Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Plagegeister aller Art und deren Bekämpfung: Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 29.07.2013, 20:50   #1
Maikidodo
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Guten Abend,

ich war gerade beim Surfen - youtube, als auf einmal ein Pop-Up mit dem Icon meiner Anti-Virussoftware aufging und mir mitteilte, dass mein Java (oder Javasript - erinnere mich nicht mehr) nicht sicher sei. Das Pop-Up erlaubte mir 3 Optionen (1) update; 2) blockieren 3) später nachholen); Ich habe "später nachholen" geklickt.

Ich wunderte mich allerdings, dass diese Meldung komisch aussah, weil sonst Java-Update immer anders läuft (über die Taskleiste).
Nachdem ich das "später nachholen" geklickt habe, sah ich eine Message in der Taskleiste, die wie mein übliches Java aussah und blinkte und fragte, ob ich Java updaten wolle.

Diesmal klickte ich "update". Danach fror der Bildschirm sofort ein und ich bekam den Screen mit der Message, ich hätte gegen das Urheberrecht verstoßen und müsse 100 Eur zahlen.

Der PC ist eingefroren. Es kommt auch immer eine Ansage alle paar Minuten.

Ich habe jetzt einstweilen das WiFi mechanisch am Laptop ausgeschaltet und mich über den Rechner meiner Manner registriert.

Hier noch einige Daten:

Sony Vaio Laptop
Windows 7
32 Bit
Antivirus: F-Secure

Wie soll ich jetzt vorgehen?

Vielen Dank schon mal im Voraus,

Maikidodo

Alt 29.07.2013, 21:32   #2
aharonov
/// TB-Ausbilder
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Hallo,

dann lass uns über die RE reinschauen:


Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick (nicht in einen Unterordner!).
Schliesse den USB Stick an den infizierten Rechner an.

Du musst das System nun in die System Reparatur Option booten:
Variante 1 - Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während des Hochfahrens drücke mehrmals die F8 Taste.
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

oder

Variante 2 - Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und boote von der CD.
  • Wähle die Spracheinstellungen und klicke Weiter.
  • Klicke auf Computerreparaturoptionen.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

Wenn du jetzt in den Reparaturoptionen bist, wähle Eingabeaufforderung.
  • Gib nun bitte notepad ein und drücke Enter.
    • Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Computer.
    • Lese hier nun den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
    • Schliesse Notepad wieder.
  • Gib nun bitte folgenden Befehl ein und drücke Enter:
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan.
Das Tool erstellt eine Datei FRST.txt auf deinem USB Stick. Poste dessen Inhalt bitte hier.
__________________

__________________
Alt 29.07.2013, 22:18   #3
Maikidodo
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Lieber Leo,
vielen Dank erst mal.

Hier das Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 01
Ran by SYSTEM on 29-07-2013 23:15:07
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [F-Secure Manager] - C:\Program Files\F-Secure\Common\FSM32.EXE [306928 2012-06-26] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] - C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [1654512 2012-06-26] (F-Secure Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\Maiko\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-04-19] (Skype Technologies S.A.)
HKU\Maiko\...\Run: [VeohPlugin] - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [ 2013-03-24] (Veoh Networks)
HKU\Maiko\...\Run: [aSQw8ccL0] - C:\Users\Maiko\AppData\Local\Ylapdvx.exe [ 2013-07-29] (NCSOFT Company)
Startup: C:\Users\Maiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 F-Secure Gatekeeper Handler Starter; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [220912 2012-06-26] (F-Secure Corporation)
S3 F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [188144 2012-06-26] (F-Secure Corporation)
S2 fsdevcon; C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe [403184 2012-06-26] (F-Secure Corporation)
S3 FSDFWD; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [560880 2012-06-26] (F-Secure Corporation)
S2 FSMA; C:\Program Files\F-Secure\Common\FSMA32.EXE [188144 2012-06-26] (F-Secure Corporation)
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1013808 2013-03-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-10] (Cisco Systems, Inc.)
S4 F-Secure Filter; C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [41072 2012-06-26] ()
S3 F-Secure Gatekeeper; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [145856 2013-07-10] (F-Secure Corporation)
S4 F-Secure Recognizer; C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [26352 2012-06-26] ()
S0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2013-02-26] ()
S1 FSES; C:\Windows\System32\drivers\fses.sys [36976 2012-06-26] (F-Secure Corporation)
S1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72688 2012-06-26] (F-Secure Corporation)
S1 fsvista; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [13552 2012-06-26] ()
S3 Sonyddpu; C:\Windows\System32\Drivers\Sonyddpu.sys [85792 2013-06-16] (Sony Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 23:15 - 2013-07-29 23:15 - 00000000 ____D C:\FRST
2013-07-29 11:26 - 2013-07-29 11:26 - 00183296 _____ (NCSOFT Company) C:\Users\Maiko\AppData\Local\Ylapdvx.exe
2013-07-29 11:26 - 2013-07-29 11:26 - 00181452 _____ C:\Users\Maiko\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53
2013-07-23 23:17 - 2013-07-23 23:17 - 00000873 _____ C:\Users\Maiko\Desktop\DEL0432080553.csv
2013-07-22 23:58 - 2013-07-22 23:59 - 00000000 ____D C:\Users\Maiko\Documents\Certificates
2013-07-16 22:09 - 2013-07-16 22:09 - 00000000 ____D C:\Windows\System32\MRT
2013-07-16 22:09 - 2013-07-16 22:09 - 00000000 ____D C:\5ea5b8733f41e68b516697f4978d97
2013-07-15 11:44 - 2013-07-15 11:44 - 00541831 _____ C:\Users\Maiko\Documents\Anniversary card from Daniel 2013.pptx
2013-07-12 02:13 - 2013-07-12 02:13 - 00000000 ____D C:\Users\Maiko\Desktop\LiCOR
2013-07-12 02:11 - 2013-07-12 06:23 - 00000000 ____D C:\Users\Maiko\Settings
2013-07-12 02:11 - 2013-07-12 02:14 - 00000000 ____D C:\Users\Maiko\Images
2013-07-12 02:10 - 2013-07-12 02:10 - 00001123 _____ C:\Users\Public\Desktop\Image Studio Ver 2.1.lnk
2013-07-12 02:10 - 2013-07-12 02:10 - 00000000 ____D C:\Users\Maiko\.licor
2013-07-12 02:09 - 2013-07-12 02:09 - 00000000 ____D C:\Program Files\Licor
2013-07-10 22:20 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 22:20 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 22:19 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 22:19 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 22:19 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 22:19 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 22:19 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 22:19 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 22:19 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 22:19 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 22:19 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 22:19 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 22:19 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 22:19 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 22:19 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 22:19 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 21:00 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 21:00 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 21:00 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 21:00 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-02 05:09 - 2012-03-05 01:38 - 13868544 _____ C:\Users\Maiko\Desktop\UCT2_alexscholz.ppt

==================== One Month Modified Files and Folders =======

2013-07-29 12:49 - 2013-02-26 01:20 - 01903097 _____ C:\Windows\WindowsUpdate.log
2013-07-29 11:26 - 2013-07-29 11:26 - 00183296 _____ (NCSOFT Company) C:\Users\Maiko\AppData\Local\Ylapdvx.exe
2013-07-29 11:26 - 2013-07-29 11:26 - 00181452 _____ C:\Users\Maiko\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53
2013-07-29 11:11 - 2013-02-26 04:17 - 00000000 ____D C:\Users\Maiko\AppData\Roaming\Skype
2013-07-29 09:33 - 2009-07-13 20:34 - 00013456 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 09:33 - 2009-07-13 20:34 - 00013456 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 09:28 - 2013-03-04 08:18 - 00000000 ___RD C:\Users\Maiko\Dropbox
2013-07-29 09:28 - 2013-03-04 08:15 - 00000000 ____D C:\Users\Maiko\AppData\Roaming\Dropbox
2013-07-29 09:26 - 2013-04-16 05:12 - 00008148 _____ C:\Windows\setupact.log
2013-07-29 09:19 - 2013-06-24 02:12 - 00000000 ____D C:\Users\Maiko\Documents\AG Reiss
2013-07-29 09:19 - 2013-04-20 13:21 - 00000000 ____D C:\Users\Maiko\Desktop\Post-Doc in Vascular Biology (307843)  Frankfurt, Germany  Naturejobs_files
2013-07-29 09:19 - 2013-03-30 03:47 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-07-29 09:19 - 2013-02-26 04:16 - 00000000 ___RD C:\Program Files\Skype
2013-07-29 09:19 - 2013-02-26 02:51 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-29 09:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-07-29 09:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2013-07-29 09:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat
2013-07-29 09:16 - 2013-02-26 04:16 - 00000000 ____D C:\ProgramData\Skype
2013-07-29 09:16 - 2008-09-03 18:19 - 00000000 __RHD C:\MSOCache
2013-07-29 09:09 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-07-28 23:40 - 2013-02-26 00:20 - 00000000 ____D C:\users\Maiko
2013-07-24 03:15 - 2013-02-26 04:13 - 00000000 ____D C:\Users\Maiko\AppData\Local\Adobe
2013-07-23 23:17 - 2013-07-23 23:17 - 00000873 _____ C:\Users\Maiko\Desktop\DEL0432080553.csv
2013-07-22 23:59 - 2013-07-22 23:58 - 00000000 ____D C:\Users\Maiko\Documents\Certificates
2013-07-22 23:54 - 2013-05-01 16:55 - 00000000 ____D C:\Users\Maiko\Documents\Job application
2013-07-17 05:17 - 2013-02-26 03:44 - 00000000 ____D C:\Users\Maiko\AppData\Local\Microsoft Help
2013-07-16 22:09 - 2013-07-16 22:09 - 00000000 ____D C:\Windows\System32\MRT
2013-07-16 22:09 - 2013-07-16 22:09 - 00000000 ____D C:\5ea5b8733f41e68b516697f4978d97
2013-07-15 11:44 - 2013-07-15 11:44 - 00541831 _____ C:\Users\Maiko\Documents\Anniversary card from Daniel 2013.pptx
2013-07-12 06:23 - 2013-07-12 02:11 - 00000000 ____D C:\Users\Maiko\Settings
2013-07-12 02:14 - 2013-07-12 02:11 - 00000000 ____D C:\Users\Maiko\Images
2013-07-12 02:14 - 2013-02-26 00:25 - 00737484 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-12 02:13 - 2013-07-12 02:13 - 00000000 ____D C:\Users\Maiko\Desktop\LiCOR
2013-07-12 02:10 - 2013-07-12 02:10 - 00001123 _____ C:\Users\Public\Desktop\Image Studio Ver 2.1.lnk
2013-07-12 02:10 - 2013-07-12 02:10 - 00000000 ____D C:\Users\Maiko\.licor
2013-07-12 02:09 - 2013-07-12 02:09 - 00000000 ____D C:\Program Files\Licor
2013-07-11 00:13 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-10 23:26 - 2009-07-13 20:33 - 00409096 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 23:24 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 23:24 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 22:21 - 2013-02-26 03:44 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-30 21:37:42
Restore point made on: 2013-07-02 09:38:42
Restore point made on: 2013-07-08 22:18:15
Restore point made on: 2013-07-10 22:09:56
Restore point made on: 2013-07-16 21:23:04
Restore point made on: 2013-07-16 22:08:58
Restore point made on: 2013-07-20 02:43:35
Restore point made on: 2013-07-27 01:35:04
Restore point made on: 2013-07-28 23:47:00
Restore point made on: 2013-07-28 23:50:39

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 1915.04 MB
Available physical RAM: 1532.81 MB
Total Pagefile: 1915.04 MB
Available Pagefile: 1538.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224.53 GB) (Free:71.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:8.35 GB) (Free:0.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Transcend) (Removable) (Total:3.77 GB) (Free:2.17 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 20805342)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=225 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)


LastRegBack: 2013-07-23 02:46

==================== End Of Log ============================
--- --- ---


Vielen Dank und beste Grüße,

Maikidodo
__________________
Alt 29.07.2013, 22:45   #4
aharonov
/// TB-Ausbilder
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Hallo,

startet der Rechner nach diesem Fix wieder normal?


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\Maiko\...\Run: [aSQw8ccL0] - C:\Users\Maiko\AppData\Local\Ylapdvx.exe [ 2013-07-29] (NCSOFT Company)
2013-07-29 11:26 - 2013-07-29 11:26 - 00183296 _____ (NCSOFT Company) C:\Users\Maiko\AppData\Local\Ylapdvx.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
cheers,
Leo

Alt 29.07.2013, 22:59   #5
Maikidodo
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Hallo,

hier erst mal das Log:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-07-2013 01
Ran by SYSTEM at 2013-07-29 23:56:19 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

HKU\Maiko\Software\Microsoft\Windows\CurrentVersion\Run\\aSQw8ccL0 => Value deleted successfully.
C:\Users\Maiko\AppData\Local\Ylapdvx.exe => Moved successfully.

==== End of Fixlog ====
Habe dnach restart gedrückt und dann bei start optionen Normalstart ausgewählt.

Danach hat der Laptop wieder ganz normal gestartet.

Vielen Dank und LG,
Maikidodo


Alt 29.07.2013, 23:01   #6
aharonov
/// TB-Ausbilder
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Sehr gut, dann verschiebe die frst.exe vom USB-Stick auf den Desktop.
  • Starte dann FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.
__________________
--> Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."

Alt 29.07.2013, 23:11   #7
Maikidodo
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Danke schön.

Hier die beiden Logs:

FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 01
Ran by Maiko (administrator) on 30-07-2013 00:07:22
Running from C:\Users\Maiko\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
(F-Secure Corporation) C:\Program Files\F-Secure\Device Control\fsdevcon32.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\F-Secure\Common\FSHDLL32.EXE
(F-Secure Corporation) C:\Program Files\F-Secure\Common\FNRB32.EXE
(F-Secure Corporation) C:\Program Files\F-Secure\Common\FIH32.EXE
(F-Secure Corporation) C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files\F-Secure\common\FSM32.EXE
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Veoh Networks) C:\Program Files\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe
(Dropbox, Inc.) C:\Users\Maiko\AppData\Roaming\Dropbox\bin\Dropbox.exe
(F-Secure Corporation) C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [F-Secure Manager] - C:\Program Files\F-Secure\Common\FSM32.EXE [306928 2012-06-26] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] - C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [1654512 2012-06-26] (F-Secure Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [VeohPlugin] - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [4686848 2013-03-24] (Veoh Networks)
Startup: C:\Users\Maiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Maiko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.co.jp/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: EndNote Web - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - EndNote Web - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Maiko\AppData\Roaming\Mozilla\Firefox\Profiles\aznzskyr.default
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (YouTube) - C:\Users\Maiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Maiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Maiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 F-Secure Gatekeeper Handler Starter; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [220912 2012-06-26] (F-Secure Corporation)
R3 F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [188144 2012-06-26] (F-Secure Corporation)
R2 fsdevcon; C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe [403184 2012-06-26] (F-Secure Corporation)
R3 FSDFWD; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [560880 2012-06-26] (F-Secure Corporation)
R2 FSMA; C:\Program Files\F-Secure\Common\FSMA32.EXE [188144 2012-06-26] (F-Secure Corporation)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1013808 2013-03-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-10] (Cisco Systems, Inc.)
S4 F-Secure Filter; C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [41072 2012-06-26] ()
R3 F-Secure Gatekeeper; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [145856 2013-07-10] (F-Secure Corporation)
S4 F-Secure Recognizer; C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [26352 2012-06-26] ()
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2013-02-26] ()
R1 FSES; C:\Windows\System32\drivers\fses.sys [36976 2012-06-26] (F-Secure Corporation)
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72688 2012-06-26] (F-Secure Corporation)
R1 fsvista; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [13552 2012-06-26] ()
R3 Sonyddpu; C:\Windows\System32\Drivers\Sonyddpu.sys [85792 2013-06-16] (Sony Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 09:15 - 2013-07-30 09:15 - 00000000 ____D C:\FRST
2013-07-30 00:06 - 2013-07-29 23:00 - 01221282 _____ (Farbar) C:\Users\Maiko\Desktop\FRST.exe
2013-07-29 21:26 - 2013-07-29 21:26 - 00181452 _____ C:\Users\Maiko\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53
2013-07-24 09:17 - 2013-07-24 09:17 - 00000873 _____ C:\Users\Maiko\Desktop\DEL0432080553.csv
2013-07-23 09:58 - 2013-07-23 09:59 - 00000000 ____D C:\Users\Maiko\Documents\Certificates
2013-07-17 08:09 - 2013-07-17 08:09 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 08:09 - 2013-07-17 08:09 - 00000000 ____D C:\5ea5b8733f41e68b516697f4978d97
2013-07-15 21:44 - 2013-07-15 21:44 - 00541831 _____ C:\Users\Maiko\Documents\Anniversary card from Daniel 2013.pptx
2013-07-12 12:13 - 2013-07-12 12:13 - 00000000 ____D C:\Users\Maiko\Desktop\LiCOR
2013-07-12 12:11 - 2013-07-12 16:23 - 00000000 ____D C:\Users\Maiko\Settings
2013-07-12 12:11 - 2013-07-12 12:14 - 00000000 ____D C:\Users\Maiko\Images
2013-07-12 12:10 - 2013-07-12 12:10 - 00001123 _____ C:\Users\Public\Desktop\Image Studio Ver 2.1.lnk
2013-07-12 12:10 - 2013-07-12 12:10 - 00000000 ____D C:\Users\Maiko\.licor
2013-07-12 12:09 - 2013-07-12 12:09 - 00000000 ____D C:\Program Files\Licor
2013-07-11 08:20 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 08:20 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 08:19 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 08:19 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 08:19 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 08:19 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 08:19 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 08:19 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 08:19 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 08:19 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 08:19 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 08:19 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 08:19 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 08:19 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 08:19 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 08:19 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 07:00 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 07:00 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 07:00 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 07:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-02 15:09 - 2012-03-05 11:38 - 13868544 _____ C:\Users\Maiko\Desktop\UCT2_alexscholz.ppt

==================== One Month Modified Files and Folders =======

2013-07-30 09:15 - 2013-07-30 09:15 - 00000000 ____D C:\FRST
2013-07-30 00:06 - 2013-02-26 10:25 - 00737484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 00:05 - 2009-07-14 06:34 - 00013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 00:05 - 2009-07-14 06:34 - 00013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 00:01 - 2013-02-26 11:20 - 01912165 _____ C:\Windows\WindowsUpdate.log
2013-07-29 23:59 - 2013-03-04 18:15 - 00000000 ____D C:\Users\Maiko\AppData\Roaming\Dropbox
2013-07-29 23:58 - 2013-04-16 15:12 - 00008260 _____ C:\Windows\setupact.log
2013-07-29 23:58 - 2013-04-15 14:08 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-29 23:58 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 23:00 - 2013-07-30 00:06 - 01221282 _____ (Farbar) C:\Users\Maiko\Desktop\FRST.exe
2013-07-29 22:53 - 2013-02-26 12:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 22:23 - 2013-04-15 14:08 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-29 21:26 - 2013-07-29 21:26 - 00181452 _____ C:\Users\Maiko\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53
2013-07-29 21:11 - 2013-02-26 14:17 - 00000000 ____D C:\Users\Maiko\AppData\Roaming\Skype
2013-07-29 19:28 - 2013-03-04 18:18 - 00000000 ___RD C:\Users\Maiko\Dropbox
2013-07-29 19:19 - 2013-06-24 12:12 - 00000000 ____D C:\Users\Maiko\Documents\AG Reiss
2013-07-29 19:19 - 2013-04-20 23:21 - 00000000 ____D C:\Users\Maiko\Desktop\Post-Doc in Vascular Biology (307843)  Frankfurt, Germany  Naturejobs_files
2013-07-29 19:19 - 2013-03-30 13:47 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-07-29 19:19 - 2013-02-26 14:16 - 00000000 ___RD C:\Program Files\Skype
2013-07-29 19:19 - 2013-02-26 12:51 - 00000000 ____D C:\Windows\system32\Macromed
2013-07-29 19:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-07-29 19:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-07-29 19:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-07-29 19:16 - 2013-02-26 14:16 - 00000000 ____D C:\ProgramData\Skype
2013-07-29 19:16 - 2008-09-04 04:19 - 00000000 __RHD C:\MSOCache
2013-07-29 19:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-07-29 09:40 - 2013-02-26 10:20 - 00000000 ____D C:\Users\Maiko
2013-07-24 13:15 - 2013-02-26 14:13 - 00000000 ____D C:\Users\Maiko\AppData\Local\Adobe
2013-07-24 09:17 - 2013-07-24 09:17 - 00000873 _____ C:\Users\Maiko\Desktop\DEL0432080553.csv
2013-07-23 09:59 - 2013-07-23 09:58 - 00000000 ____D C:\Users\Maiko\Documents\Certificates
2013-07-23 09:54 - 2013-05-02 02:55 - 00000000 ____D C:\Users\Maiko\Documents\Job application
2013-07-17 15:17 - 2013-02-26 13:44 - 00000000 ____D C:\Users\Maiko\AppData\Local\Microsoft Help
2013-07-17 08:09 - 2013-07-17 08:09 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 08:09 - 2013-07-17 08:09 - 00000000 ____D C:\5ea5b8733f41e68b516697f4978d97
2013-07-15 21:44 - 2013-07-15 21:44 - 00541831 _____ C:\Users\Maiko\Documents\Anniversary card from Daniel 2013.pptx
2013-07-12 16:23 - 2013-07-12 12:11 - 00000000 ____D C:\Users\Maiko\Settings
2013-07-12 12:14 - 2013-07-12 12:11 - 00000000 ____D C:\Users\Maiko\Images
2013-07-12 12:13 - 2013-07-12 12:13 - 00000000 ____D C:\Users\Maiko\Desktop\LiCOR
2013-07-12 12:10 - 2013-07-12 12:10 - 00001123 _____ C:\Users\Public\Desktop\Image Studio Ver 2.1.lnk
2013-07-12 12:10 - 2013-07-12 12:10 - 00000000 ____D C:\Users\Maiko\.licor
2013-07-12 12:09 - 2013-07-12 12:09 - 00000000 ____D C:\Program Files\Licor
2013-07-11 10:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 09:26 - 2009-07-14 06:33 - 00409096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 09:24 - 2009-07-14 09:50 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 09:24 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 08:21 - 2013-02-26 13:44 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 12:46

==================== End Of Log ============================
--- --- ---


und hier Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-07-2013 01
Ran by Maiko at 2013-07-30 00:07:40
Running from C:\Users\Maiko\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.00)
Chart4 for Windows
Cisco AnyConnect Secure Mobility Client  (Version: 3.0.11042)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (HKCU Version: 2.0.22)
EndNote Web (Version: 3.5.0.2537)
F-Secure Client Security - Device Control (Version: 1.00.17436)
F-Secure Client Security - E-Mail Scanning (Version: 6.00.515)
F-Secure Client Security - Internet Shield (Version: 6.29)
F-Secure Client Security - Virus & Spy Protection (Version: 9.30)
Google Chrome (Version: 22.0.1229.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.135)
Image Studio 2.1 (Version: 2.1.10)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1872)
iTunes (Version: 11.0.4.4)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 17.0.5)
Mozilla Thunderbird 17.0.5 (x86 en-GB) (Version: 17.0.5)
ResearchSoft Direct Export Helper
Skype™ 6.3 (Version: 6.3.107)
UCL Medicine
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VAIO Update (Version: 6.2.1.03260)
Veoh Web Player (Version: 1.1.2.0000)
VU5x86 (Version: 1.1.0)
 

==================== Restore Points  =========================

01-07-2013 05:36:56 Scheduled Checkpoint
02-07-2013 17:37:58 Windows Update
09-07-2013 06:17:52 Windows Update
11-07-2013 06:09:36 Windows Update
17-07-2013 05:22:14 Windows Update
17-07-2013 06:08:44 Windows Update
20-07-2013 10:42:55 Windows Update
27-07-2013 09:34:40 Windows Update
29-07-2013 07:46:12 Windows Update
29-07-2013 07:50:34 Windows Backup

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E93BC66-ACB7-46E3-B9A1-AF2FBD99A419} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {1ABA5F34-5A62-47BA-A32A-359855E1734F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
Task: {3012E2DB-32A9-48E4-AF34-EB78D8933245} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {600A29A6-098F-4B59-948A-996AB46D8057} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2013-03-24] (Veoh Networks)
Task: {6DAF4049-728F-4736-BE18-4B6B06494EE4} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-03-26] (Sony Corporation)
Task: {7FB7AB8C-2DD9-467B-A698-F6572BD73562} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-03-26] (Sony Corporation)
Task: {A38143A1-3236-4508-A561-DA43AD0CAC72} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2013-03-26] (Sony Corporation)
Task: {B97A72C3-D9AD-4C5A-9EBB-F37B71FA2DFB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {C0CF423B-C372-4CDE-B8AD-216AAC8B9726} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {F669383C-B3A8-40B9-A9CD-6D88CAC5923C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {F7046629-03B0-4041-9FC0-CD3681B9C66C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2013 09:26:35 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 1  2013-07-29  21:26:34+02:00  maiko-pc  Maiko-PC\Maiko  F-Secure Anti-Virus
 Malicious code found in file C:\Users\Maiko\AppData\Local\Temp\jar_cache2651185635258622510.tmp. 
 Infection: Exploit:Java/Majava.A 
 Action: The file was quarantined.

Error: (07/29/2013 00:22:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/29/2013 06:29:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15148

Error: (07/29/2013 06:29:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15148

Error: (07/29/2013 06:29:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/29/2013 06:28:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6848

Error: (07/29/2013 06:28:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6848

Error: (07/29/2013 06:28:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/29/2013 06:28:22 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 3  2013-07-29  06:28:22+02:00  maiko-pc  Maiko-PC\Maiko  F-Secure Anti-Virus
 An error occurred while scanning \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DOT3API.DLL.

Error: (07/29/2013 06:28:02 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 2  2013-07-29  06:28:00+02:00  maiko-pc  Maiko-PC\Maiko  F-Secure Anti-Virus
 An error occurred while scanning \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\ACTXPRXY.DLL.


System errors:
=============
Error: (07/29/2013 11:58:01 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 23:51:35 on ‎29/‎07/‎2013 was unexpected.

Error: (07/29/2013 11:48:45 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 23:00:38 on ‎29/‎07/‎2013 was unexpected.

Error: (07/29/2013 05:05:18 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/29/2013 04:15:06 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 16:14:13 on ‎29/‎07/‎2013 was unexpected.

Error: (07/29/2013 07:04:03 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the F-Secure Gatekeeper Handler Starter service.

Error: (07/29/2013 06:27:52 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (07/28/2013 10:56:41 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/28/2013 10:56:28 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/28/2013 10:56:23 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/28/2013 10:56:18 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.


Microsoft Office Sessions:
=========================
Error: (07/29/2013 09:26:35 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus)(User: )
Description: 1  2013-07-29  21:26:34+02:00  maiko-pc  Maiko-PC\Maiko  F-Secure Anti-Virus
 Malicious code found in file C:\Users\Maiko\AppData\Local\Temp\jar_cache2651185635258622510.tmp. 
 Infection: Exploit:Java/Majava.A 
 Action: The file was quarantined.

Error: (07/29/2013 00:22:00 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files\F-Secure\common\fstsutil64.exe

Error: (07/29/2013 06:29:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15148

Error: (07/29/2013 06:29:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15148

Error: (07/29/2013 06:29:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/29/2013 06:28:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6848

Error: (07/29/2013 06:28:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6848

Error: (07/29/2013 06:28:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/29/2013 06:28:22 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus)(User: )
Description: 3  2013-07-29  06:28:22+02:00  maiko-pc  Maiko-PC\Maiko  F-Secure Anti-Virus
 An error occurred while scanning \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DOT3API.DLL.

Error: (07/29/2013 06:28:02 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus)(User: )
Description: 2  2013-07-29  06:28:00+02:00  maiko-pc  Maiko-PC\Maiko  F-Secure Anti-Virus
 An error occurred while scanning \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\ACTXPRXY.DLL.


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 1915.04 MB
Available physical RAM: 907.21 MB
Total Pagefile: 3830.07 MB
Available Pagefile: 2765.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1872.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224.53 GB) (Free:71.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:3.79 GB) (Free:2.16 GB) FAT32
Drive h: (Transcend) (Removable) (Total:3.77 GB) (Free:2.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 20805342)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=225 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

Alt 29.07.2013, 23:18   #8
aharonov
/// TB-Ausbilder
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Wie läuft der Rechner denn jetzt? Alles normal?
Noch eine Kontrolle:



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
cheers,
Leo

Alt 30.07.2013, 11:36   #9
Maikidodo
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Hallo,

das hat etwas gedauert.
Aber hier ist das log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ee8369bad3a0d2479b00c454772b2804
# engine=14581
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-30 10:26:54
# local_time=2013-07-30 12:26:54 (+0100, W. Europe Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2310 16777213 100 97 42873 34452090 0 0
# compatibility_mode=5893 16776574 100 94 18050 126811205 0 0
# scanned=731614
# found=8
# cleaned=0
# scan_time=17491
sh=B1E3F4B29DE47711C11DD4F527E543A64F2F130A ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Maiko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\6acf8c97-45cfd143"
sh=31E0683A4969DDE6FED786373CC60D974CD848F7 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Maiko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\71592067-72fcdcf9"
sh=045DDDFF32DAD0564C9C2054F6DE80E5FD256578 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Maiko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\b280dbc-33c78d46"
sh=2ACE4F6A30FABF621588D4B0549A4A79677B6890 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Windows.old\Documents and Settings\maiko yamaji\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\30b9e4e6-32b1253a"
sh=63BA19524832E3074B08DF4A5E607821C635C205 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NAC trojan" ac=I fn="C:\Windows.old\Documents and Settings\maiko yamaji\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2aa6293a-1611532b"
sh=2ACE4F6A30FABF621588D4B0549A4A79677B6890 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Windows.old\Users\maiko yamaji\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\30b9e4e6-32b1253a"
sh=63BA19524832E3074B08DF4A5E607821C635C205 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NAC trojan" ac=I fn="C:\Windows.old\Users\maiko yamaji\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2aa6293a-1611532b"
sh=4DD81DAD452748C6AED8A15E3FAA55FD8C03A0AD ft=1 fh=aef596da8479d2ee vn="a variant of Win32/Kryptik.DKD trojan" ac=I fn="C:\Windows.old\Windows\Temp\_ex-68.exe"
Ich konnte meine externe FP und einen Teil des USBs nicht anschließen, weil ich sie in der Arbeit habe. Soll ich das später nachholen?

Ausserdem ging plötzlich ziemlich zu Anfang ein Pop-Up auf: User Account Control - Installet: performer-irgendwas (konnte ich nicht mehr aufschreiben) LLC. Ich sollte ja oder nein klicken. Ich habe nichts gemacht, auf einmal war es weg.

Ist das ein Problem?

LG und vielen Dank,
Maikidodo

Alt 30.07.2013, 20:09   #10
aharonov
/// TB-Ausbilder
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Hallo,

ist schon ok so wegen der FP. Du kannst die ja irgendwann mal noch durchscannen, wenn du Zeit hast.

Mal schauen, was sich da installieren will bei dir:


Starte noch einmal FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.
__________________
cheers,
Leo

Alt 30.07.2013, 22:46   #11
Maikidodo
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Hallo und guten Abend,
vielen Dank:

Hier sind die logs:

1) FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 01
Ran by Maiko (administrator) on 30-07-2013 23:39:18
Running from C:\Users\Maiko\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
(F-Secure Corporation) C:\Program Files\F-Secure\Device Control\fsdevcon32.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\F-Secure\Common\FSHDLL32.EXE
(F-Secure Corporation) C:\Program Files\F-Secure\Common\FNRB32.EXE
(F-Secure Corporation) C:\Program Files\F-Secure\Common\FIH32.EXE
(F-Secure Corporation) C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files\F-Secure\common\FSM32.EXE
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\Maiko\AppData\Roaming\Dropbox\bin\Dropbox.exe
(F-Secure Corporation) C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(F-Secure Corporation) C:\Program Files\F-Secure\FSGUI\fscuif.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [F-Secure Manager] - C:\Program Files\F-Secure\Common\FSM32.EXE [306928 2012-06-26] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] - C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [1654512 2012-06-26] (F-Secure Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [VeohPlugin] - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [4686848 2013-03-24] (Veoh Networks)
Startup: C:\Users\Maiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Maiko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.co.jp/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: EndNote Web - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - EndNote Web - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Maiko\AppData\Roaming\Mozilla\Firefox\Profiles\aznzskyr.default
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (YouTube) - C:\Users\Maiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Maiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Maiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 F-Secure Gatekeeper Handler Starter; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [220912 2012-06-26] (F-Secure Corporation)
R3 F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [188144 2012-06-26] (F-Secure Corporation)
R2 fsdevcon; C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe [403184 2012-06-26] (F-Secure Corporation)
R3 FSDFWD; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [560880 2012-06-26] (F-Secure Corporation)
R2 FSMA; C:\Program Files\F-Secure\Common\FSMA32.EXE [188144 2012-06-26] (F-Secure Corporation)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1013808 2013-03-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-10] (Cisco Systems, Inc.)
S4 F-Secure Filter; C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [41072 2012-06-26] ()
R3 F-Secure Gatekeeper; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [145856 2013-07-10] (F-Secure Corporation)
S4 F-Secure Recognizer; C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [26352 2012-06-26] ()
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2013-02-26] ()
R1 FSES; C:\Windows\System32\drivers\fses.sys [36976 2012-06-26] (F-Secure Corporation)
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72688 2012-06-26] (F-Secure Corporation)
R1 fsvista; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [13552 2012-06-26] ()
R3 Sonyddpu; C:\Windows\System32\Drivers\Sonyddpu.sys [85792 2013-06-16] (Sony Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 09:15 - 2013-07-30 09:15 - 00000000 ____D C:\FRST
2013-07-30 07:27 - 2013-07-30 07:27 - 02347384 _____ (ESET) C:\Users\Maiko\Desktop\esetsmartinstaller_enu.exe
2013-07-30 00:07 - 2013-07-30 00:07 - 00016609 _____ C:\Users\Maiko\Desktop\Addition.txt
2013-07-30 00:06 - 2013-07-29 23:00 - 01221282 _____ (Farbar) C:\Users\Maiko\Desktop\FRST.exe
2013-07-29 21:26 - 2013-07-29 21:26 - 00181452 _____ C:\Users\Maiko\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53
2013-07-24 09:17 - 2013-07-24 09:17 - 00000873 _____ C:\Users\Maiko\Desktop\DEL0432080553.csv
2013-07-23 09:58 - 2013-07-23 09:59 - 00000000 ____D C:\Users\Maiko\Documents\Certificates
2013-07-17 08:09 - 2013-07-17 08:09 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 08:09 - 2013-07-17 08:09 - 00000000 ____D C:\5ea5b8733f41e68b516697f4978d97
2013-07-15 21:44 - 2013-07-15 21:44 - 00541831 _____ C:\Users\Maiko\Documents\Anniversary card from Daniel 2013.pptx
2013-07-12 12:13 - 2013-07-12 12:13 - 00000000 ____D C:\Users\Maiko\Desktop\LiCOR
2013-07-12 12:11 - 2013-07-12 16:23 - 00000000 ____D C:\Users\Maiko\Settings
2013-07-12 12:11 - 2013-07-12 12:14 - 00000000 ____D C:\Users\Maiko\Images
2013-07-12 12:10 - 2013-07-12 12:10 - 00001123 _____ C:\Users\Public\Desktop\Image Studio Ver 2.1.lnk
2013-07-12 12:10 - 2013-07-12 12:10 - 00000000 ____D C:\Users\Maiko\.licor
2013-07-12 12:09 - 2013-07-12 12:09 - 00000000 ____D C:\Program Files\Licor
2013-07-11 08:20 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 08:20 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 08:19 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 08:19 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 08:19 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 08:19 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 08:19 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 08:19 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 08:19 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 08:19 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 08:19 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 08:19 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 08:19 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 08:19 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 08:19 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 08:19 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 07:00 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 07:00 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 07:00 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 07:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-02 15:09 - 2012-03-05 11:38 - 13868544 _____ C:\Users\Maiko\Desktop\UCT2_alexscholz.ppt

==================== One Month Modified Files and Folders =======

2013-07-30 23:37 - 2013-04-15 14:08 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-30 23:37 - 2013-02-26 12:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 12:34 - 2013-02-26 11:20 - 02003075 _____ C:\Windows\WindowsUpdate.log
2013-07-30 09:48 - 2009-07-14 06:34 - 00013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 09:48 - 2009-07-14 06:34 - 00013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 09:15 - 2013-07-30 09:15 - 00000000 ____D C:\FRST
2013-07-30 07:58 - 2013-04-15 14:10 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-30 07:56 - 2013-04-15 14:08 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-30 07:27 - 2013-07-30 07:27 - 02347384 _____ (ESET) C:\Users\Maiko\Desktop\esetsmartinstaller_enu.exe
2013-07-30 07:12 - 2013-02-26 14:17 - 00000000 ____D C:\Users\Maiko\AppData\Roaming\Skype
2013-07-30 00:21 - 2013-03-04 18:18 - 00000000 ___RD C:\Users\Maiko\Dropbox
2013-07-30 00:21 - 2013-03-04 18:15 - 00000000 ____D C:\Users\Maiko\AppData\Roaming\Dropbox
2013-07-30 00:07 - 2013-07-30 00:07 - 00016609 _____ C:\Users\Maiko\Desktop\Addition.txt
2013-07-30 00:06 - 2013-02-26 10:25 - 00737484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 23:58 - 2013-04-16 15:12 - 00008260 _____ C:\Windows\setupact.log
2013-07-29 23:58 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 23:00 - 2013-07-30 00:06 - 01221282 _____ (Farbar) C:\Users\Maiko\Desktop\FRST.exe
2013-07-29 21:26 - 2013-07-29 21:26 - 00181452 _____ C:\Users\Maiko\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53
2013-07-29 19:19 - 2013-06-24 12:12 - 00000000 ____D C:\Users\Maiko\Documents\AG Reiss
2013-07-29 19:19 - 2013-04-20 23:21 - 00000000 ____D C:\Users\Maiko\Desktop\Post-Doc in Vascular Biology (307843)  Frankfurt, Germany  Naturejobs_files
2013-07-29 19:19 - 2013-03-30 13:47 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-07-29 19:19 - 2013-02-26 14:16 - 00000000 ___RD C:\Program Files\Skype
2013-07-29 19:19 - 2013-02-26 12:51 - 00000000 ____D C:\Windows\system32\Macromed
2013-07-29 19:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-07-29 19:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-07-29 19:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-07-29 19:16 - 2013-02-26 14:16 - 00000000 ____D C:\ProgramData\Skype
2013-07-29 19:16 - 2008-09-04 04:19 - 00000000 __RHD C:\MSOCache
2013-07-29 19:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-07-29 09:40 - 2013-02-26 10:20 - 00000000 ____D C:\Users\Maiko
2013-07-24 13:15 - 2013-02-26 14:13 - 00000000 ____D C:\Users\Maiko\AppData\Local\Adobe
2013-07-24 09:17 - 2013-07-24 09:17 - 00000873 _____ C:\Users\Maiko\Desktop\DEL0432080553.csv
2013-07-23 09:59 - 2013-07-23 09:58 - 00000000 ____D C:\Users\Maiko\Documents\Certificates
2013-07-23 09:54 - 2013-05-02 02:55 - 00000000 ____D C:\Users\Maiko\Documents\Job application
2013-07-17 15:17 - 2013-02-26 13:44 - 00000000 ____D C:\Users\Maiko\AppData\Local\Microsoft Help
2013-07-17 08:09 - 2013-07-17 08:09 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 08:09 - 2013-07-17 08:09 - 00000000 ____D C:\5ea5b8733f41e68b516697f4978d97
2013-07-15 21:44 - 2013-07-15 21:44 - 00541831 _____ C:\Users\Maiko\Documents\Anniversary card from Daniel 2013.pptx
2013-07-12 16:23 - 2013-07-12 12:11 - 00000000 ____D C:\Users\Maiko\Settings
2013-07-12 12:14 - 2013-07-12 12:11 - 00000000 ____D C:\Users\Maiko\Images
2013-07-12 12:13 - 2013-07-12 12:13 - 00000000 ____D C:\Users\Maiko\Desktop\LiCOR
2013-07-12 12:10 - 2013-07-12 12:10 - 00001123 _____ C:\Users\Public\Desktop\Image Studio Ver 2.1.lnk
2013-07-12 12:10 - 2013-07-12 12:10 - 00000000 ____D C:\Users\Maiko\.licor
2013-07-12 12:09 - 2013-07-12 12:09 - 00000000 ____D C:\Program Files\Licor
2013-07-11 10:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 09:26 - 2009-07-14 06:33 - 00409096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 09:24 - 2009-07-14 09:50 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 09:24 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 08:21 - 2013-02-26 13:44 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 12:46

==================== End Of Log ============================
--- --- ---


2) Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-07-2013 01
Ran by Maiko at 2013-07-30 23:40:01
Running from C:\Users\Maiko\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.00)
Chart4 for Windows
Cisco AnyConnect Secure Mobility Client  (Version: 3.0.11042)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (HKCU Version: 2.0.22)
EndNote Web (Version: 3.5.0.2537)
F-Secure Client Security - Device Control (Version: 1.00.17436)
F-Secure Client Security - E-Mail Scanning (Version: 6.00.515)
F-Secure Client Security - Internet Shield (Version: 6.29)
F-Secure Client Security - Virus & Spy Protection (Version: 9.30)
Google Chrome (Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Image Studio 2.1 (Version: 2.1.10)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1872)
iTunes (Version: 11.0.4.4)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 17.0.5)
Mozilla Thunderbird 17.0.5 (x86 en-GB) (Version: 17.0.5)
ResearchSoft Direct Export Helper
Skype™ 6.3 (Version: 6.3.107)
UCL Medicine
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VAIO Update (Version: 6.2.1.03260)
Veoh Web Player (Version: 1.1.2.0000)
VU5x86 (Version: 1.1.0)
 

==================== Restore Points  =========================

01-07-2013 05:36:56 Scheduled Checkpoint
02-07-2013 17:37:58 Windows Update
09-07-2013 06:17:52 Windows Update
11-07-2013 06:09:36 Windows Update
17-07-2013 05:22:14 Windows Update
17-07-2013 06:08:44 Windows Update
20-07-2013 10:42:55 Windows Update
27-07-2013 09:34:40 Windows Update
29-07-2013 07:46:12 Windows Update
29-07-2013 07:50:34 Windows Backup

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1ABA5F34-5A62-47BA-A32A-359855E1734F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
Task: {3012E2DB-32A9-48E4-AF34-EB78D8933245} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {600A29A6-098F-4B59-948A-996AB46D8057} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2013-03-24] (Veoh Networks)
Task: {6DAF4049-728F-4736-BE18-4B6B06494EE4} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-03-26] (Sony Corporation)
Task: {7FB7AB8C-2DD9-467B-A698-F6572BD73562} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-03-26] (Sony Corporation)
Task: {A38143A1-3236-4508-A561-DA43AD0CAC72} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2013-03-26] (Sony Corporation)
Task: {B97A72C3-D9AD-4C5A-9EBB-F37B71FA2DFB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {C0CF423B-C372-4CDE-B8AD-216AAC8B9726} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {F669383C-B3A8-40B9-A9CD-6D88CAC5923C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {F7046629-03B0-4041-9FC0-CD3681B9C66C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2013 07:10:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21615733

Error: (07/30/2013 07:10:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21615733

Error: (07/30/2013 07:10:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/30/2013 00:57:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/30/2013 01:18:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/30/2013 00:45:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/29/2013 09:26:35 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 1  2013-07-29  21:26:34+02:00  maiko-pc  Maiko-PC\Maiko  F-Secure Anti-Virus
 Malicious code found in file C:\Users\Maiko\AppData\Local\Temp\jar_cache2651185635258622510.tmp. 
 Infection: Exploit:Java/Majava.A 
 Action: The file was quarantined.

Error: (07/29/2013 00:22:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/29/2013 06:29:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15148

Error: (07/29/2013 06:29:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15148


System errors:
=============
Error: (07/29/2013 11:58:01 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 23:51:35 on ‎29/‎07/‎2013 was unexpected.

Error: (07/29/2013 11:48:45 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 23:00:38 on ‎29/‎07/‎2013 was unexpected.

Error: (07/29/2013 05:05:18 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/29/2013 04:15:06 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 16:14:13 on ‎29/‎07/‎2013 was unexpected.

Error: (07/29/2013 07:04:03 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the F-Secure Gatekeeper Handler Starter service.

Error: (07/29/2013 06:27:52 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (07/28/2013 10:56:41 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/28/2013 10:56:28 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/28/2013 10:56:23 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/28/2013 10:56:18 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.


Microsoft Office Sessions:
=========================
Error: (07/30/2013 07:10:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21615733

Error: (07/30/2013 07:10:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21615733

Error: (07/30/2013 07:10:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/30/2013 00:57:29 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files\F-Secure\common\fstsutil64.exe

Error: (07/30/2013 01:18:42 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files\F-Secure\common\fstsutil64.exe

Error: (07/30/2013 00:45:08 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files\F-Secure\common\fstsutil64.exe

Error: (07/29/2013 09:26:35 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus)(User: )
Description: 1  2013-07-29  21:26:34+02:00  maiko-pc  Maiko-PC\Maiko  F-Secure Anti-Virus
 Malicious code found in file C:\Users\Maiko\AppData\Local\Temp\jar_cache2651185635258622510.tmp. 
 Infection: Exploit:Java/Majava.A 
 Action: The file was quarantined.

Error: (07/29/2013 00:22:00 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files\F-Secure\common\fstsutil64.exe

Error: (07/29/2013 06:29:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15148

Error: (07/29/2013 06:29:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15148


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 1915.04 MB
Available physical RAM: 838.61 MB
Total Pagefile: 3830.07 MB
Available Pagefile: 2668.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224.53 GB) (Free:70.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:3.79 GB) (Free:2.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 20805342)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=225 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================
Vielen Dank,

Maikidodo

Alt 30.07.2013, 22:57   #12
aharonov
/// TB-Ausbilder
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Schritt 1

Lade dir TFC (von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schliesse alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
cheers,
Leo

Alt 30.07.2013, 23:18   #13
Maikidodo
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Alles klar.
Habe beides ausgeführt.

TFC hat normal abgeschlossen, ohne einen Neustart auszuführen.

Hier das Log von AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.306 - Logfile created 07/31/2013 at 00:11:47
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Maiko - MAIKO-PC
# Boot Mode : Normal
# Running from : C:\Users\Maiko\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Maiko\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Maiko\AppData\Roaming\Mozilla\Firefox\Profiles\aznzskyr.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Maiko\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1185 octets] - [31/07/2013 00:11:47]

########## EOF - C:\AdwCleaner[S1].txt - [1245 octets] ##########

Alt 30.07.2013, 23:21   #14
aharonov
/// TB-Ausbilder
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


Und läuft jetzt alles normal oder bestehen noch Probleme?
__________________
cheers,
Leo

Alt 30.07.2013, 23:23   #15
Maikidodo
 
Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Standard

Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


also ich habe eigentlich nichts am pc gemacht, also gebrowst oder gearbeitet, sondern nur die programme von euch ausgeführt. ich verwende zum posten einen anderen pc.

aber es kommen zumindest keine fehlermeldungen, desktop sieht ok aus.

Antwort
Seite 1 von 2 1 2

Themen zu Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."
bildschirm, blockieren, erlaubte, exploit:java/majava.a, guten, icon, java update, java-update, java/exploit.agent.nac, meldung, message, nicht mehr, rechner, screen, taskleiste, update, urheberrecht, vaio, virus?, win32/kryptik.dkd, wunder, youtube, zunge


« SoftwareUpdater.Ui.exe entfernen? | GVU Trojaner - windows 8 »


Ähnliche Themen: Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."


  1. Gesellschaft zur Verfügung von Urheberrechtsverletzungen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2015 (22)
  2. Win7 32Bit: Gesellschaft zur Verfügung von Urheberrechtsverletzungen
    Log-Analyse und Auswertung - 07.01.2015 (13)
  3. Gesellschaft zur verfügung von urheberrechtsverletzungen
    Smartphone, Tablet & Handy Security - 20.12.2014 (2)
  4. WIN7x64: "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Abgesicherter Modus nicht möglich - bereits einiges versucht
    Plagegeister aller Art und deren Bekämpfung - 23.12.2013 (3)
  5. Trojaner Schirm "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Windows 7
    Log-Analyse und Auswertung - 16.11.2013 (1)
  6. Windows 8: "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (17)
  7. virus gesellschaft zur verfügung von urheberrechtsverletzungen
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (10)
  8. "Gesellschaft Zur Verfügung Von Urheberrechtsverletzungen Virus" Logfile mit FSRT erstellt
    Log-Analyse und Auswertung - 06.09.2013 (13)
  9. "Gesellschaft zur verfügung von urheberrechtsverletzungen" - kein abgesicherter modus möglich
    Plagegeister aller Art und deren Bekämpfung - 03.08.2013 (21)
  10. Malware "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"
    Log-Analyse und Auswertung - 25.07.2013 (21)
  11. "gesellschaft zur Verfügung von Urheberrechtsverletzungen" kein abgesicherter modus möglich
    Log-Analyse und Auswertung - 23.07.2013 (19)
  12. Malware "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"
    Log-Analyse und Auswertung - 22.07.2013 (13)
  13. Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2013 (18)
  14. "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - kein Zugriff auf Rechner möglich
    Log-Analyse und Auswertung - 02.07.2013 (15)
  15. Gesellschaft zur Verfügung von Urheberrechtsverletzungen, Bundesamt für Scherkeit in der Informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (1)
  16. Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (12)
  17. Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (35)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Guten Abend, ich war gerade beim Surfen - youtube, als auf einmal ein Pop-Up mit dem Icon meiner Anti-Virussoftware aufging und mir mitteilte, dass mein Java (oder Javasript - erinnere - Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."...
Archiv
Du betrachtest: Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131