virus\3-GMER.exe[7536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007529a30a 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\AUDIODG.EXE [3464:9740] 00000000686388e4
Thread C:\Windows\system32\AUDIODG.EXE [3464:9572] 0000000068625608
---- Processes - GMER 2.1 ----
Library C:\Users\Lasse\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe [3504](2014-01-03 00:45:04) 0000000003f10000
Library C:\Users\Lasse\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe [3504](2013-10-18 23:55:02) 000000006ee20000
Library C:\Users\Lasse\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe [3504] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000006e490000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234dfa26bc
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234dfa26bc@109addcc9400 0x16 0xBE 0xD3 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234dfa26bc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234dfa26bc@109addcc9400 0x16 0xBE 0xD3 0x0B ...
---- EOF - GMER 2.1 ----
|
|
15.03.2014, 11:03
| #2 | |
| /// the machine /// TB-Ausbilder    |  facebook.vbs und USB-Verknüpfungen hi,
__________________betroffene Sticks anklemmen und nicht mehr abklemmen. Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
15.03.2014, 20:13
| #3 |
| |  facebook.vbs und USB-Verknüpfungen Sorry, der erste ComboFix Run war ohne USB Sticks dran, der zweite dann mit. Meine externe Festplatte ist die ganze Zeit dran gewesen.
__________________Hier die Logs. ComboFix OHNE USB Sticks Combofix Logfile: Code:
ATTFilter ComboFix 14-03-13.01 - Lasse 15.03.2014 19:49:33.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3992.2287 [GMT 1:00]
ausgeführt von:: c:\users\Lasse\Desktop\Virus\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
E:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-02-15 bis 2014-03-15 ))))))))))))))))))))))))))))))
.
.
2014-03-15 18:55 . 2014-03-15 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-14 22:17 . 2014-03-14 22:18 -------- d-----w- C:\FRST
2014-03-14 21:51 . 2014-03-14 21:51 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-14 21:51 . 2014-03-14 21:51 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-14 21:51 . 2014-03-14 21:51 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-14 21:51 . 2014-03-14 21:51 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-14 21:51 . 2014-03-14 21:51 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-14 21:51 . 2014-03-14 21:51 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-14 21:51 . 2014-03-14 21:51 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-14 21:51 . 2014-03-14 21:51 43152 ----a-w- c:\windows\avastSS.scr
2014-03-14 21:50 . 2014-03-14 21:50 -------- d-----w- c:\program files\AVAST Software
2014-03-14 12:57 . 2014-03-14 12:57 -------- d-----w- C:\Lasse
2014-02-18 16:47 . 2014-02-18 16:47 -------- d-----w- c:\users\Lasse\.thumbnails
2014-02-16 00:36 . 2014-03-07 02:58 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55EE9DF2-0F73-4409-AB85-D3BACD9E11B0}\offreg.dll
2014-02-13 20:00 . 2013-08-29 02:17 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-02-13 19:57 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-13 19:57 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-02-13 19:57 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-14 21:51 . 2013-09-02 10:35 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-04 20:29 . 2014-01-04 20:29 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-18 20:09 . 2014-02-05 17:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2013-06-11 02:28 301464 ----a-w- c:\program files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll" [2013-06-11 296856]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-14 3767096]
.
c:\users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 1090848]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2013-8-30 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 a8djusb_svc;Audio 8 DJ;c:\windows\system32\Drivers\a8djusb.sys;c:\windows\SYSNATIVE\Drivers\a8djusb.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\Drivers\kx1avs.sys;c:\windows\SYSNATIVE\Drivers\kx1avs.sys [x]
R3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\Drivers\kx1usb.sys;c:\windows\SYSNATIVE\Drivers\kx1usb.sys [x]
R3 kz1avs;Traktor Kontrol Z1 WDM Audio;c:\windows\system32\Drivers\kz1avs.sys;c:\windows\SYSNATIVE\Drivers\kz1avs.sys [x]
R3 kz1usb_svc;Traktor Kontrol Z1;c:\windows\system32\Drivers\kz1usb.sys;c:\windows\SYSNATIVE\Drivers\kz1usb.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ta2avs;Traktor Audio 2 WDM Audio;c:\windows\system32\Drivers\ta2avs.sys;c:\windows\SYSNATIVE\Drivers\ta2avs.sys [x]
R3 ta2usb_svc;Traktor Audio 2;c:\windows\system32\Drivers\ta2usb.sys;c:\windows\SYSNATIVE\Drivers\ta2usb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 TVicPort64;TVicPort64; [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys;c:\windows\SYSNATIVE\Drivers\LenovoRd.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-15 c:\windows\Tasks\MATLAB R2012b Startup Accelerator.job
- c:\program files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2013-10-20 17:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-14 21:51 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TpShocks"="TpShocks.exe" [2013-02-12 382248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2013-03-20 154112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=e66fde5700000000000000ff8910d9d6
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\
FF - prefs.js: browser.startup.homepage - hxxp://stressfaktor.squat.net/
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=e66fde5700000000000000ff8910d9d6&q=
FF - user.js: extensions.Softonic.id - e66fde5700000000000000ff8910d9d6
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 16044
FF - user.js: extensions.Softonic.vrsn - 1.8.21.14
FF - user.js: extensions.Softonic.vrsni - 1.8.21.14
FF - user.js: extensions.Softonic.vrsnTs - 1.8.21.1423:53
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - OC
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - opencandy2013
FF - user.js: extensions.Softonic.instlRef - MOY00621
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=e66fde5700000000000000ff8910d9d6
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=e66fde5700000000000000ff8910d9d6
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk - c:\users\Lasse\AppData\Local\Temp\FlashPlayerMsj.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{23A66953-369C-4d22-A189-C6E403D4A19F} - c:\programdata\{B8072A46-03F0-4DE5-BF9A-53BF77AA8606}\Audio 2 DJ Driver Setup PC.exe
AddRemove-{7B8BA774-C154-4DEE-A92D-D0E7236BB152} - c:\programdata\{B3478C15-588A-4968-AD66-76AA98803A28}\Traktor Audio 2 MK2 Driver Setup PC.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-03-15 19:58:01
ComboFix-quarantined-files.txt 2014-03-15 18:58
.
Vor Suchlauf: 15 Verzeichnis(se), 81.555.730.432 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 85.814.038.528 Bytes frei
.
- - End Of File - - BD82399DC9A3C74CF3FBBFD4FA625048
A36C5E4F47E84449FF07ED3517B43A31 ComboFix MIT 2 USB Sticks dran [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 14-03-13.01 - Lasse 15.03.2014 19:49:33.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3992.2287 [GMT 1:00]
ausgeführt von:: c:\users\Lasse\Desktop\Virus\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
E:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-02-15 bis 2014-03-15 ))))))))))))))))))))))))))))))
.
.
2014-03-15 18:55 . 2014-03-15 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-14 22:17 . 2014-03-14 22:18 -------- d-----w- C:\FRST
2014-03-14 21:51 . 2014-03-14 21:51 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-14 21:51 . 2014-03-14 21:51 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-14 21:51 . 2014-03-14 21:51 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-14 21:51 . 2014-03-14 21:51 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-14 21:51 . 2014-03-14 21:51 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-14 21:51 . 2014-03-14 21:51 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-14 21:51 . 2014-03-14 21:51 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-14 21:51 . 2014-03-14 21:51 43152 ----a-w- c:\windows\avastSS.scr
2014-03-14 21:50 . 2014-03-14 21:50 -------- d-----w- c:\program files\AVAST Software
2014-03-14 12:57 . 2014-03-14 12:57 -------- d-----w- C:\Lasse
2014-02-18 16:47 . 2014-02-18 16:47 -------- d-----w- c:\users\Lasse\.thumbnails
2014-02-16 00:36 . 2014-03-07 02:58 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55EE9DF2-0F73-4409-AB85-D3BACD9E11B0}\offreg.dll
2014-02-13 20:00 . 2013-08-29 02:17 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-02-13 19:57 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-13 19:57 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-02-13 19:57 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-14 21:51 . 2013-09-02 10:35 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-04 20:29 . 2014-01-04 20:29 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-18 20:09 . 2014-02-05 17:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2013-06-11 02:28 301464 ----a-w- c:\program files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll" [2013-06-11 296856]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-14 3767096]
.
c:\users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 1090848]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2013-8-30 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 a8djusb_svc;Audio 8 DJ;c:\windows\system32\Drivers\a8djusb.sys;c:\windows\SYSNATIVE\Drivers\a8djusb.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\Drivers\kx1avs.sys;c:\windows\SYSNATIVE\Drivers\kx1avs.sys [x]
R3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\Drivers\kx1usb.sys;c:\windows\SYSNATIVE\Drivers\kx1usb.sys [x]
R3 kz1avs;Traktor Kontrol Z1 WDM Audio;c:\windows\system32\Drivers\kz1avs.sys;c:\windows\SYSNATIVE\Drivers\kz1avs.sys [x]
R3 kz1usb_svc;Traktor Kontrol Z1;c:\windows\system32\Drivers\kz1usb.sys;c:\windows\SYSNATIVE\Drivers\kz1usb.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ta2avs;Traktor Audio 2 WDM Audio;c:\windows\system32\Drivers\ta2avs.sys;c:\windows\SYSNATIVE\Drivers\ta2avs.sys [x]
R3 ta2usb_svc;Traktor Audio 2;c:\windows\system32\Drivers\ta2usb.sys;c:\windows\SYSNATIVE\Drivers\ta2usb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 TVicPort64;TVicPort64; [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys;c:\windows\SYSNATIVE\Drivers\LenovoRd.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-15 c:\windows\Tasks\MATLAB R2012b Startup Accelerator.job
- c:\program files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2013-10-20 17:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-14 21:51 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Lasse\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TpShocks"="TpShocks.exe" [2013-02-12 382248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2013-03-20 154112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=e66fde5700000000000000ff8910d9d6
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\
FF - prefs.js: browser.startup.homepage - hxxp://stressfaktor.squat.net/
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=e66fde5700000000000000ff8910d9d6&q=
FF - user.js: extensions.Softonic.id - e66fde5700000000000000ff8910d9d6
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 16044
FF - user.js: extensions.Softonic.vrsn - 1.8.21.14
FF - user.js: extensions.Softonic.vrsni - 1.8.21.14
FF - user.js: extensions.Softonic.vrsnTs - 1.8.21.1423:53
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - OC
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - opencandy2013
FF - user.js: extensions.Softonic.instlRef - MOY00621
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=e66fde5700000000000000ff8910d9d6
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=e66fde5700000000000000ff8910d9d6
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk - c:\users\Lasse\AppData\Local\Temp\FlashPlayerMsj.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{23A66953-369C-4d22-A189-C6E403D4A19F} - c:\programdata\{B8072A46-03F0-4DE5-BF9A-53BF77AA8606}\Audio 2 DJ Driver Setup PC.exe
AddRemove-{7B8BA774-C154-4DEE-A92D-D0E7236BB152} - c:\programdata\{B3478C15-588A-4968-AD66-76AA98803A28}\Traktor Audio 2 MK2 Driver Setup PC.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-03-15 19:58:01
ComboFix-quarantined-files.txt 2014-03-15 18:58
.
Vor Suchlauf: 15 Verzeichnis(se), 81.555.730.432 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 85.814.038.528 Bytes frei
.
- - End Of File - - BD82399DC9A3C74CF3FBBFD4FA625048
A36C5E4F47E84449FF07ED3517B43A31 |
|
16.03.2014, 17:35
| #4 |
| /// the machine /// TB-Ausbilder | facebook.vbs und USB-Verknüpfungen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.03.2014, 18:26
| #5 |
| | facebook.vbs und USB-Verknüpfungen Eine "hilfsbereite " Person hat avast leider nochmal drüber laufen lassen und irgendwas gelöscht, mehr weiß ich leider nicht. Danach bin ich wieder an den PC und habe die Anleitungen befolgt, hier nochmal die Logs: (bin ich jetzt virenfrei und kann was über den VPN in die Uni gelangt sein? Malwarbytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.16.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lasse :: BLACKBLOCK [Administrator] Schutz: Aktiviert 16.03.2014 17:44:35 mbam-log-2014-03-16 (17-44-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 223023 Laufzeit: 3 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Lasse\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lasse\AppData\Roaming\OpenCandy\6480A973E1844969B0E0BB28DCABF8E9 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 2 C:\Users\Lasse\Downloads\FreeFileSync_6.0_Windows_Setup.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lasse\AppData\Roaming\OpenCandy\6480A973E1844969B0E0BB28DCABF8E9\Setupsft_chr_p1v7.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 16/03/2014 um 18:00:51
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Lasse - BLACKBLOCK
# Gestartet von : C:\Users\Lasse\Desktop\Virus\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Softonic
Ordner Gelöscht : C:\Users\Lasse\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Lasse\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Datei Gelöscht : C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16533
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=e66fde5700000000000000ff8910d9d6");
Zeile gelöscht : user_pref("extensions.Softonic.id", "e66fde5700000000000000ff8910d9d6");
Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16044");
Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=e66fde5700000000000000ff8910d9d6");
Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=e66fde5700000000000000ff8910d9d6&q=");
Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.1423:53:36");
Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
*************************
AdwCleaner[R0].txt - [9208 octets] - [16/03/2014 17:59:40]
AdwCleaner[S0].txt - [8843 octets] - [16/03/2014 18:00:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8903 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by Lasse on 16.03.2014 at 18:07:24,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C3A74DD2-1D88-4A57-A2E0-2309F6FBB42F}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Lasse\AppData\Roaming\mozilla\firefox\profiles\l0z5852m.default\minidumps [59 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.03.2014 at 18:17:19,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Lasse (administrator) on BLACKBLOCK on 16-03-2014 18:24:39
Running from C:\Users\Lasse\Desktop\Virus
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dropbox, Inc.) C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Lasse\Desktop\Virus\2-FRST64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-05-29] (Synaptics Incorporated)
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] ()
HKLM\...\Run: [TPFanControl] - C:\Program Files\TPFanControl\TPFanControl.exe [154112 2013-03-20] (troubadix)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-14] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default
FF Homepage: hxxp://stressfaktor.squat.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChangeViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\foxyproxy@eric.h.jung [2014-02-05]
FF Extension: Ghostery - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\firefox@ghostery.com.xpi [2013-09-18]
FF Extension: Clearly - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\readable@evernote.com.xpi [2014-02-13]
FF Extension: Adblock Plus - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-14]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-14] (AVAST Software)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-06-03] (The OpenVPN Project)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
S3 a8djavs; C:\Windows\System32\Drivers\a8djavs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 a8djusb_svc; C:\Windows\System32\Drivers\a8djusb.sys [100712 2012-12-18] (Native Instruments GmbH)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-14] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-14] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-04] (Disc Soft Ltd)
S3 kz1avs; C:\Windows\System32\Drivers\kz1avs.sys [359120 2013-05-17] (Native Instruments GmbH)
S3 kz1usb_svc; C:\Windows\System32\Drivers\kz1usb.sys [83152 2013-05-17] (Native Instruments GmbH)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)
S3 ta2avs; C:\Windows\System32\Drivers\ta2avs.sys [358480 2012-02-22] (Native Instruments GmbH)
S3 ta2usb_svc; C:\Windows\System32\Drivers\ta2usb.sys [79952 2012-02-22] (Native Instruments GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NETw5s64; system32\DRIVERS\NETw5s64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-16 18:17 - 2014-03-16 18:17 - 00001360 _____ () C:\Users\Lasse\Desktop\JRT.txt
2014-03-16 18:07 - 2014-03-16 18:07 - 00000000 ____D () C:\Windows\ERUNT
2014-03-16 17:58 - 2014-03-16 18:00 - 00000000 ____D () C:\AdwCleaner
2014-03-16 17:41 - 2014-03-16 17:41 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-16 17:41 - 2014-03-16 17:41 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Malwarebytes
2014-03-16 17:41 - 2014-03-16 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-16 17:41 - 2014-03-16 17:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-16 17:41 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-15 20:09 - 2014-03-15 20:09 - 00018120 _____ () C:\ComboFix.txt
2014-03-15 19:48 - 2014-03-15 20:10 - 00000000 ____D () C:\Qoobox
2014-03-15 19:48 - 2014-03-15 19:56 - 00000000 ____D () C:\Windows\erdnt
2014-03-15 19:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-15 19:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-15 19:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-15 19:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-15 19:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-15 19:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-15 19:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-15 19:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-15 19:25 - 2014-03-15 19:25 - 05190279 ____R (Swearware) C:\Users\Lasse\Desktop\ComboFix.exe
2014-03-14 23:52 - 2014-03-14 23:53 - 00279104 _____ () C:\Windows\Minidump\031414-23946-01.dmp
2014-03-14 23:17 - 2014-03-16 18:24 - 00000000 ____D () C:\FRST
2014-03-14 23:16 - 2014-03-14 23:16 - 00000168 _____ () C:\Users\Lasse\defogger_reenable
2014-03-14 23:08 - 2014-03-16 18:24 - 00000000 ____D () C:\Users\Lasse\Desktop\Virus
2014-03-14 22:52 - 2014-03-14 22:52 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-14 22:51 - 2014-03-14 22:51 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-14 22:50 - 2014-03-14 22:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-14 21:07 - 2014-03-14 21:07 - 00004638 _____ () C:\Users\Lasse\AppData\Local\recently-used.xbel
2014-03-14 13:57 - 2014-03-14 13:57 - 00000000 ____D () C:\Lasse
2014-02-28 15:54 - 2014-02-28 21:34 - 00000000 ____D () C:\Users\Lasse\Desktop\Musik
2014-02-24 16:07 - 2010-03-17 23:02 - 00000000 ____D () C:\Users\Lasse\Downloads\Sleep Party People
2014-02-24 16:06 - 2014-02-24 16:07 - 88968102 _____ () C:\Users\Lasse\Downloads\Sleep Party People.rar
2014-02-23 18:51 - 2014-02-23 18:51 - 00000000 ____D () C:\Users\Lasse\Desktop\Arduino Stater Kit Tutorals 100-104
2014-02-21 15:46 - 2014-02-21 15:55 - 31685816 _____ () C:\Users\Lasse\Downloads\Skybound Stylizer 5.1.12.326 Portable.zip
2014-02-21 00:53 - 2014-02-21 01:42 - 151920761 _____ () C:\Users\Lasse\Downloads\Vacation.rar
2014-02-20 21:14 - 2014-02-20 21:49 - 106235540 _____ () C:\Users\Lasse\Downloads\Message_to_Bears_-_Maps_(2013)-NaR.rar
2014-02-20 12:07 - 2014-02-20 12:07 - 03987342 _____ () C:\Users\Lasse\Downloads\Mir ham se als jeheilt entlassen(360p_H.264-AAC).mp4
2014-02-20 11:01 - 2014-02-20 11:02 - 00000000 ____D () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals
2014-02-19 00:17 - 2014-02-19 01:18 - 186073933 _____ () C:\Users\Lasse\Downloads\f8psz.Message.to.Bears..Maps.2013.Lossless.rar
2014-02-18 21:17 - 2014-02-18 21:21 - 264915882 _____ () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals.zip
2014-02-18 18:37 - 2011-07-23 09:15 - 00000000 ____D () C:\Users\Lasse\Downloads\Ryoma_Takemasa--Deepn_(Gonno_Remix)-(USDC-0007)-WEB-2011-dh
2014-02-18 17:47 - 2014-02-18 17:47 - 00000000 ____D () C:\Users\Lasse\.thumbnails
2014-02-17 20:32 - 2014-02-21 00:50 - 00000000 ____D () C:\Users\Lasse\Desktop\Evolution of Face
2014-02-15 23:46 - 2014-02-15 23:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-03-16 18:24 - 2014-03-14 23:17 - 00000000 ____D () C:\FRST
2014-03-16 18:24 - 2014-03-14 23:08 - 00000000 ____D () C:\Users\Lasse\Desktop\Virus
2014-03-16 18:17 - 2014-03-16 18:17 - 00001360 _____ () C:\Users\Lasse\Desktop\JRT.txt
2014-03-16 18:10 - 2009-07-14 05:45 - 00025696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 18:10 - 2009-07-14 05:45 - 00025696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 18:07 - 2014-03-16 18:07 - 00000000 ____D () C:\Windows\ERUNT
2014-03-16 18:06 - 2013-08-29 17:48 - 01445915 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 18:03 - 2013-09-04 22:55 - 00000000 ___RD () C:\Users\Lasse\Dropbox
2014-03-16 18:03 - 2013-09-04 22:49 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Dropbox
2014-03-16 18:02 - 2013-10-20 15:02 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2014-03-16 18:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 18:02 - 2009-07-14 05:51 - 00085310 _____ () C:\Windows\setupact.log
2014-03-16 18:00 - 2014-03-16 17:58 - 00000000 ____D () C:\AdwCleaner
2014-03-16 17:56 - 2010-11-21 04:47 - 00494300 _____ () C:\Windows\PFRO.log
2014-03-16 17:55 - 2013-09-02 14:00 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\MediaMonkey
2014-03-16 17:41 - 2014-03-16 17:41 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-16 17:41 - 2014-03-16 17:41 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Malwarebytes
2014-03-16 17:41 - 2014-03-16 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-16 17:41 - 2014-03-16 17:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-16 16:14 - 2014-01-21 23:46 - 00000000 ____D () C:\Users\Lasse\Documents\MATLAB
2014-03-15 21:58 - 2013-09-02 12:03 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\vlc
2014-03-15 20:10 - 2014-03-15 19:48 - 00000000 ____D () C:\Qoobox
2014-03-15 20:10 - 2013-12-08 21:22 - 00072139 _____ () C:\QcOSD.txt
2014-03-15 20:09 - 2014-03-15 20:09 - 00018120 _____ () C:\ComboFix.txt
2014-03-15 20:08 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-15 20:04 - 2011-04-12 08:43 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-03-15 20:04 - 2011-04-12 08:43 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-03-15 20:04 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 19:58 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-15 19:56 - 2014-03-15 19:48 - 00000000 ____D () C:\Windows\erdnt
2014-03-15 19:56 - 2013-08-29 17:57 - 00000000 ___RD () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-15 19:25 - 2014-03-15 19:25 - 05190279 ____R (Swearware) C:\Users\Lasse\Desktop\ComboFix.exe
2014-03-14 23:53 - 2014-03-14 23:52 - 00279104 _____ () C:\Windows\Minidump\031414-23946-01.dmp
2014-03-14 23:52 - 2014-01-11 18:14 - 483846715 _____ () C:\Windows\MEMORY.DMP
2014-03-14 23:52 - 2014-01-11 18:14 - 00000000 ____D () C:\Windows\Minidump
2014-03-14 23:16 - 2014-03-14 23:16 - 00000168 _____ () C:\Users\Lasse\defogger_reenable
2014-03-14 23:16 - 2013-08-29 17:57 - 00000000 ____D () C:\Users\Lasse
2014-03-14 22:52 - 2014-03-14 22:52 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-14 22:52 - 2013-12-06 00:26 - 00000000 ____D () C:\Users\Lasse\.gimp-2.8
2014-03-14 22:52 - 2013-09-02 11:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-14 22:51 - 2014-03-14 22:51 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-14 22:51 - 2013-09-02 11:35 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-14 22:50 - 2014-03-14 22:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-14 22:49 - 2013-09-02 11:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-14 21:07 - 2014-03-14 21:07 - 00004638 _____ () C:\Users\Lasse\AppData\Local\recently-used.xbel
2014-03-14 21:07 - 2013-12-06 00:52 - 00000000 ____D () C:\Users\Lasse\AppData\Local\gtk-2.0
2014-03-14 13:57 - 2014-03-14 13:57 - 00000000 ____D () C:\Lasse
2014-03-06 11:59 - 2013-09-02 00:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-28 21:34 - 2014-02-28 15:54 - 00000000 ____D () C:\Users\Lasse\Desktop\Musik
2014-02-24 16:07 - 2014-02-24 16:06 - 88968102 _____ () C:\Users\Lasse\Downloads\Sleep Party People.rar
2014-02-23 18:51 - 2014-02-23 18:51 - 00000000 ____D () C:\Users\Lasse\Desktop\Arduino Stater Kit Tutorals 100-104
2014-02-21 15:55 - 2014-02-21 15:46 - 31685816 _____ () C:\Users\Lasse\Downloads\Skybound Stylizer 5.1.12.326 Portable.zip
2014-02-21 01:42 - 2014-02-21 00:53 - 151920761 _____ () C:\Users\Lasse\Downloads\Vacation.rar
2014-02-21 00:50 - 2014-02-17 20:32 - 00000000 ____D () C:\Users\Lasse\Desktop\Evolution of Face
2014-02-20 21:49 - 2014-02-20 21:14 - 106235540 _____ () C:\Users\Lasse\Downloads\Message_to_Bears_-_Maps_(2013)-NaR.rar
2014-02-20 12:07 - 2014-02-20 12:07 - 03987342 _____ () C:\Users\Lasse\Downloads\Mir ham se als jeheilt entlassen(360p_H.264-AAC).mp4
2014-02-20 11:02 - 2014-02-20 11:01 - 00000000 ____D () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals
2014-02-19 01:18 - 2014-02-19 00:17 - 186073933 _____ () C:\Users\Lasse\Downloads\f8psz.Message.to.Bears..Maps.2013.Lossless.rar
2014-02-18 21:21 - 2014-02-18 21:17 - 264915882 _____ () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals.zip
2014-02-18 17:47 - 2014-02-18 17:47 - 00000000 ____D () C:\Users\Lasse\.thumbnails
2014-02-15 23:46 - 2014-02-15 23:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 00:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
Some content of TEMP:
====================
C:\Users\Lasse\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-10 01:11
==================== End Of Log ============================
|
|
17.03.2014, 10:25
| #6 | |
| /// the machine /// TB-Ausbilder | facebook.vbs und USB-VerknüpfungenZitat:
 Was macht der Stick? ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> facebook.vbs und USB-Verknüpfungen |
|
18.03.2014, 01:26
| #7 |
| | facebook.vbs und USB-Verknüpfungen Security Scan gibt mir aus: UNSUPPORTED OPERATING SYSTEM! ABORTED! Die Verknüpfungen auf dem USB Stick sind allerdings immer noch so gesetzt, wie kann ich die Originaldateien wieder herstellen? (Sind noch drauf, der Haken ist allerdings nicht bei Versteckt gesetzt..) Der Rest der Logfiles: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5f6f00239e3a4b4ababd982e47f8f3e8
# engine=17474
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-17 10:49:20
# local_time=2014-03-17 11:49:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 77 219456 223101 0 0
# compatibility_mode=5893 16776573 100 94 892261 146683210 0 0
# scanned=259228
# found=0
# cleaned=0
# scan_time=4404
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5f6f00239e3a4b4ababd982e47f8f3e8
# engine=17480
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-17 10:18:22
# local_time=2014-03-17 11:18:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 77 264398 264443 0 0
# compatibility_mode=5893 16776573 100 94 937203 146724552 0 0
# scanned=537756
# found=22
# cleaned=0
# scan_time=13143
sh=0E10D1FB47FEEDBCB13EC2D507EEF86F0804302B ft=1 fh=b80ce1e6e41cb2d0 vn="NSIS/StartPage.CC trojan" ac=I fn="C:\Users\Lasse\Documents\W500 Driver\PROGRAMME\vlc-2.0.7-win64.exe"
sh=0E10D1FB47FEEDBCB13EC2D507EEF86F0804302B ft=1 fh=b80ce1e6e41cb2d0 vn="NSIS/StartPage.CC trojan" ac=I fn="E:\Backup-Dateien\Documents\Documents\W500 Driver\PROGRAMME\vlc-2.0.7-win64.exe"
sh=1B2A8DA315ACD45CC5F646E9A076F6D71858218E ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="E:\BACKUP_Schrottdreadtop\Tabularasa\Desktop\(G) Wechseldatenträger\OrdnungsamtSchreibenMilliLasse.pdf.lnk"
sh=79A9082A740955B9BAA12A0D313D3FF24ADBD99B ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="E:\BACKUP_Schrottdreadtop\Tabularasa\Desktop\(G) Wechseldatenträger\RunClubSanDisk.exe.lnk"
sh=B3A523722844C409383E2F65E79D31E0B22AF7FE ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="E:\BACKUP_Schrottdreadtop\Tabularasa\Desktop\(G) Wechseldatenträger\RunSanDiskSecureAccess_Win.exe.lnk"
sh=0E10D1FB47FEEDBCB13EC2D507EEF86F0804302B ft=1 fh=b80ce1e6e41cb2d0 vn="NSIS/StartPage.CC trojan" ac=I fn="E:\BACKUP_Schrottdreadtop\Tabularasa\Desktop\WINDOOF\PROGRAMME\vlc-2.0.7-win64.exe"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000082].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000083].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000090].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000091].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000092].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000093].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000094].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000097].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000098].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000109].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000110].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000123].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000128].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000135].rar"
sh=5A22F11C45672EECF0C59D22EB8EA2894263EDB7 ft=0 fh=0000000000000000 vn="Win32/Mabezat.A virus" ac=I fn="E:\FREMDBACKUP\milis hdd datenrettung\[000136].rar"
sh=0289503DF74FF579CEB3399D78310A6599310FA0 ft=1 fh=c71c00115c45193b vn="a variant of Win32/Kryptik.BWAM trojan" ac=I fn="E:\TON\Musik\SPIELUNKE\FileZilla_3.7.3_win32-setup.exe"
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Lasse (administrator) on BLACKBLOCK on 18-03-2014 01:20:13
Running from C:\Users\Lasse\Desktop\Virus
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dropbox, Inc.) C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Ventis Media Inc.) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Farbar) C:\Users\Lasse\Desktop\Virus\2-FRST64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-05-29] (Synaptics Incorporated)
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] ()
HKLM\...\Run: [TPFanControl] - C:\Program Files\TPFanControl\TPFanControl.exe [154112 2013-03-20] (troubadix)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-14] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lasse\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default
FF Homepage: hxxp://stressfaktor.squat.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChangeViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\foxyproxy@eric.h.jung [2014-02-05]
FF Extension: Ghostery - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\firefox@ghostery.com.xpi [2013-09-18]
FF Extension: Clearly - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\readable@evernote.com.xpi [2014-02-13]
FF Extension: Adblock Plus - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\l0z5852m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-14]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-14] (AVAST Software)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-06-03] (The OpenVPN Project)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
S3 a8djavs; C:\Windows\System32\Drivers\a8djavs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 a8djusb_svc; C:\Windows\System32\Drivers\a8djusb.sys [100712 2012-12-18] (Native Instruments GmbH)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-14] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-14] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-04] (Disc Soft Ltd)
S3 kz1avs; C:\Windows\System32\Drivers\kz1avs.sys [359120 2013-05-17] (Native Instruments GmbH)
S3 kz1usb_svc; C:\Windows\System32\Drivers\kz1usb.sys [83152 2013-05-17] (Native Instruments GmbH)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)
S3 ta2avs; C:\Windows\System32\Drivers\ta2avs.sys [358480 2012-02-22] (Native Instruments GmbH)
S3 ta2usb_svc; C:\Windows\System32\Drivers\ta2usb.sys [79952 2012-02-22] (Native Instruments GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NETw5s64; system32\DRIVERS\NETw5s64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-17 10:33 - 2014-03-17 10:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-17 04:45 - 2014-03-17 04:45 - 00000000 ____D () C:\Users\Lasse\Desktop\PRINT
2014-03-16 23:44 - 2014-03-16 23:44 - 01071000 _____ (Solid State Networks) C:\Users\Lasse\Desktop\install_flashplayer12x32_mssa_aaa_aih.exe
2014-03-16 18:45 - 2014-03-16 18:45 - 00001442 _____ () C:\Users\Lasse\Desktop\lasse (homefs) - Verknüpfung.lnk
2014-03-16 18:17 - 2014-03-16 18:17 - 00001360 _____ () C:\Users\Lasse\Desktop\JRT.txt
2014-03-16 18:07 - 2014-03-16 18:07 - 00000000 ____D () C:\Windows\ERUNT
2014-03-16 17:58 - 2014-03-16 18:00 - 00000000 ____D () C:\AdwCleaner
2014-03-16 17:41 - 2014-03-16 17:41 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-16 17:41 - 2014-03-16 17:41 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Malwarebytes
2014-03-16 17:41 - 2014-03-16 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-16 17:41 - 2014-03-16 17:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-16 17:41 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-15 20:09 - 2014-03-15 20:09 - 00018120 _____ () C:\ComboFix.txt
2014-03-15 19:48 - 2014-03-15 20:10 - 00000000 ____D () C:\Qoobox
2014-03-15 19:48 - 2014-03-15 19:56 - 00000000 ____D () C:\Windows\erdnt
2014-03-15 19:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-15 19:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-15 19:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-15 19:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-15 19:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-15 19:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-15 19:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-15 19:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-15 19:25 - 2014-03-15 19:25 - 05190279 ____R (Swearware) C:\Users\Lasse\Desktop\ComboFix.exe
2014-03-14 23:52 - 2014-03-14 23:53 - 00279104 _____ () C:\Windows\Minidump\031414-23946-01.dmp
2014-03-14 23:17 - 2014-03-18 01:20 - 00000000 ____D () C:\FRST
2014-03-14 23:16 - 2014-03-14 23:16 - 00000168 _____ () C:\Users\Lasse\defogger_reenable
2014-03-14 23:08 - 2014-03-18 01:20 - 00000000 ____D () C:\Users\Lasse\Desktop\Virus
2014-03-14 22:52 - 2014-03-14 22:52 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-14 22:51 - 2014-03-14 22:51 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-14 22:50 - 2014-03-14 22:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-14 21:07 - 2014-03-14 21:07 - 00004638 _____ () C:\Users\Lasse\AppData\Local\recently-used.xbel
2014-03-14 13:57 - 2014-03-14 13:57 - 00000000 ____D () C:\Lasse
2014-02-28 15:54 - 2014-02-28 21:34 - 00000000 ____D () C:\Users\Lasse\Desktop\Musik
2014-02-24 16:07 - 2010-03-17 23:02 - 00000000 ____D () C:\Users\Lasse\Downloads\Sleep Party People
2014-02-24 16:06 - 2014-02-24 16:07 - 88968102 _____ () C:\Users\Lasse\Downloads\Sleep Party People.rar
2014-02-23 18:51 - 2014-02-23 18:51 - 00000000 ____D () C:\Users\Lasse\Desktop\Arduino Stater Kit Tutorals 100-104
2014-02-21 15:46 - 2014-02-21 15:55 - 31685816 _____ () C:\Users\Lasse\Downloads\Skybound Stylizer 5.1.12.326 Portable.zip
2014-02-21 00:53 - 2014-02-21 01:42 - 151920761 _____ () C:\Users\Lasse\Downloads\Vacation.rar
2014-02-20 21:14 - 2014-02-20 21:49 - 106235540 _____ () C:\Users\Lasse\Downloads\Message_to_Bears_-_Maps_(2013)-NaR.rar
2014-02-20 12:07 - 2014-02-20 12:07 - 03987342 _____ () C:\Users\Lasse\Downloads\Mir ham se als jeheilt entlassen(360p_H.264-AAC).mp4
2014-02-20 11:01 - 2014-02-20 11:02 - 00000000 ____D () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals
2014-02-19 00:17 - 2014-02-19 01:18 - 186073933 _____ () C:\Users\Lasse\Downloads\f8psz.Message.to.Bears..Maps.2013.Lossless.rar
2014-02-18 21:17 - 2014-02-18 21:21 - 264915882 _____ () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals.zip
2014-02-18 18:37 - 2011-07-23 09:15 - 00000000 ____D () C:\Users\Lasse\Downloads\Ryoma_Takemasa--Deepn_(Gonno_Remix)-(USDC-0007)-WEB-2011-dh
2014-02-18 17:47 - 2014-02-18 17:47 - 00000000 ____D () C:\Users\Lasse\.thumbnails
2014-02-17 20:32 - 2014-02-21 00:50 - 00000000 ____D () C:\Users\Lasse\Desktop\Evolution of Face
==================== One Month Modified Files and Folders =======
2014-03-18 01:20 - 2014-03-14 23:17 - 00000000 ____D () C:\FRST
2014-03-18 01:20 - 2014-03-14 23:08 - 00000000 ____D () C:\Users\Lasse\Desktop\Virus
2014-03-18 00:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-17 20:09 - 2013-08-29 17:48 - 01461390 _____ () C:\Windows\WindowsUpdate.log
2014-03-17 17:13 - 2013-09-02 14:00 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\MediaMonkey
2014-03-17 13:10 - 2013-10-20 15:02 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2014-03-17 11:56 - 2014-01-21 23:46 - 00000000 ____D () C:\Users\Lasse\Documents\MATLAB
2014-03-17 10:33 - 2014-03-17 10:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-17 04:45 - 2014-03-17 04:45 - 00000000 ____D () C:\Users\Lasse\Desktop\PRINT
2014-03-16 23:44 - 2014-03-16 23:44 - 01071000 _____ (Solid State Networks) C:\Users\Lasse\Desktop\install_flashplayer12x32_mssa_aaa_aih.exe
2014-03-16 18:49 - 2009-07-14 05:45 - 00025696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 18:49 - 2009-07-14 05:45 - 00025696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 18:45 - 2014-03-16 18:45 - 00001442 _____ () C:\Users\Lasse\Desktop\lasse (homefs) - Verknüpfung.lnk
2014-03-16 18:17 - 2014-03-16 18:17 - 00001360 _____ () C:\Users\Lasse\Desktop\JRT.txt
2014-03-16 18:07 - 2014-03-16 18:07 - 00000000 ____D () C:\Windows\ERUNT
2014-03-16 18:03 - 2013-09-04 22:55 - 00000000 ___RD () C:\Users\Lasse\Dropbox
2014-03-16 18:03 - 2013-09-04 22:49 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Dropbox
2014-03-16 18:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 18:02 - 2009-07-14 05:51 - 00085310 _____ () C:\Windows\setupact.log
2014-03-16 18:00 - 2014-03-16 17:58 - 00000000 ____D () C:\AdwCleaner
2014-03-16 17:56 - 2010-11-21 04:47 - 00494300 _____ () C:\Windows\PFRO.log
2014-03-16 17:41 - 2014-03-16 17:41 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-16 17:41 - 2014-03-16 17:41 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Malwarebytes
2014-03-16 17:41 - 2014-03-16 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-16 17:41 - 2014-03-16 17:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-15 21:58 - 2013-09-02 12:03 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\vlc
2014-03-15 20:10 - 2014-03-15 19:48 - 00000000 ____D () C:\Qoobox
2014-03-15 20:10 - 2013-12-08 21:22 - 00072139 _____ () C:\QcOSD.txt
2014-03-15 20:09 - 2014-03-15 20:09 - 00018120 _____ () C:\ComboFix.txt
2014-03-15 20:08 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-15 20:04 - 2011-04-12 08:43 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-03-15 20:04 - 2011-04-12 08:43 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-03-15 20:04 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 19:58 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-15 19:56 - 2014-03-15 19:48 - 00000000 ____D () C:\Windows\erdnt
2014-03-15 19:56 - 2013-08-29 17:57 - 00000000 ___RD () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-15 19:25 - 2014-03-15 19:25 - 05190279 ____R (Swearware) C:\Users\Lasse\Desktop\ComboFix.exe
2014-03-14 23:53 - 2014-03-14 23:52 - 00279104 _____ () C:\Windows\Minidump\031414-23946-01.dmp
2014-03-14 23:52 - 2014-01-11 18:14 - 483846715 _____ () C:\Windows\MEMORY.DMP
2014-03-14 23:52 - 2014-01-11 18:14 - 00000000 ____D () C:\Windows\Minidump
2014-03-14 23:16 - 2014-03-14 23:16 - 00000168 _____ () C:\Users\Lasse\defogger_reenable
2014-03-14 23:16 - 2013-08-29 17:57 - 00000000 ____D () C:\Users\Lasse
2014-03-14 22:52 - 2014-03-14 22:52 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-14 22:52 - 2013-12-06 00:26 - 00000000 ____D () C:\Users\Lasse\.gimp-2.8
2014-03-14 22:52 - 2013-09-02 11:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-14 22:51 - 2014-03-14 22:51 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-14 22:51 - 2014-03-14 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-14 22:51 - 2013-09-02 11:35 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-14 22:50 - 2014-03-14 22:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-14 22:49 - 2013-09-02 11:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-14 21:07 - 2014-03-14 21:07 - 00004638 _____ () C:\Users\Lasse\AppData\Local\recently-used.xbel
2014-03-14 21:07 - 2013-12-06 00:52 - 00000000 ____D () C:\Users\Lasse\AppData\Local\gtk-2.0
2014-03-14 13:57 - 2014-03-14 13:57 - 00000000 ____D () C:\Lasse
2014-03-06 11:59 - 2013-09-02 00:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-28 21:34 - 2014-02-28 15:54 - 00000000 ____D () C:\Users\Lasse\Desktop\Musik
2014-02-24 16:07 - 2014-02-24 16:06 - 88968102 _____ () C:\Users\Lasse\Downloads\Sleep Party People.rar
2014-02-23 18:51 - 2014-02-23 18:51 - 00000000 ____D () C:\Users\Lasse\Desktop\Arduino Stater Kit Tutorals 100-104
2014-02-21 15:55 - 2014-02-21 15:46 - 31685816 _____ () C:\Users\Lasse\Downloads\Skybound Stylizer 5.1.12.326 Portable.zip
2014-02-21 01:42 - 2014-02-21 00:53 - 151920761 _____ () C:\Users\Lasse\Downloads\Vacation.rar
2014-02-21 00:50 - 2014-02-17 20:32 - 00000000 ____D () C:\Users\Lasse\Desktop\Evolution of Face
2014-02-20 21:49 - 2014-02-20 21:14 - 106235540 _____ () C:\Users\Lasse\Downloads\Message_to_Bears_-_Maps_(2013)-NaR.rar
2014-02-20 12:07 - 2014-02-20 12:07 - 03987342 _____ () C:\Users\Lasse\Downloads\Mir ham se als jeheilt entlassen(360p_H.264-AAC).mp4
2014-02-20 11:02 - 2014-02-20 11:01 - 00000000 ____D () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals
2014-02-19 01:18 - 2014-02-19 00:17 - 186073933 _____ () C:\Users\Lasse\Downloads\f8psz.Message.to.Bears..Maps.2013.Lossless.rar
2014-02-18 21:21 - 2014-02-18 21:17 - 264915882 _____ () C:\Users\Lasse\Downloads\Madvillainy 4 Instrumentals.zip
2014-02-18 17:47 - 2014-02-18 17:47 - 00000000 ____D () C:\Users\Lasse\.thumbnails
Some content of TEMP:
====================
C:\Users\Lasse\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-10 01:11
==================== End Of Log ============================
|
|
18.03.2014, 12:22
| #8 | |
| /// the machine /// TB-Ausbilder | facebook.vbs und USB-Verknüpfungen In den Ordneroptionen versteckte Dateien anzeigen lassen, und Haken raus bei geschützte Systemdateien ausblenden. Jetzt solltest Du die Originale sehen, dann die Verknüpfungen einfach löschen. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu facebook.vbs und USB-Verknüpfungen |
| antivirus, bluestacks, branding, browser, desktop, fehler, festplatte, firefox, flash player, google, iexplore.exe, lnk/agent.ak, logfile, nsis/startpage.cc, object, programm, pup.optional.opencandy, scan, software, svchost.exe, system, tracker, win32/kryptik.bwam, win32/mabezat.a |
Linear-Darstellung
