|
Plagegeister aller Art und deren Bekämpfung: Erfarhungen mit der Entfernung von jsf.jsticket.netWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.11.2013, 21:54 | #1 |
| Erfarhungen mit der Entfernung von jsf.jsticket.net Hallo, ich habe hier einen Rechner eines Bekannten zur Analyse, der mir ziemlich Kopfschmerzen bereitet. Im Internet Explorer öffnen beinahe alle Seiten die man ansurft einen Link auf jsf.jsticket.net Ich habe danach gegoogelt, und was mir auffällt ist, dass man unter diesem Betreff fast nur Fake-Einträge findet, also irgendwelche "Virus Removal Blogs", die aber in Wahrheit wohl nur als Linkfarm dienen. Das nächste was mir aufgefallen ist: ich entdecke im IE keinerlei Addons, keine laufenden Prozesse im Taskmanager. Ein Scan mit Malwarebytes brachte auch nichts. Also habe ich mir die Avira Live CD heruntergeladen, und damit gescannt, und der findet - 0, keine Bedrohungen. Wie werde ich das Teil los? Mein Bekannter meint, er habe das inzwischen auf all seinen drei PCs, es ist also offenbar nicht auszuschließen, dass sich das Teil über Netzwerkfreigaben oder ähnliches verbreitet. Kennt jemand den genauen Infektionsweg? Und welches Tool erkennt das Teil? |
19.11.2013, 07:52 | #2 |
/// the machine /// TB-Ausbilder | Erfarhungen mit der Entfernung von jsf.jsticket.net hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
23.11.2013, 13:39 | #3 |
| Erfarhungen mit der Entfernung von jsf.jsticket.net Danke schrauber und sorry für die später Antwort, ich bin erst heute wieder an den betreffenden Rechner gekommen. Anbei die angeforderten Dateien
__________________ |
24.11.2013, 08:33 | #4 |
/// the machine /// TB-Ausbilder | Erfarhungen mit der Entfernung von jsf.jsticket.net Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.11.2013, 17:09 | #5 |
| Erfarhungen mit der Entfernung von jsf.jsticket.net FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2013 Ran by Hedimu (administrator) on HEDIMU_LAPTOP on 23-11-2013 13:28:18 Running from C:\Users\Hedimu\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) C:\Program Files\Sony\Network Utility\LANUtil.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Avira Operations GmbH & Co. KG) C:\Windows\Temp\AVSETUP_52909d84\setup.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Windows\Temp\AVSETUP_52909d84\insthlp.exe (Ask.com) C:\Windows\Temp\AVSETUP_52909d84\Offercast_AVIRAV7_.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-06-23] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1295656 2008-07-04] (Synaptics, Inc.) HKLM\...\Run: [] - [x] HKLM\...\Run: [ISBMgr.exe] - C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation) HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2008-06-23] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-11-23] (Avira Operations GmbH & Co. KG) Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation) HKCU\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [262144 2008-06-27] (Sony Corporation) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-06-27] (Sony Corporation) HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-06-27] (Sony Corporation) AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [ 2010-06-11] (Google) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay.de/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=77&ru=http%3A%2F%2Fmy.ebay.de%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyEbay%3D%26gbh%3D1%26guest%3D1&pageType=3984 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sonystyle-europe.com hxxp://www.club-vaio.com/vbc/ebay/index.html hxxp://www.club-vaio.com/vbc HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0369308C-5CDB-4504-B9AE-F92F30EC5240} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0369308C-5CDB-4504-B9AE-F92F30EC5240} URL = BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: ViewPassword - {6ee07ee8-b141-4cda-865d-60ddbec7c335} - C:\Program Files\ViewPassword\135.dll No File BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 38 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.179.1 ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] () R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-11-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-11-23] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-11-23] (Avira Operations GmbH & Co. KG) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-11] (Google) R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [299008 2008-06-27] (Sony Corporation) S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation) S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation) S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation) S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation) R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-19] (Sony Corporation) S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-11] (Sony Corporation) R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation) R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x] ==================== Drivers (Whitelisted) ==================== R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-11-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-11-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-23] (Avira Operations GmbH & Co. KG) S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-11-23] (Avira GmbH) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-23 13:28 - 2013-11-23 13:28 - 00011509 _____ C:\Users\Hedimu\Desktop\FRST.txt 2013-11-23 13:28 - 2013-11-23 13:28 - 00000000 ____D C:\FRST 2013-11-23 13:28 - 2013-11-23 13:28 - 00000000 _____ C:\Users\Hedimu\Documents\APNSetup1.exe 2013-11-23 13:28 - 2013-11-23 13:28 - 00000000 _____ C:\Users\Hedimu\Documents\APNSetup.exe 2013-11-23 13:27 - 2013-11-23 13:27 - 00001847 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-11-23 13:27 - 2013-11-23 13:27 - 00000000 ____D C:\Program Files\Avira 2013-11-23 13:27 - 2013-11-23 13:26 - 01091049 _____ (Farbar) C:\Users\Hedimu\Desktop\FRST.exe 2013-11-23 13:27 - 2013-11-23 13:19 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-11-23 13:27 - 2013-11-23 13:19 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-11-23 13:27 - 2013-11-23 13:19 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-11-23 13:27 - 2013-11-23 13:19 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2013-11-23 13:27 - 2013-11-18 22:04 - 01085542 _____ C:\Users\Hedimu\Desktop\adwcleaner.exe 2013-11-18 22:11 - 2013-11-23 13:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-18 22:11 - 2013-11-18 22:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-11-18 22:11 - 2013-11-18 22:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-11-18 22:05 - 2013-11-18 22:06 - 00000000 ____D C:\AdwCleaner 2013-11-18 21:18 - 2013-11-18 21:18 - 00000000 ____D C:\Users\Hedimu\AppData\Roaming\Malwarebytes 2013-11-18 21:17 - 2013-11-18 21:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-11-18 21:17 - 2013-11-18 21:17 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-18 21:17 - 2013-11-18 21:17 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-18 21:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-11-17 20:24 - 2013-11-17 20:25 - 00000000 ____D C:\Users\Hedimu\Desktop\Neuer Ordner (2) 2013-11-17 00:16 - 2013-11-17 09:33 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP 2013-11-17 00:16 - 2013-11-17 00:16 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-11-17 00:16 - 2013-11-17 00:16 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2013-11-16 10:04 - 2013-11-16 10:09 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog 2013-11-16 10:04 - 2013-11-16 10:04 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-16 10:03 - 2013-11-23 13:25 - 00000376 _____ C:\Windows\Tasks\ViewPassword Update.job 2013-11-14 22:41 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-14 22:41 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-14 22:41 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-14 22:41 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-14 22:41 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-11-14 22:41 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-14 22:41 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-11-14 22:41 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-14 22:41 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-14 22:41 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-11-14 22:41 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-11-14 22:41 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-14 22:41 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-14 22:41 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-11-14 22:41 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-14 22:41 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 18:33 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 18:32 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 18:32 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 18:32 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF 2013-11-13 18:32 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-12 19:33 - 2013-11-12 19:33 - 00000000 ____D C:\ProgramData\APN 2013-11-12 19:32 - 2013-11-23 13:27 - 00000000 ____D C:\ProgramData\Avira 2013-11-09 20:17 - 2013-11-12 18:38 - 00001912 _____ C:\Windows\epplauncher.mif 2013-11-09 20:10 - 2010-04-05 21:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys ==================== One Month Modified Files and Folders ======= 2013-11-23 13:28 - 2013-11-23 13:28 - 00011509 _____ C:\Users\Hedimu\Desktop\FRST.txt 2013-11-23 13:28 - 2013-11-23 13:28 - 00000000 ____D C:\FRST 2013-11-23 13:28 - 2013-11-23 13:28 - 00000000 _____ C:\Users\Hedimu\Documents\APNSetup1.exe 2013-11-23 13:28 - 2013-11-23 13:28 - 00000000 _____ C:\Users\Hedimu\Documents\APNSetup.exe 2013-11-23 13:28 - 2009-03-15 12:39 - 01737694 _____ C:\Windows\WindowsUpdate.log 2013-11-23 13:27 - 2013-11-23 13:27 - 00001847 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-11-23 13:27 - 2013-11-23 13:27 - 00000000 ____D C:\Program Files\Avira 2013-11-23 13:27 - 2013-11-12 19:32 - 00000000 ____D C:\ProgramData\Avira 2013-11-23 13:27 - 2008-07-28 11:57 - 00027934 _____ C:\ProgramData\nvModes.001 2013-11-23 13:26 - 2013-11-23 13:27 - 01091049 _____ (Farbar) C:\Users\Hedimu\Desktop\FRST.exe 2013-11-23 13:25 - 2013-11-16 10:03 - 00000376 _____ C:\Windows\Tasks\ViewPassword Update.job 2013-11-23 13:25 - 2010-02-07 18:40 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-23 13:25 - 2008-07-28 11:57 - 00027934 _____ C:\ProgramData\nvModes.dat 2013-11-23 13:25 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-23 13:25 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-23 13:25 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-23 13:24 - 2008-01-21 03:47 - 01018634 _____ C:\Windows\PFRO.log 2013-11-23 13:23 - 2008-07-28 11:48 - 00000012 _____ C:\Windows\bthservsdp.dat 2013-11-23 13:23 - 2006-11-02 14:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-11-23 13:19 - 2013-11-23 13:27 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-11-23 13:19 - 2013-11-23 13:27 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-11-23 13:19 - 2013-11-23 13:27 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-11-23 13:19 - 2013-11-23 13:27 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2013-11-23 13:19 - 2013-11-18 22:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-23 13:16 - 2010-02-07 18:40 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-23 13:06 - 2006-11-02 13:52 - 00125857 _____ C:\Windows\setupact.log 2013-11-18 22:11 - 2013-11-18 22:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-11-18 22:11 - 2013-11-18 22:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-11-18 22:06 - 2013-11-18 22:05 - 00000000 ____D C:\AdwCleaner 2013-11-18 22:06 - 2009-03-25 15:54 - 00000000 ____D C:\ProgramData\ICQ 2013-11-18 22:04 - 2013-11-23 13:27 - 01085542 _____ C:\Users\Hedimu\Desktop\adwcleaner.exe 2013-11-18 21:40 - 2008-07-28 11:46 - 00000000 ____D C:\Windows\InstDrvs 2013-11-18 21:20 - 2008-01-21 08:16 - 01445310 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-18 21:18 - 2013-11-18 21:18 - 00000000 ____D C:\Users\Hedimu\AppData\Roaming\Malwarebytes 2013-11-18 21:18 - 2013-11-18 21:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-11-18 21:17 - 2013-11-18 21:17 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-18 21:17 - 2013-11-18 21:17 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-17 20:25 - 2013-11-17 20:24 - 00000000 ____D C:\Users\Hedimu\Desktop\Neuer Ordner (2) 2013-11-17 09:33 - 2013-11-17 00:16 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP 2013-11-17 00:16 - 2013-11-17 00:16 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-11-17 00:16 - 2013-11-17 00:16 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2013-11-16 10:09 - 2013-11-16 10:04 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog 2013-11-16 10:04 - 2013-11-16 10:04 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-16 10:04 - 2009-03-15 12:40 - 00000000 ____D C:\Users\Hedimu\AppData\Local\Google 2013-11-15 22:36 - 2012-09-16 09:39 - 00002631 _____ C:\Users\Hedimu\Desktop\Microsoft Office Word 2007.lnk 2013-11-14 23:20 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache 2013-11-14 23:02 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE 2013-11-14 22:41 - 2008-10-13 04:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-14 22:39 - 2013-08-16 21:51 - 00000000 ____D C:\Windows\system32\MRT 2013-11-12 19:54 - 2008-10-13 04:17 - 00000000 ____D C:\Program Files\Microsoft Office 2013-11-12 19:33 - 2013-11-12 19:33 - 00000000 ____D C:\ProgramData\APN 2013-11-12 18:41 - 2012-12-14 19:30 - 105661272 _____ C:\Users\Hedimu\Downloads\avira_free_antivirus_de (1).exe 2013-11-12 18:38 - 2013-11-09 20:17 - 00001912 _____ C:\Windows\epplauncher.mif 2013-11-12 15:41 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\System 2013-11-12 15:41 - 2006-11-02 11:23 - 00000219 _____ C:\Windows\win.ini 2013-11-12 15:34 - 2009-03-15 12:40 - 00081528 _____ C:\Users\Hedimu\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-12 15:33 - 2006-11-02 13:47 - 00336616 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-11 05:50 - 2009-10-02 19:33 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2013-11-10 12:38 - 2009-03-21 18:02 - 00000000 ____D C:\Users\Hedimu\AppData\Roaming\Skype 2013-11-10 12:38 - 2008-10-13 04:39 - 00000000 ____D C:\ProgramData\Skype 2013-11-10 08:44 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-11-07 15:50 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-11-02 21:44 - 2013-06-24 19:33 - 00000000 ____D C:\Users\Hedimu\Desktop\Malle 2013-10-28 21:57 - 2013-02-17 21:30 - 00000000 ____D C:\Users\Hedimu\Desktop\Neuer Ordner Files to move or delete: ==================== C:\Users\Hedimu\AppData\Roaming\desktop.ini Some content of TEMP: ==================== C:\Users\Hedimu\AppData\Local\Temp\AskSLib.dll C:\Users\Hedimu\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-23 13:31 ==================== End Of Log ============================ --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2013 Ran by Hedimu at 2013-11-23 13:29:43 Running from C:\Users\Hedimu\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Activation Assistant for the 2007 Microsoft Office suites Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0) Adobe Acrobat 8 Standard - English, Français, Deutsch (Version: 8.0.0) Adobe Flash Player 11 ActiveX (Version: 11.9.900.152) Adobe Photoshop Elements 6.0 (Version: 6.0) ArcSoft WebCam Companion 2 AutoUpdate (Version: 1.1) Avira Free Antivirus (Version: 13.0.0.4052) Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter (Version: 2.5) Big Fish Games Spiel-Suite Click to Disc (Version: 1.2.00.06190) Click to Disc Editor (Version: 1.2.00) Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) DivX Codec (Version: 6.6.1) DivX Converter (Version: 6.5) DivX Player (Version: 6.4.3) Dolby Control Center (Version: 1.1.0402) easyFly 4 (HKCU Version: 4.0.1.3) Google Desktop (Version: 5.9.1005.12335) Google Earth (Version: 4.2.198.2451) Google Talk (remove only) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4601.54) Google Update Helper (Version: 1.3.21.165) HDAUDIO Soft Data Fax Modem with SmartCP ICQ6.5 (Version: 6.5) Intel PROSet Wireless Intel(R) PROSet/Wireless WiFi-Software (Version: 12.00.0004) Java(TM) 6 Update 6 (Version: 1.6.0.60) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Standard 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Music Transfer (Version: 1.2.00.17290) NVIDIA Drivers OpenMG Secure Module 5.1.00 (Version: 5.1.00.05200) Picasa 2 (Version: 2.0) Primo (Version: 1.00.0000) Realtek High Definition Audio Driver (Version: 6.0.1.5610) Roxio Central Audio (Version: 3.7.0) Roxio Central Copy (Version: 3.7.0) Roxio Central Core (Version: 3.7.0) Roxio Central Data (Version: 3.7.0) Roxio Central Tools (Version: 3.7.0) Roxio Easy Media Creator 10 LJ (Version: 10.1) Roxio Easy Media Creator Home (Version: 10.1.177) Setting Utility Series (Version: 4.1.00.07170) SonicStage Mastering Studio (Version: 2.6) SonicStage Mastering Studio Audio Filter (Version: 2.5) SonicStage Mastering Studio Plugins (Version: 2.5) Sony Picture Utility (Version: 3.2.02.06170) Sony Video Shared Library (Version: 3.4.00) Synaptics Pointing Device Driver (Version: 11.1.16.0) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) VAIO Content Folder Setting (Version: 2.0.00.17290) VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.2.00.06115) VAIO Content Metadata Manager Setting (Version: 3.2.00.06062) VAIO Content Metadata XML Interface Library (Version: 3.2.00.06112) VAIO Control Center (Version: 3.1.00.07110) VAIO Data Restore Tool (Version: 1.0.04.01170) VAIO DVD Menu Data Basic (Version: 1.0.00.08130) VAIO Energie Verwaltung (Version: 3.1.00.06190) VAIO Entertainment Platform (Version: 3.2.00.06200) VAIO Event Service (Version: 4.1.00.07150) VAIO Guide (Version: 2.4.00.06190) VAIO Launcher (Version: 2.1.00.06130) VAIO Marketing Tools VAIO Media plus (Version: 1.1.00.05240) VAIO Movie Story (Version: 1.3.00.06240) VAIO Movie Story Template Data (Version: 1.3.00.06120) VAIO MusicBox (Version: 2.1.00.06110) VAIO MusicBox Sample Music (Version: 1.1.00.14140) VAIO Original Function Setting (Version: 1.4.00.04230) VAIO Smart Network (Version: 2.1.00.06270) VAIO Update 4 (Version: 4.0.0.06110) VAIO Wallpaper Contents (Version: 1.2.00.05200) ViewPassword WIDCOMM Bluetooth Software 6.2.0.4100 (Version: 6.2.0.4100) WinDVD for VAIO (Version: 8.0-B9.513) ==================== Restore Points ========================= 01-11-2013 17:13:40 Geplanter Prüfpunkt 07-11-2013 10:51:59 Geplanter Prüfpunkt 08-11-2013 07:22:35 Geplanter Prüfpunkt 09-11-2013 09:09:41 Geplanter Prüfpunkt 09-11-2013 19:10:37 Windows Update 10-11-2013 07:35:31 Windows Update 10-11-2013 11:37:47 Removed Skype™ 5.10 12-11-2013 14:38:03 Windows Update 12-11-2013 18:38:58 Removed Avira SearchFree Toolbar 12-11-2013 18:53:48 Windows Update 13-11-2013 19:16:00 Geplanter Prüfpunkt 14-11-2013 21:35:19 Windows Update 15-11-2013 20:19:49 Geplanter Prüfpunkt 16-11-2013 09:39:20 Geplanter Prüfpunkt 16-11-2013 22:30:05 Removed Avira SearchFree Toolbar 16-11-2013 23:16:20 Installed SpyHunter 17-11-2013 08:19:51 Removed SpyHunter 17-11-2013 08:32:14 Removed SpyHunter 23-11-2013 12:20:48 Windows Update ==================== Hosts content: ========================== 2006-11-02 11:23 - 2009-03-22 17:56 - 00000788 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {21BC4476-6AB5-4ABB-B22D-02167FA0B34E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.) Task: {291706F5-7D04-40F6-8C0D-1A0941F529D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {32709007-2079-4408-82FF-92B8FBFC8296} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-18] (Adobe Systems Incorporated) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {73E5479A-DEC3-4B62-9B39-4EB120FC4343} - System32\Tasks\ViewPassword Update => C:\Program Files\ViewPassword\ViewPassword.exe Task: {9BBD9CB1-DCC1-4B8A-B9CF-0E7D41884993} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation) Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\System32\pla.dll [2008-01-21] (Microsoft Corporation) Task: {B09BC8F6-9DB8-4768-A10F-1758618CB276} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-06-11] (Sony Corporation) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ViewPassword Update.job => C:\Program Files\ViewPassword\ViewPassword.exe ==================== Loaded Modules (whitelisted) ============= 2008-07-01 07:43 - 2008-07-01 07:43 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/23/2013 01:25:42 PM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (11/23/2013 01:25:38 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2013 10:09:48 PM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (11/18/2013 10:09:43 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2013 09:41:15 PM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (11/18/2013 09:41:15 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2013 09:15:06 PM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (11/18/2013 09:15:04 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2013 07:22:44 PM) (Source: VzCdbSvc) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (11/18/2013 07:22:41 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (10/08/2009 04:10:30 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (10/08/2009 10:23:26 AM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (10/07/2009 08:42:16 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (10/07/2009 07:42:42 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (10/06/2009 08:29:05 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (10/06/2009 06:38:31 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (10/06/2009 00:38:58 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (10/05/2009 07:29:56 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (10/05/2009 04:49:56 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (10/05/2009 03:43:39 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Microsoft Office Sessions: ========================= Error: (03/19/2011 01:48:54 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 290 seconds with 240 seconds of active time. This session ended with a crash. Error: (03/13/2011 05:15:38 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 372 seconds with 360 seconds of active time. This session ended with a crash. Error: (01/27/2011 10:34:15 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8541 seconds with 4380 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-04-11 22:25:34.383 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~1\Sony\SONICS~1\AUDIOF~1\SSMSFI~4.DLL" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-11 22:25:34.196 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~1\Sony\SONICS~1\AUDIOF~1\SSMSFI~4.DLL" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-09-01 21:21:31.497 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-09-01 21:21:31.138 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-09-01 21:21:30.779 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-09-01 21:21:30.436 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-09-01 21:21:29.999 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-09-01 20:23:22.463 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-09-01 20:23:22.089 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-09-01 20:23:21.699 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 54% Total physical RAM: 3068.05 MB Available physical RAM: 1410.58 MB Total Pagefile: 6343.14 MB Available Pagefile: 4303.23 MB Total Virtual: 2047.88 MB Available Virtual: 1906.66 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:289.22 GB) (Free:205.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive g: () (Removable) (Total:3.72 GB) (Free:0.6 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 6EA472C4) Partition 1: (Not Active) - (Size=9 GB) - (Type=27) Partition 2: (Active) - (Size=289 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ |
25.11.2013, 08:21 | #6 |
/// the machine /// TB-Ausbilder | Erfarhungen mit der Entfernung von jsf.jsticket.net Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Erfarhungen mit der Entfernung von jsf.jsticket.net |
Themen zu Erfarhungen mit der Entfernung von jsf.jsticket.net |
analyse, avira, entfernung, erkennt, explorer, gen, gescannt, interne, internet, internet explorer, link, live, live cd, malwarebytes, pcs, prozesse, rechner, removal, scan, seite, seiten, tool, virus, zwischen, ähnliches, öffnen |