|
Log-Analyse und Auswertung: Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..."Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.01.2014, 10:07 | #1 |
| Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." Hallo an alle, ich habe ein weiteres Problem mit meinem PC. Auch hier hat sich wohl ein Trojaner eingeschlichen. Das zeigt zumindest Spybot an. Auch lässt sich nicht mehr ordentlich damit arbeiten. Ständig gehen einfach irgendwelche Seiten auf, z.B. hxxp://gip.driverdiv.net/sd/cpops-1.2.0.html?u=http%3A%2F%2Fgip.driverdiv.net%2Fsd%2Fapps%2Ffusionx%2F0.0.4.html%3Faff%3D1030-4000&p=PassShow und manche Links auf seriösen Seiten wie z.B. ebay können gar nicht mehr angeklickt werden. Hier alle Log-Daten: Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:37 on 09/01/2014 (Anna) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU:DAEMON Tools Lite -> Removed Checking for services/drivers... SPTD -> Disabled -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2014 01 Ran by Anna (administrator) on ANNA-PC on 09-01-2014 18:40:24 Running from C:\Users\Anna\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe ( ) C:\Windows\System32\lxeecoms.exe (Ralink Technology, Corp.) C:\Program Files\Hama\Common\RaRegistry.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Team H2O) C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe (Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Hama GmbH & Co KG) C:\Program Files\Hama\Common\RaUI.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Dropbox, Inc.) C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [H2O] - C:\Program Files\Syncrosoft\POS\H2O\cledx.exe [385024 2005-10-22] (Team H2O) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [CTHelper] - C:\Windows\System32\CTHELPER.EXE [23040 2009-02-23] (Creative Technology Ltd) HKLM\...\Run: [CTxfiHlp] - C:\Windows\System32\CTXFIHLP.EXE [23552 2009-02-23] (Creative Technology Ltd) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon: C:\Windows\system32\igfxdev.dll (Intel Corporation) MountPoints2: {cbe70fbc-da3e-11e2-8cba-b6cb38289f20} - L:\HTC_Sync_Manager_PC.exe MountPoints2: {fa6f7bbb-5fef-11e2-8d00-8474b38bdcf8} - J:\setup.exe AppInit_DLLs: C:\Program Files\Citrix\ICA Client\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.) Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC8BCF86EB6ABCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: CtxIEInterceptorBHO Class - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.) BHO: PassShow - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files\PassShow\150.dll () BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default FF NetworkProxy: "http", "94.228.200.61" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Grooveshark Unblocker - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default\Extensions\grooveshark-unblocker@4ley.addons.mozilla.org.xpi FF Extension: Adblock Plus - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKCU\...\Firefox\Extensions: [{57c20073-e24b-4b2a-aa91-70d1ad526cbf}] - C:\Program Files\PassShow\150.xpi FF Extension: No Name - C:\Program Files\PassShow\150.xpi FF Extension: No Name - C:\Program Files\PassShow\150.xpi ========================== Services (Whitelisted) ================= R2 lxee_device; C:\Windows\system32\lxeecoms.exe [598696 2010-04-14] ( ) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation) R2 RalinkRegistryWriter; C:\Program Files\Hama\Common\RaRegistry.exe [185632 2009-12-10] (Ralink Technology, Corp.) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.) R3 CLEDX; C:\Windows\System32\DRIVERS\cledx.sys [33792 2005-05-09] (Team H2O) S3 COMMONFX; C:\Windows\System32\drivers\COMMONFX.SYS [98328 2009-02-23] (Creative Technology Ltd) R3 COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [98328 2009-02-23] (Creative Technology Ltd) S3 CTAUDFX; C:\Windows\System32\drivers\CTAUDFX.SYS [528920 2009-02-23] (Creative Technology Ltd) S3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [528920 2009-02-23] (Creative Technology Ltd) S3 CTEAPSFX; C:\Windows\System32\drivers\CTEAPSFX.SYS [163352 2009-02-23] (Creative Technology Ltd) S3 CTEAPSFX.SYS; C:\Windows\System32\drivers\CTEAPSFX.SYS [163352 2009-02-23] (Creative Technology Ltd) S3 CTEDSPFX; C:\Windows\System32\drivers\CTEDSPFX.SYS [259096 2009-02-23] (Creative Technology Ltd) S3 CTEDSPFX.SYS; C:\Windows\System32\drivers\CTEDSPFX.SYS [259096 2009-02-23] (Creative Technology Ltd) S3 CTEDSPIO; C:\Windows\System32\drivers\CTEDSPIO.SYS [134168 2009-02-23] (Creative Technology Ltd) S3 CTEDSPIO.SYS; C:\Windows\System32\drivers\CTEDSPIO.SYS [134168 2009-02-23] (Creative Technology Ltd) S3 CTEDSPSY; C:\Windows\System32\drivers\CTEDSPSY.SYS [309784 2009-02-23] (Creative Technology Ltd) S3 CTEDSPSY.SYS; C:\Windows\System32\drivers\CTEDSPSY.SYS [309784 2009-02-23] (Creative Technology Ltd) S3 CTERFXFX; C:\Windows\System32\drivers\CTERFXFX.SYS [99352 2009-02-23] (Creative Technology Ltd) S3 CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [99352 2009-02-23] (Creative Technology Ltd) S3 CTSBLFX; C:\Windows\System32\drivers\CTSBLFX.SYS [534040 2009-02-23] (Creative Technology Ltd) S3 CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [534040 2009-02-23] (Creative Technology Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-16] (DT Soft Ltd) R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [802840 2009-02-23] (Creative Technology Ltd) S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [163864 2009-02-23] (Creative Technology Ltd) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation) R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2013-01-16] (Duplex Secure Ltd.) R0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [61856 2002-05-22] (PACE Anti-Piracy, Inc.) S2 Nsynas32; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-09 18:40 - 2014-01-09 18:40 - 00015378 _____ C:\Users\Anna\Desktop\FRST.txt 2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\FRST 2014-01-09 18:39 - 2014-01-09 18:39 - 01065947 _____ (Farbar) C:\Users\Anna\Desktop\FRST.exe 2014-01-09 18:37 - 2014-01-09 18:37 - 00000572 _____ C:\Users\Anna\Desktop\defogger_disable.log 2014-01-09 18:37 - 2014-01-09 18:37 - 00000176 _____ C:\Users\Anna\defogger_reenable 2014-01-09 18:36 - 2014-01-09 18:36 - 00050477 _____ C:\Users\Anna\Desktop\Defogger.exe 2014-01-09 18:35 - 2014-01-09 18:35 - 00050477 _____ C:\Users\Anna\Downloads\Defogger.exe 2013-12-27 18:49 - 2013-12-27 18:50 - 22964496 _____ C:\Users\Anna\Downloads\FullTiltPokerEuSetup.exe 2013-12-27 18:03 - 2013-12-27 18:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-12-27 18:03 - 2013-12-27 18:03 - 00002125 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-12-27 18:03 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2013-12-27 18:02 - 2013-12-27 18:04 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2013-12-27 18:01 - 2013-12-27 18:01 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Anna\Downloads\spybot-2.2.25.exe 2013-12-27 17:22 - 2014-01-06 23:27 - 00000000 ____D C:\Users\Anna\Desktop\Martin 2013-12-27 17:06 - 2013-12-27 17:17 - 00000000 ____D C:\AdwCleaner 2013-12-27 17:05 - 2013-12-27 17:05 - 01233962 _____ C:\Users\Anna\Downloads\adwcleaner.exe 2013-12-23 15:51 - 2013-12-23 15:52 - 00000000 ____D C:\Users\Anna\Desktop\mama 2013-12-23 15:40 - 2013-12-27 17:31 - 00000000 ____D C:\Users\Anna\AppData\Roaming\MediaMonkey 2013-12-23 15:40 - 2013-12-23 15:40 - 00001007 _____ C:\Users\Public\Desktop\MediaMonkey.lnk 2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Users\Anna\AppData\Local\MediaMonkey 2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\ProgramData\MediaMonkey 2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Program Files\MediaMonkey 2013-12-23 15:39 - 2013-12-23 15:39 - 15069520 _____ (Ventis Media Inc. ) C:\Users\Anna\Downloads\MediaMonkey_4.0.7.1511.exe 2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Users\Anna\AppData\Local\Macroplant,_LLC 2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Program Files\Sharepod 2013-12-23 15:24 - 2013-12-23 15:24 - 05965680 _____ (Macroplant LLC ) C:\Users\Anna\Downloads\Sharepod_4_Setup_4010b.exe 2013-12-23 15:12 - 2013-12-23 15:12 - 00000000 ____D C:\Users\Anna\Desktop\Zumba 2013-12-23 14:42 - 2013-12-23 15:14 - 00000000 ____D C:\Users\Anna\Desktop\Eminem u Charts 2013-12-23 14:28 - 2013-12-23 15:18 - 00000000 ____D C:\Users\Anna\Desktop\iPod Musik 2013-12-23 14:27 - 2013-12-23 14:27 - 00001272 _____ C:\Users\Public\Desktop\SciLor's grooveshark™.com Downloader.lnk 2013-12-23 14:26 - 2014-01-09 14:16 - 00000340 _____ C:\Windows\Tasks\PassShow Update.job 2013-12-23 14:26 - 2014-01-06 23:15 - 00000000 ____D C:\Program Files\SciLor's grooveshark(tm).com Downloader 2013-12-23 14:26 - 2013-12-23 14:26 - 00000000 ____D C:\Program Files\PassShow 2013-12-23 14:25 - 2013-12-23 14:25 - 00923784 _____ (CNET Download.com) C:\Users\Anna\Downloads\cbsidlm-cbsi145-SciLors_Groovesharkcom_Downloader-ORG-75764950.exe 2013-12-23 14:06 - 2013-12-27 16:56 - 00000000 ____D C:\Users\Anna\AppData\Roaming\newnext.me 2013-12-23 14:06 - 2013-12-23 14:28 - 00000000 ____D C:\Users\Anna\AppData\Local\cache 2013-12-23 14:06 - 2013-12-23 14:27 - 00000000 ____D C:\Users\Anna\AppData\Local\genienext 2013-12-23 14:06 - 2013-12-23 14:12 - 00000332 _____ C:\Users\Anna\daemonprocess.txt 2013-12-23 14:06 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\.android 2013-12-23 13:43 - 2013-12-23 13:43 - 00689856 _____ C:\Users\Anna\Downloads\SciLors_Grooveshark(tm)_DownloaderSetup.exe 2013-12-21 19:24 - 2013-12-21 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-12 08:56 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-12 08:56 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-12 08:56 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-12 08:56 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-12 08:56 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-12 08:56 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-12 08:56 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-12 08:56 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-12 08:56 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-12 08:56 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-12 08:56 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-12 08:56 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-12 08:56 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-12 08:56 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-12 08:56 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-12 08:56 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-12 08:56 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-12 08:56 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-12 08:56 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-12 08:53 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-12 08:53 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-12 08:37 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 08:37 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-12 08:37 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 08:37 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 08:37 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 08:37 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 08:37 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 08:37 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-12 08:37 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 08:36 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 08:36 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys ==================== One Month Modified Files and Folders ======= 2014-01-09 18:40 - 2014-01-09 18:40 - 00015378 _____ C:\Users\Anna\Desktop\FRST.txt 2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\FRST 2014-01-09 18:39 - 2014-01-09 18:39 - 01065947 _____ (Farbar) C:\Users\Anna\Desktop\FRST.exe 2014-01-09 18:37 - 2014-01-09 18:37 - 00000572 _____ C:\Users\Anna\Desktop\defogger_disable.log 2014-01-09 18:37 - 2014-01-09 18:37 - 00000176 _____ C:\Users\Anna\defogger_reenable 2014-01-09 18:37 - 2012-10-16 16:52 - 00000000 ____D C:\Users\Anna 2014-01-09 18:36 - 2014-01-09 18:36 - 00050477 _____ C:\Users\Anna\Desktop\Defogger.exe 2014-01-09 18:35 - 2014-01-09 18:35 - 00050477 _____ C:\Users\Anna\Downloads\Defogger.exe 2014-01-09 18:25 - 2012-10-16 16:48 - 01461373 _____ C:\Windows\WindowsUpdate.log 2014-01-09 18:06 - 2013-06-04 07:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-09 17:55 - 2012-10-21 11:56 - 00000000 ____D C:\ProgramData\Lx_cats 2014-01-09 17:07 - 2012-10-16 16:58 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-09 14:16 - 2013-12-23 14:26 - 00000340 _____ C:\Windows\Tasks\PassShow Update.job 2014-01-09 13:08 - 2009-07-14 05:34 - 00014624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-09 13:08 - 2009-07-14 05:34 - 00014624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-09 13:02 - 2013-06-12 21:30 - 00000000 ___RD C:\Users\Anna\Dropbox 2014-01-09 13:02 - 2013-06-12 21:20 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-09 13:02 - 2013-06-12 21:18 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Dropbox 2014-01-09 13:01 - 2012-10-21 11:35 - 00057150 _____ C:\ProgramData\lxeescan.log 2014-01-09 13:00 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-09 13:00 - 2009-07-14 05:39 - 00074919 _____ C:\Windows\setupact.log 2014-01-06 23:27 - 2013-12-27 17:22 - 00000000 ____D C:\Users\Anna\Desktop\Martin 2014-01-06 23:15 - 2013-12-23 14:26 - 00000000 ____D C:\Program Files\SciLor's grooveshark(tm).com Downloader 2013-12-31 11:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2013-12-31 11:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-12-27 18:50 - 2013-12-27 18:49 - 22964496 _____ C:\Users\Anna\Downloads\FullTiltPokerEuSetup.exe 2013-12-27 18:35 - 2013-12-27 18:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-12-27 18:04 - 2013-12-27 18:02 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2013-12-27 18:03 - 2013-12-27 18:03 - 00002125 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-12-27 18:01 - 2013-12-27 18:01 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Anna\Downloads\spybot-2.2.25.exe 2013-12-27 17:49 - 2009-07-14 09:56 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-12-27 17:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-12-27 17:31 - 2013-12-23 15:40 - 00000000 ____D C:\Users\Anna\AppData\Roaming\MediaMonkey 2013-12-27 17:17 - 2013-12-27 17:06 - 00000000 ____D C:\AdwCleaner 2013-12-27 17:05 - 2013-12-27 17:05 - 01233962 _____ C:\Users\Anna\Downloads\adwcleaner.exe 2013-12-27 16:56 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\AppData\Roaming\newnext.me 2013-12-27 16:55 - 2012-10-16 22:54 - 00013110 _____ C:\Windows\PFRO.log 2013-12-23 15:52 - 2013-12-23 15:51 - 00000000 ____D C:\Users\Anna\Desktop\mama 2013-12-23 15:40 - 2013-12-23 15:40 - 00001007 _____ C:\Users\Public\Desktop\MediaMonkey.lnk 2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Users\Anna\AppData\Local\MediaMonkey 2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\ProgramData\MediaMonkey 2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Program Files\MediaMonkey 2013-12-23 15:39 - 2013-12-23 15:39 - 15069520 _____ (Ventis Media Inc. ) C:\Users\Anna\Downloads\MediaMonkey_4.0.7.1511.exe 2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Users\Anna\AppData\Local\Macroplant,_LLC 2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Program Files\Sharepod 2013-12-23 15:24 - 2013-12-23 15:24 - 05965680 _____ (Macroplant LLC ) C:\Users\Anna\Downloads\Sharepod_4_Setup_4010b.exe 2013-12-23 15:18 - 2013-12-23 14:28 - 00000000 ____D C:\Users\Anna\Desktop\iPod Musik 2013-12-23 15:14 - 2013-12-23 14:42 - 00000000 ____D C:\Users\Anna\Desktop\Eminem u Charts 2013-12-23 15:12 - 2013-12-23 15:12 - 00000000 ____D C:\Users\Anna\Desktop\Zumba 2013-12-23 14:28 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\AppData\Local\cache 2013-12-23 14:27 - 2013-12-23 14:27 - 00001272 _____ C:\Users\Public\Desktop\SciLor's grooveshark™.com Downloader.lnk 2013-12-23 14:27 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\AppData\Local\genienext 2013-12-23 14:26 - 2013-12-23 14:26 - 00000000 ____D C:\Program Files\PassShow 2013-12-23 14:25 - 2013-12-23 14:25 - 00923784 _____ (CNET Download.com) C:\Users\Anna\Downloads\cbsidlm-cbsi145-SciLors_Groovesharkcom_Downloader-ORG-75764950.exe 2013-12-23 14:12 - 2013-12-23 14:06 - 00000332 _____ C:\Users\Anna\daemonprocess.txt 2013-12-23 14:10 - 2013-04-30 11:53 - 00001427 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-23 14:06 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\.android 2013-12-23 13:47 - 2013-03-24 17:39 - 00000000 ____D C:\Users\Anna\AppData\Local\Google 2013-12-23 13:43 - 2013-12-23 13:43 - 00689856 _____ C:\Users\Anna\Downloads\SciLors_Grooveshark(tm)_DownloaderSetup.exe 2013-12-23 12:21 - 2012-10-16 16:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-12-21 19:25 - 2013-12-21 19:24 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-17 08:17 - 2013-11-08 16:35 - 00000000 ____D C:\Users\Anna\Desktop\Musik_Management 2013-12-12 17:06 - 2013-01-30 14:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-12-12 17:06 - 2013-01-30 14:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-12-12 15:08 - 2009-07-14 05:33 - 00411608 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-12 08:56 - 2013-01-16 16:25 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-12 08:55 - 2013-08-14 08:43 - 00000000 ____D C:\Windows\system32\MRT 2013-12-12 08:54 - 2012-10-16 18:16 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-10 14:31 - 2013-12-09 22:52 - 00000000 ____D C:\Users\Anna\Desktop\Erste Bilder Some content of TEMP: ==================== C:\Users\Anna\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-31 11:39 ==================== End Of Log ============================ FRST-AdditionFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-01-2014 01 Ran by Anna at 2014-01-09 18:41:26 Running from C:\Users\Anna\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621 - ABBYY Software House) Adobe Flash Player 10 ActiveX (Version: 10.0.22.87 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated) Apple Application Support (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) ASIO4ALL (Version: 2.10 - Michael Tippach) Bonjour (Version: 3.0.0.10 - Apple Inc.) CDBurnerXP (Version: 4.5.2.4291 - CDBurnerXP) Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495 - Cisco Systems, Inc.) Hidden Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Citrix Authentication Manager (Version: 2.0.0.41479 - Citrix Systems, Inc.) Hidden Citrix Receiver (DV) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden Citrix Receiver (HDX Flash-Umleitung) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden Citrix Receiver (USB) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden Citrix Receiver (Version: 13.1.200.22 - Citrix Systems, Inc.) Citrix Receiver Inside (Version: 3.2.0.5844 - Citrix Systems, Inc.) Hidden Citrix Receiver(Aero) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden DAEMON Tools Lite (Version: 4.46.1.0327 - DT Soft Ltd) Das Postleitzahlen-Diagramm 3.8 (Version: - Klaus Wessiepe, Softwareentwicklung und Vertrieb) Dropbox (Version: 2.4.11 - Dropbox, Inc.) E-MU Audio Drivers (Version: - ) E-MU PatchMix DSP (Version: - ) Falk Navi-Manager (Version: 1.2.172 - Falk Marcopolo Interactive GmbH) Falk Navi-Manager (Version: 1.2.172 - Falk Marcopolo Interactive GmbH) Hidden Free DWG Viewer 7.2 (Version: 7.2.0.51 - IGC) Hama Wireless LAN Adapter (Version: 10.1.0 - Hama) iCloud (Version: 3.0.2.163 - Apple Inc.) Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930 - Intel Corporation) Intel(R) TV Wizard (Version: - Intel Corporation) iTunes (Version: 11.1.3.8 - Apple Inc.) Lexmark (Version: 1.0.0.0 - ) MediaMonkey 4.0 (Version: 4.0 - Ventis Media Inc.) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (Version: 26.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) Notepad++ (Version: 6.2.3 - ) Online Plug-in (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden Parker WinMatch (Version: - ) PassShow (Version: - PassShow Software) Picasa 3 (Version: 3.9 - Google, Inc.) QuickTime (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (Version: 6.0.1.5919 - Realtek Semiconductor Corp.) Reason 5.0 (Version: 5.0 - Propellerhead Software AB) SciLor's grooveshark™.com Downloader 0.4.12 (Version: 0.4.12 - SciLor) Self-Service Plug-in (Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden Sharepod 4.0.1.0 (Version: - Macroplant LLC) Spybot - Search & Destroy (Version: 2.2.25 - Safer-Networking Ltd.) Steinberg Cubase SX 3 (Version: - Steinberg Media Technologies GmbH) Steinberg Cubase SX v3.1.1.944 (Version: - ) SyncroSoft Emu (Remove only) (Version: - ) Syncrosofts Lizenz Kontrolle (Version: - Syncrosoft Hard- Und Software GmbH) syngo fastView (Version: VX57H31 - Siemens MedSW) Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft) Waves Complete V9r5 (Version: 9.1.1 - Waves) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Mobile-Gerätecenter (Version: 6.1.6965.0 - Microsoft Corporation) WinRAR 4.20 (32-Bit) (Version: 4.20.0 - win.rar GmbH) ==================== Restore Points ========================= 08-12-2013 11:19:21 Windows Update 10-12-2013 22:05:58 Windows Update 12-12-2013 07:53:00 Windows Update 16-12-2013 05:53:07 Windows Update 19-12-2013 14:59:43 Windows Update 23-12-2013 13:03:27 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 23-12-2013 15:10:08 Windows Update 27-12-2013 16:06:50 Windows Update 27-12-2013 16:42:17 Windows Modules Installer 27-12-2013 16:47:53 Windows Modules Installer 27-12-2013 22:27:02 Windows Update 31-12-2013 10:19:52 Windows Update 03-01-2014 17:14:33 Windows Update 07-01-2014 16:38:27 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {38ED887B-36D0-49C7-8FE3-7AEB0242673F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: {4940BA50-92D9-4F7F-B5B5-8AC123730954} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: {73E26DB9-4899-4660-B37B-51278BD16B65} - System32\Tasks\PassShow Update => C:\Program Files\PassShow\PsUP.exe [2013-12-23] () Task: {C699C246-8B37-4EC9-85DE-DEE5C3CF15B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated) Task: {F45101F3-98E1-43C5-BB13-E6454162E4C3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\PassShow Update.job => C:\Program Files\PassShow\PsUP.exe ==================== Loaded Modules (whitelisted) ============= 2012-06-18 16:24 - 2012-06-18 16:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll 2012-08-03 20:53 - 2012-08-03 20:53 - 00062968 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-27 18:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-12-27 18:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2013-01-16 16:43 - 2009-12-10 12:16 - 00918816 _____ () C:\Program Files\Hama\Common\RaWLAPI.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Anna\AppData\Roaming\Dropbox\bin\libcef.dll 2013-12-21 19:24 - 2013-12-21 19:24 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2009-05-18 12:29 - 2009-05-18 12:29 - 00819200 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeeptpc.dll 2009-11-04 12:14 - 2009-11-04 12:14 - 00165376 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeedrui.dll 2009-06-07 23:40 - 2009-06-07 23:40 - 00167936 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeePRPR.DLL 2009-11-04 12:14 - 2009-11-04 12:14 - 00236032 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeedr.dll 2013-12-12 17:06 - 2013-12-12 17:06 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll 2013-12-27 18:02 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-12-27 18:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Nsynas32 Description: Nsynas32 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Nsynas32 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) Description: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/06/2014 11:15:27 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SciLors GrooveDownloader.exe, Version: 1.0.0.0, Zeitstempel: 0x52600965 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x005d2914 ID des fehlerhaften Prozesses: 0x1570 Startzeit der fehlerhaften Anwendung: 0xSciLors GrooveDownloader.exe0 Pfad der fehlerhaften Anwendung: SciLors GrooveDownloader.exe1 Pfad des fehlerhaften Moduls: SciLors GrooveDownloader.exe2 Berichtskennung: SciLors GrooveDownloader.exe3 Error: (01/06/2014 11:15:25 PM) (Source: .NET Runtime) (User: ) Description: Anwendung: SciLors GrooveDownloader.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException Stapel: bei SciLors_GrooveDownloader.MainWindow.MainWindow_Closed(System.Object, System.EventArgs) bei System.Windows.Window.OnClosed(System.EventArgs) bei System.Windows.Window.WmDestroy() bei System.Windows.Window.WindowFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.UnsafeSendMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr) bei System.Windows.Window.InternalClose(Boolean, Boolean) bei System.Windows.Application.DoShutdown() bei System.Windows.Application.ShutdownImpl() bei System.Windows.Application.ShutdownCallback(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.DispatcherOperation.InvokeImpl() bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) bei System.Threading.ExecutionContext.runTryCode(System.Object) bei System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Windows.Threading.DispatcherOperation.Invoke() bei System.Windows.Threading.Dispatcher.ProcessQueue() bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) bei System.Windows.Application.RunDispatcher(System.Object) bei System.Windows.Application.RunInternal(System.Windows.Window) bei System.Windows.Application.Run(System.Windows.Window) bei System.Windows.Application.Run() bei SciLors_GrooveDownloader.Application.Main() Error: (01/06/2014 09:06:39 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SciLors GrooveDownloader.exe, Version: 1.0.0.0, Zeitstempel: 0x52600965 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003f2914 ID des fehlerhaften Prozesses: 0xd18 Startzeit der fehlerhaften Anwendung: 0xSciLors GrooveDownloader.exe0 Pfad der fehlerhaften Anwendung: SciLors GrooveDownloader.exe1 Pfad des fehlerhaften Moduls: SciLors GrooveDownloader.exe2 Berichtskennung: SciLors GrooveDownloader.exe3 Error: (01/06/2014 09:06:38 PM) (Source: .NET Runtime) (User: ) Description: Anwendung: SciLors GrooveDownloader.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException Stapel: bei SciLors_GrooveDownloader.MainWindow.MainWindow_Closed(System.Object, System.EventArgs) bei System.Windows.Window.OnClosed(System.EventArgs) bei System.Windows.Window.WmDestroy() bei System.Windows.Window.WindowFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.UnsafeSendMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr) bei System.Windows.Window.InternalClose(Boolean, Boolean) bei System.Windows.Application.DoShutdown() bei System.Windows.Application.ShutdownImpl() bei System.Windows.Application.ShutdownCallback(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.DispatcherOperation.InvokeImpl() bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) bei System.Threading.ExecutionContext.runTryCode(System.Object) bei System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Windows.Threading.DispatcherOperation.Invoke() bei System.Windows.Threading.Dispatcher.ProcessQueue() bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) bei System.Windows.Application.RunDispatcher(System.Object) bei System.Windows.Application.RunInternal(System.Windows.Window) bei System.Windows.Application.Run(System.Windows.Window) bei System.Windows.Application.Run() bei SciLors_GrooveDownloader.Application.Main() Error: (01/06/2014 08:13:27 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: EmuPatchMixDSP.exe, Version: 1.0.1.17, Zeitstempel: 0x401f098e Name des fehlerhaften Moduls: EmuPatchMixDSP.dll, Version: 1.0.1.8, Zeitstempel: 0x401f08a3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00019f58 ID des fehlerhaften Prozesses: 0x1484 Startzeit der fehlerhaften Anwendung: 0xEmuPatchMixDSP.exe0 Pfad der fehlerhaften Anwendung: EmuPatchMixDSP.exe1 Pfad des fehlerhaften Moduls: EmuPatchMixDSP.exe2 Berichtskennung: EmuPatchMixDSP.exe3 Error: (01/06/2014 07:33:33 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SciLors GrooveDownloader.exe, Version: 1.0.0.0, Zeitstempel: 0x52600965 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003a2914 ID des fehlerhaften Prozesses: 0x1320 Startzeit der fehlerhaften Anwendung: 0xSciLors GrooveDownloader.exe0 Pfad der fehlerhaften Anwendung: SciLors GrooveDownloader.exe1 Pfad des fehlerhaften Moduls: SciLors GrooveDownloader.exe2 Berichtskennung: SciLors GrooveDownloader.exe3 Error: (01/06/2014 07:33:31 PM) (Source: .NET Runtime) (User: ) Description: Anwendung: SciLors GrooveDownloader.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException Stapel: bei SciLors_GrooveDownloader.MainWindow.MainWindow_Closed(System.Object, System.EventArgs) bei System.Windows.Window.OnClosed(System.EventArgs) bei System.Windows.Window.WmDestroy() bei System.Windows.Window.WindowFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.UnsafeSendMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr) bei System.Windows.Window.InternalClose(Boolean, Boolean) bei System.Windows.Application.DoShutdown() bei System.Windows.Application.ShutdownImpl() bei System.Windows.Application.ShutdownCallback(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.DispatcherOperation.InvokeImpl() bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) bei System.Threading.ExecutionContext.runTryCode(System.Object) bei System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Windows.Threading.DispatcherOperation.Invoke() bei System.Windows.Threading.Dispatcher.ProcessQueue() bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) bei System.Windows.Application.RunDispatcher(System.Object) bei System.Windows.Application.RunInternal(System.Windows.Window) bei System.Windows.Application.Run(System.Windows.Window) bei System.Windows.Application.Run() bei SciLors_GrooveDownloader.Application.Main() Error: (01/06/2014 07:19:35 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3564078 Error: (01/06/2014 07:19:35 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3564078 Error: (01/06/2014 07:19:35 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (01/09/2014 05:05:14 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (01/09/2014 05:05:14 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (01/09/2014 05:01:34 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (01/09/2014 05:01:34 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (01/09/2014 01:01:09 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error: (01/09/2014 01:00:39 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Nsynas32" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/09/2014 01:00:21 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (01/09/2014 01:00:15 PM) (Source: sptd) (User: ) Description: Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error: (01/08/2014 09:25:22 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (01/08/2014 02:24:39 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 64% Total physical RAM: 3318.3 MB Available physical RAM: 1162.28 MB Total Pagefile: 6632.84 MB Available Pagefile: 4362.45 MB Total Virtual: 2047.88 MB Available Virtual: 1873.3 MB ==================== Drives ================================ Drive c: (Volume) (Fixed) (Total:446.23 GB) (Free:278.25 GB) NTFS Drive e: (TREKSTOR) (Fixed) (Total:149.01 GB) (Free:50.23 GB) FAT32 Drive j: (WAVES9R5) (CDROM) (Total:0.75 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5960FD37) Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 0B33A529) Partition 1: (Active) - (Size=149 GB) - (Type=0B) ==================== End Of Log ============================ Spybot-Report Code:
ATTFilter Search results from Spybot - Search & Destroy 10.01.2014 09:54:52 Scan took 00:22:59. 27 items found. Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp SweetIM: [SBI $AA2FA8DB] User settings (Registry Key, nothing done) HKEY_USERS\.DEFAULT\Software\SweetIM SweetIM: [SBI $AA2FA8DB] User settings (Registry Key, nothing done) HKEY_USERS\S-1-5-18\Software\SweetIM SweetIM: [SBI $08F288FC] User settings (Registry Key, nothing done) HKEY_USERS\.DEFAULT\Software\ImInstaller SweetIM: [SBI $B05CF80C] User settings (Registry Key, nothing done) HKEY_USERS\S-1-5-18\Software\ImInstaller SweetIM: [SBI $156C1FE6] Settings (Registry Key, nothing done) HKEY_USERS\.DEFAULT\Software\SweetIM\Toolbars SweetIM: [SBI $156C1FE6] Settings (Registry Key, nothing done) HKEY_USERS\S-1-5-18\Software\SweetIM\Toolbars Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CRKS8W4V\secureinclude.ebaystatic.com\ebayLSO.sol Properties.size=131 Properties.md5=D3ED6DCAE3C3081EF612CD0EC2757558 Properties.filedate=1389285997 Properties.filedatetext=2014-01-09 17:46:36 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CRKS8W4V\secureinclude.ebaystatic.com\ebayT.sol Properties.size=39 Properties.md5=B43F43445AA3414DDC22EC80FBB22871 Properties.filedate=1389285997 Properties.filedatetext=2014-01-09 17:46:36 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CRKS8W4V\www.paypalobjects.com\paypalLSO.sol Properties.size=111 Properties.md5=36B2FE09D6EF0C12ABC7A8240B86D561 Properties.filedate=1389286265 Properties.filedatetext=2014-01-09 17:51:04 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CRKS8W4V\www.paypalobjects.com\ppLsoTest.sol Properties.size=48 Properties.md5=74EE4375686A2069414EEF13E7B62789 Properties.filedate=1389286255 Properties.filedatetext=2014-01-09 17:50:55 Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CRKS8W4V\www.ajaxcdn.org\swf.swf\dm_cookie.sol Properties.size=415 Properties.md5=ED4E3C925CD421F9BE689B124CAAFEF2 Properties.filedate=1389339904 Properties.filedatetext=2014-01-10 08:45:04 DoubleClick: [SBI $19447DDC] Tracking cookie (Firefox: Anna (default)) (Browser: Cookie, nothing done) Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-3567876854-2728293220-477572695-1001\Software\Microsoft\Microsoft Management Console\Recent File List MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-3567876854-2728293220-477572695-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-3567876854-2728293220-477572695-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-3567876854-2728293220-477572695-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (13) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (5) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (163) (Browser: Cookie, nothing done) --- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) --- 2013-09-20 blindman.exe (2.2.18.151) 2013-09-20 explorer.exe (2.2.18.177) 2013-09-20 SDBootCD.exe (2.2.18.109) 2013-09-20 SDCleaner.exe (2.2.18.110) 2013-09-20 SDDelFile.exe (2.2.18.94) 2013-06-18 SDDisableProxy.exe 2013-09-20 SDFiles.exe (2.2.18.135) 2013-09-20 SDFileScanHelper.exe (2.2.16.1) 2013-10-15 SDFSSvc.exe (2.2.25.211) 2013-10-10 SDHookHelper.exe (2.3.30.2) 2013-10-10 SDHookInst32.exe (2.3.30.2) 2013-09-20 SDImmunize.exe (2.2.18.130) 2013-05-16 SDLogReport.exe (2.1.18.107) 2013-10-14 SDOnAccess.exe (2.2.25.4) 2013-09-20 SDPESetup.exe (2.2.18.3) 2013-09-20 SDPEStart.exe (2.2.18.86) 2013-09-20 SDPhoneScan.exe (2.2.18.28) 2013-09-20 SDPRE.exe (2.2.18.22) 2013-09-20 SDPrepPos.exe (2.2.18.10) 2013-09-20 SDQuarantine.exe (2.2.18.103) 2013-09-20 SDRootAlyzer.exe (2.2.18.116) 2013-09-20 SDSBIEdit.exe (2.2.18.39) 2013-09-20 SDScan.exe (2.2.18.177) 2013-09-20 SDScript.exe (2.2.18.53) 2013-10-15 SDSettings.exe (2.2.25.138) 2013-09-20 SDShell.exe (2.2.18.2) 2013-09-20 SDShred.exe (2.2.18.107) 2013-09-20 SDSysRepair.exe (2.2.18.101) 2013-09-20 SDTools.exe (2.2.18.150) 2013-07-25 SDTray.exe (2.1.21.129) 2013-09-20 SDUpdate.exe (2.2.18.91) 2013-09-20 SDUpdSvc.exe (2.2.18.76) 2013-09-20 SDWelcome.exe (2.2.21.129) 2013-09-13 SDWSCSvc.exe (2.2.22.2) 2013-06-19 spybotsd2-translation-frx.exe 2013-12-27 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98) 2013-05-16 SDAV.dll 2013-05-16 SDECon32.dll (2.1.18.113) 2013-04-05 SDEvents.dll (2.1.16.2) 2013-10-14 SDFileScanLibrary.dll (2.2.25.14) 2013-10-10 SDHook32.dll (2.3.30.2) 2013-05-16 SDImmunizeLibrary.dll (2.1.18.2) 2013-05-16 SDLicense.dll (2.1.18.0) 2013-05-16 SDLists.dll (2.1.18.4) 2013-05-16 SDResources.dll (2.1.18.7) 2013-05-16 SDScanLibrary.dll (2.1.18.131) 2013-05-16 SDTasks.dll (2.1.18.15) 2013-05-16 SDWinLogon.dll (2.1.18.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2013-05-16 Tools.dll (2.1.18.36) 2013-11-12 Includes\Adware.sbi (*) 2013-12-23 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2012-11-14 Includes\Dialer.sbi (*) 2012-11-14 Includes\DialerC.sbi (*) 2012-11-14 Includes\HeavyDuty.sbi (*) 2012-11-14 Includes\Hijackers.sbi (*) 2012-11-14 Includes\HijackersC.sbi (*) 2013-10-16 Includes\iPhone.sbi (*) 2013-06-25 Includes\Keyloggers.sbi (*) 2013-10-29 Includes\KeyloggersC.sbi (*) 2013-05-29 Includes\Malware.sbi (*) 2013-12-23 Includes\MalwareC.sbi (*) 2012-11-14 Includes\PUPS.sbi (*) 2013-12-23 Includes\PUPSC.sbi (*) 2012-11-14 Includes\Security.sbi (*) 2013-10-29 Includes\SecurityC.sbi (*) 2013-05-22 Includes\Spyware.sbi (*) 2013-08-06 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2012-11-19 Includes\Tracks.uti (*) 2013-01-16 Includes\Trojans.sbi (*) 2013-05-13 Includes\TrojansC-02.sbi (*) 2013-12-03 Includes\TrojansC-03.sbi (*) 2013-12-23 Includes\TrojansC-04.sbi (*) 2013-12-10 Includes\TrojansC-05.sbi (*) 2013-08-06 Includes\TrojansC.sbi (*) GMER hat nicht funktioniert. Hier erschien folgende Fehlermeldung: Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk \Device\Harddisk3\DR3 ein. Das selbe kam beim Versuch im abgesicherten Modus zu scannen. Auch google hat mir da nicht viel weitergeholfen. Ich danke für eure Hilfe. Grüße |
10.01.2014, 10:20 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." hi
__________________Zitat:
Du weißt schon, dass man ein Enterprise Office nur als Firmenkunde über (schweineteure) Volumenlizenz-Verträge bekommt?
__________________ |
10.01.2014, 14:11 | #3 |
| Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." Der PC wird von mir sowohl privat als auch gewerblich genutzt. Ich hab quasi ein Homeoffice.
__________________Ich weiß, dass gewerblich genutzte Systeme nicht in dieses Forum gehören, aber ich kann da schwer eine Grenze ziehen. Ich hoffe dass es dennoch eine Möglichkeit gibt, die auch aktzeptabel für euch ist. Vielleicht gibt es auch eine andere Adresse an die ich mich wenden könnte. |
10.01.2014, 14:28 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." Wir bereinigen doch auch gewerbliche Systeme, das ist nicht der Punkt. Ich möchte da immer nur drauf hinweisen, denn 1. ist normalerweise ein Admin für die Kiste zuständig (ok in deinem Fall nicht zutreffend) 2. kann ein Log von einem gewerblichen System brisante Kundendaten enthalten Lies daher folgenden Text bitte und teile mir mit ob du weitermachen willst: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (10.01.2014 um 14:42 Uhr) |
10.01.2014, 14:32 | #5 |
| Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." Ja das habe ich schon gelesen, danke aber für den Hinweis. Wie du schon sagst, einen persönlichen Admin habe ich leider nicht:-) Ansonsten läuft meine Arbeit über eine Desktop Remote Verbindung, also ich habe direkt auf meinem Rechner keine brisanten Daten. Von daher steht einem nächsten Schritt nichts im Wege. |
10.01.2014, 14:55 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." Ok Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." |
10.01.2014, 16:03 | #7 |
| Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." Ist ohne Fünde durchgelaufen. Gerade hat sich aber schon wieder einfach eine Seite geöffnet: hxxp://gip.driverdiv.net/... Hier die Log-Datei: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008 www.malwarebytes.org Database version: v2014.01.10.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16476 Anna :: ANNA-PC [administrator] 10.01.2014 15:43:13 mbar-log-2014-01-10 (15-43-13).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 213859 Time elapsed: 11 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
10.01.2014, 17:36 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
10.01.2014, 21:25 | #9 |
| Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." AdwCleaner: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 10/01/2014 um 21:05:15 # Aktualisiert 23/12/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzername : Anna - ANNA-PC # Gestartet von : C:\Users\Anna\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (de) [ Datei : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default\prefs.js ] ************************* AdwCleaner[R0].txt - [16148 octets] - [27/12/2013 17:07:36] AdwCleaner[R1].txt - [921 octets] - [10/01/2014 21:04:06] AdwCleaner[S0].txt - [15622 octets] - [27/12/2013 17:17:10] AdwCleaner[S1].txt - [843 octets] - [10/01/2014 21:05:15] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [902 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 7 Professional x86 Ran by Anna on 10.01.2014 at 21:10:54,46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3567876854-2728293220-477572695-1001\Software\ib updater Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3567876854-2728293220-477572695-1001\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasmancs ~~~ Files Successfully deleted: [File] "C:\Users\Anna\appdata\locallow\SkwConfig.bin" ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted the following from C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\lwb3fzqz.default\prefs.js user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://db.tt/3hg8n7sv/|||864137 user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://db.tt/3hg8n7sv/|#|ol Emptied folder: C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\lwb3fzqz.default\minidumps [98 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10.01.2014 at 21:13:26,79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2014 Ran by Anna (administrator) on ANNA-PC on 10-01-2014 21:18:23 Running from C:\Users\Anna\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe ( ) C:\Windows\System32\lxeecoms.exe (Ralink Technology, Corp.) C:\Program Files\Hama\Common\RaRegistry.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Team H2O) C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe (Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe (Hama GmbH & Co KG) C:\Program Files\Hama\Common\RaUI.exe (Dropbox, Inc.) C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [H2O] - C:\Program Files\Syncrosoft\POS\H2O\cledx.exe [385024 2005-10-22] (Team H2O) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [CTHelper] - C:\Windows\System32\CTHELPER.EXE [23040 2009-02-23] (Creative Technology Ltd) HKLM\...\Run: [CTxfiHlp] - C:\Windows\System32\CTXFIHLP.EXE [23552 2009-02-23] (Creative Technology Ltd) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon: C:\Windows\system32\igfxdev.dll (Intel Corporation) MountPoints2: {cbe70fbc-da3e-11e2-8cba-b6cb38289f20} - L:\HTC_Sync_Manager_PC.exe MountPoints2: {fa6f7bbb-5fef-11e2-8d00-8474b38bdcf8} - J:\setup.exe AppInit_DLLs: C:\Program Files\Citrix\ICA Client\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.) Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC8BCF86EB6ABCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: CtxIEInterceptorBHO Class - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.) BHO: PassShow - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files\PassShow\150.dll () BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default FF NetworkProxy: "http", "94.228.200.61" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Grooveshark Unblocker - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default\Extensions\grooveshark-unblocker@4ley.addons.mozilla.org.xpi FF Extension: Adblock Plus - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKCU\...\Firefox\Extensions: [{57c20073-e24b-4b2a-aa91-70d1ad526cbf}] - C:\Program Files\PassShow\150.xpi FF Extension: No Name - C:\Program Files\PassShow\150.xpi FF Extension: No Name - C:\Program Files\PassShow\150.xpi ========================== Services (Whitelisted) ================= R2 lxee_device; C:\Windows\system32\lxeecoms.exe [598696 2010-04-14] ( ) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation) R2 RalinkRegistryWriter; C:\Program Files\Hama\Common\RaRegistry.exe [185632 2009-12-10] (Ralink Technology, Corp.) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.) R3 CLEDX; C:\Windows\System32\DRIVERS\cledx.sys [33792 2005-05-09] (Team H2O) S3 COMMONFX; C:\Windows\System32\drivers\COMMONFX.SYS [98328 2009-02-23] (Creative Technology Ltd) R3 COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [98328 2009-02-23] (Creative Technology Ltd) S3 CTAUDFX; C:\Windows\System32\drivers\CTAUDFX.SYS [528920 2009-02-23] (Creative Technology Ltd) S3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [528920 2009-02-23] (Creative Technology Ltd) S3 CTEAPSFX; C:\Windows\System32\drivers\CTEAPSFX.SYS [163352 2009-02-23] (Creative Technology Ltd) S3 CTEAPSFX.SYS; C:\Windows\System32\drivers\CTEAPSFX.SYS [163352 2009-02-23] (Creative Technology Ltd) S3 CTEDSPFX; C:\Windows\System32\drivers\CTEDSPFX.SYS [259096 2009-02-23] (Creative Technology Ltd) S3 CTEDSPFX.SYS; C:\Windows\System32\drivers\CTEDSPFX.SYS [259096 2009-02-23] (Creative Technology Ltd) S3 CTEDSPIO; C:\Windows\System32\drivers\CTEDSPIO.SYS [134168 2009-02-23] (Creative Technology Ltd) S3 CTEDSPIO.SYS; C:\Windows\System32\drivers\CTEDSPIO.SYS [134168 2009-02-23] (Creative Technology Ltd) S3 CTEDSPSY; C:\Windows\System32\drivers\CTEDSPSY.SYS [309784 2009-02-23] (Creative Technology Ltd) S3 CTEDSPSY.SYS; C:\Windows\System32\drivers\CTEDSPSY.SYS [309784 2009-02-23] (Creative Technology Ltd) S3 CTERFXFX; C:\Windows\System32\drivers\CTERFXFX.SYS [99352 2009-02-23] (Creative Technology Ltd) S3 CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [99352 2009-02-23] (Creative Technology Ltd) S3 CTSBLFX; C:\Windows\System32\drivers\CTSBLFX.SYS [534040 2009-02-23] (Creative Technology Ltd) S3 CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [534040 2009-02-23] (Creative Technology Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-16] (DT Soft Ltd) R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [802840 2009-02-23] (Creative Technology Ltd) S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [163864 2009-02-23] (Creative Technology Ltd) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation) R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2013-01-16] (Duplex Secure Ltd.) R0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [61856 2002-05-22] (PACE Anti-Piracy, Inc.) S2 Nsynas32; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-10 21:15 - 2014-01-10 21:15 - 00000000 ____D C:\Users\Anna\Desktop\FRST-OlderVersion 2014-01-10 21:13 - 2014-01-10 21:13 - 00002212 _____ C:\Users\Anna\Desktop\JRT.txt 2014-01-10 21:10 - 2014-01-10 21:10 - 01037068 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe 2014-01-10 21:10 - 2014-01-10 21:10 - 00000000 ____D C:\Windows\ERUNT 2014-01-10 21:07 - 2014-01-10 21:07 - 00000981 _____ C:\Users\Anna\Desktop\AdwCleaner[S1].txt 2014-01-10 21:03 - 2014-01-10 21:03 - 01233962 _____ C:\Users\Anna\Desktop\adwcleaner.exe 2014-01-10 15:43 - 2014-01-10 21:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-10 15:43 - 2014-01-10 16:07 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-10 15:41 - 2014-01-10 15:41 - 00000000 ____D C:\Users\Anna\Desktop\mbar-1.07.0.1008 2014-01-10 15:39 - 2014-01-10 16:07 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-10 15:38 - 2014-01-10 15:38 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Anna\Desktop\mbar-1.07.0.1008.exe 2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\Anna\Desktop\mbar 2014-01-10 14:46 - 2014-01-10 14:46 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes 2014-01-10 14:45 - 2014-01-10 14:45 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-01-10 14:45 - 2014-01-10 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-10 14:45 - 2014-01-10 14:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-10 14:45 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-10 09:54 - 2014-01-10 09:54 - 00008219 _____ C:\Users\Anna\Desktop\Spybot_Scan Results.140110-0954.txt 2014-01-09 20:30 - 2014-01-09 20:30 - 00000000 ____D C:\Windows\pss 2014-01-09 18:59 - 2014-01-09 18:59 - 00377856 _____ C:\Users\Anna\Desktop\gmer_2.1.19163.exe 2014-01-09 18:41 - 2014-01-10 21:17 - 00015731 _____ C:\Users\Anna\Desktop\Addition.txt 2014-01-09 18:40 - 2014-01-10 21:18 - 00015265 _____ C:\Users\Anna\Desktop\FRST.txt 2014-01-09 18:40 - 2014-01-10 21:15 - 00000000 ____D C:\FRST 2014-01-09 18:39 - 2014-01-10 21:15 - 01066141 _____ (Farbar) C:\Users\Anna\Desktop\FRST.exe 2014-01-09 18:37 - 2014-01-09 18:37 - 00000572 _____ C:\Users\Anna\Desktop\defogger_disable.log 2014-01-09 18:37 - 2014-01-09 18:37 - 00000176 _____ C:\Users\Anna\defogger_reenable 2014-01-09 18:36 - 2014-01-09 18:36 - 00050477 _____ C:\Users\Anna\Desktop\Defogger.exe 2014-01-09 18:35 - 2014-01-09 18:35 - 00050477 _____ C:\Users\Anna\Downloads\Defogger.exe 2013-12-27 18:49 - 2013-12-27 18:50 - 22964496 _____ C:\Users\Anna\Downloads\FullTiltPokerEuSetup.exe 2013-12-27 18:03 - 2013-12-27 18:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-12-27 18:03 - 2013-12-27 18:03 - 00002125 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-12-27 18:03 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2013-12-27 18:02 - 2013-12-27 18:04 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2013-12-27 18:01 - 2013-12-27 18:01 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Anna\Downloads\spybot-2.2.25.exe 2013-12-27 17:22 - 2014-01-06 23:27 - 00000000 ____D C:\Users\Anna\Desktop\Martin 2013-12-27 17:06 - 2014-01-10 21:05 - 00000000 ____D C:\AdwCleaner 2013-12-27 17:05 - 2013-12-27 17:05 - 01233962 _____ C:\Users\Anna\Downloads\adwcleaner.exe 2013-12-23 15:51 - 2013-12-23 15:52 - 00000000 ____D C:\Users\Anna\Desktop\mama 2013-12-23 15:40 - 2013-12-27 17:31 - 00000000 ____D C:\Users\Anna\AppData\Roaming\MediaMonkey 2013-12-23 15:40 - 2013-12-23 15:40 - 00001007 _____ C:\Users\Public\Desktop\MediaMonkey.lnk 2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Users\Anna\AppData\Local\MediaMonkey 2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\ProgramData\MediaMonkey 2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Program Files\MediaMonkey 2013-12-23 15:39 - 2013-12-23 15:39 - 15069520 _____ (Ventis Media Inc. ) C:\Users\Anna\Downloads\MediaMonkey_4.0.7.1511.exe 2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Users\Anna\AppData\Local\Macroplant,_LLC 2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Program Files\Sharepod 2013-12-23 15:24 - 2013-12-23 15:24 - 05965680 _____ (Macroplant LLC ) C:\Users\Anna\Downloads\Sharepod_4_Setup_4010b.exe 2013-12-23 15:12 - 2013-12-23 15:12 - 00000000 ____D C:\Users\Anna\Desktop\Zumba 2013-12-23 14:42 - 2013-12-23 15:14 - 00000000 ____D C:\Users\Anna\Desktop\Eminem u Charts 2013-12-23 14:28 - 2013-12-23 15:18 - 00000000 ____D C:\Users\Anna\Desktop\iPod Musik 2013-12-23 14:27 - 2013-12-23 14:27 - 00001272 _____ C:\Users\Public\Desktop\SciLor's grooveshark™.com Downloader.lnk 2013-12-23 14:26 - 2014-01-10 21:06 - 00000340 _____ C:\Windows\Tasks\PassShow Update.job 2013-12-23 14:26 - 2014-01-06 23:15 - 00000000 ____D C:\Program Files\SciLor's grooveshark(tm).com Downloader 2013-12-23 14:26 - 2013-12-23 14:26 - 00000000 ____D C:\Program Files\PassShow 2013-12-23 14:25 - 2013-12-23 14:25 - 00923784 _____ (CNET Download.com) C:\Users\Anna\Downloads\cbsidlm-cbsi145-SciLors_Groovesharkcom_Downloader-ORG-75764950.exe 2013-12-23 14:06 - 2013-12-27 16:56 - 00000000 ____D C:\Users\Anna\AppData\Roaming\newnext.me 2013-12-23 14:06 - 2013-12-23 14:28 - 00000000 ____D C:\Users\Anna\AppData\Local\cache 2013-12-23 14:06 - 2013-12-23 14:27 - 00000000 ____D C:\Users\Anna\AppData\Local\genienext 2013-12-23 14:06 - 2013-12-23 14:12 - 00000332 _____ C:\Users\Anna\daemonprocess.txt 2013-12-23 14:06 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\.android 2013-12-23 13:43 - 2013-12-23 13:43 - 00689856 _____ C:\Users\Anna\Downloads\SciLors_Grooveshark(tm)_DownloaderSetup.exe 2013-12-21 19:24 - 2013-12-21 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-12 08:56 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-12 08:56 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-12 08:56 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-12 08:56 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-12 08:56 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-12 08:56 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-12 08:56 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-12 08:56 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-12 08:56 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-12 08:56 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-12 08:56 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-12 08:56 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-12 08:56 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-12 08:56 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-12 08:56 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-12 08:56 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-12 08:56 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-12 08:56 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-12 08:56 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-12 08:53 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-12 08:53 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-12 08:37 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 08:37 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-12 08:37 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 08:37 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 08:37 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 08:37 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 08:37 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 08:37 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-12 08:37 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 08:36 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 08:36 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys ==================== One Month Modified Files and Folders ======= 2014-01-10 21:18 - 2014-01-09 18:40 - 00015265 _____ C:\Users\Anna\Desktop\FRST.txt 2014-01-10 21:17 - 2014-01-09 18:41 - 00015731 _____ C:\Users\Anna\Desktop\Addition.txt 2014-01-10 21:15 - 2014-01-10 21:15 - 00000000 ____D C:\Users\Anna\Desktop\FRST-OlderVersion 2014-01-10 21:15 - 2014-01-09 18:40 - 00000000 ____D C:\FRST 2014-01-10 21:15 - 2014-01-09 18:39 - 01066141 _____ (Farbar) C:\Users\Anna\Desktop\FRST.exe 2014-01-10 21:13 - 2014-01-10 21:13 - 00002212 _____ C:\Users\Anna\Desktop\JRT.txt 2014-01-10 21:13 - 2009-07-14 05:34 - 00014960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-10 21:13 - 2009-07-14 05:34 - 00014960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-10 21:12 - 2012-10-16 16:58 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-10 21:10 - 2014-01-10 21:10 - 01037068 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe 2014-01-10 21:10 - 2014-01-10 21:10 - 00000000 ____D C:\Windows\ERUNT 2014-01-10 21:09 - 2012-10-16 16:48 - 01552499 _____ C:\Windows\WindowsUpdate.log 2014-01-10 21:07 - 2014-01-10 21:07 - 00000981 _____ C:\Users\Anna\Desktop\AdwCleaner[S1].txt 2014-01-10 21:07 - 2013-06-12 21:30 - 00000000 ___RD C:\Users\Anna\Dropbox 2014-01-10 21:07 - 2013-06-12 21:18 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Dropbox 2014-01-10 21:06 - 2013-12-23 14:26 - 00000340 _____ C:\Windows\Tasks\PassShow Update.job 2014-01-10 21:06 - 2012-10-21 11:35 - 00057810 _____ C:\ProgramData\lxeescan.log 2014-01-10 21:06 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-10 21:06 - 2009-07-14 05:39 - 00075255 _____ C:\Windows\setupact.log 2014-01-10 21:05 - 2013-12-27 17:06 - 00000000 ____D C:\AdwCleaner 2014-01-10 21:03 - 2014-01-10 21:03 - 01233962 _____ C:\Users\Anna\Desktop\adwcleaner.exe 2014-01-10 21:01 - 2014-01-10 15:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-10 21:01 - 2013-06-04 07:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-10 16:07 - 2014-01-10 15:43 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-10 16:07 - 2014-01-10 15:39 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-10 15:41 - 2014-01-10 15:41 - 00000000 ____D C:\Users\Anna\Desktop\mbar-1.07.0.1008 2014-01-10 15:38 - 2014-01-10 15:38 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Anna\Desktop\mbar-1.07.0.1008.exe 2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\Anna\Desktop\mbar 2014-01-10 14:46 - 2014-01-10 14:46 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes 2014-01-10 14:45 - 2014-01-10 14:45 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-01-10 14:45 - 2014-01-10 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-10 14:45 - 2014-01-10 14:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-10 09:54 - 2014-01-10 09:54 - 00008219 _____ C:\Users\Anna\Desktop\Spybot_Scan Results.140110-0954.txt 2014-01-09 20:30 - 2014-01-09 20:30 - 00000000 ____D C:\Windows\pss 2014-01-09 18:59 - 2014-01-09 18:59 - 00377856 _____ C:\Users\Anna\Desktop\gmer_2.1.19163.exe 2014-01-09 18:37 - 2014-01-09 18:37 - 00000572 _____ C:\Users\Anna\Desktop\defogger_disable.log 2014-01-09 18:37 - 2014-01-09 18:37 - 00000176 _____ C:\Users\Anna\defogger_reenable 2014-01-09 18:37 - 2012-10-16 16:52 - 00000000 ____D C:\Users\Anna 2014-01-09 18:36 - 2014-01-09 18:36 - 00050477 _____ C:\Users\Anna\Desktop\Defogger.exe 2014-01-09 18:35 - 2014-01-09 18:35 - 00050477 _____ C:\Users\Anna\Downloads\Defogger.exe 2014-01-09 17:55 - 2012-10-21 11:56 - 00000000 ____D C:\ProgramData\Lx_cats 2014-01-09 13:02 - 2013-06-12 21:20 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-06 23:27 - 2013-12-27 17:22 - 00000000 ____D C:\Users\Anna\Desktop\Martin 2014-01-06 23:15 - 2013-12-23 14:26 - 00000000 ____D C:\Program Files\SciLor's grooveshark(tm).com Downloader 2013-12-31 11:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2013-12-31 11:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-12-27 18:50 - 2013-12-27 18:49 - 22964496 _____ C:\Users\Anna\Downloads\FullTiltPokerEuSetup.exe 2013-12-27 18:35 - 2013-12-27 18:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-12-27 18:04 - 2013-12-27 18:02 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2013-12-27 18:03 - 2013-12-27 18:03 - 00002125 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-12-27 18:01 - 2013-12-27 18:01 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Anna\Downloads\spybot-2.2.25.exe 2013-12-27 17:49 - 2009-07-14 09:56 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-12-27 17:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-12-27 17:31 - 2013-12-23 15:40 - 00000000 ____D C:\Users\Anna\AppData\Roaming\MediaMonkey 2013-12-27 17:05 - 2013-12-27 17:05 - 01233962 _____ C:\Users\Anna\Downloads\adwcleaner.exe 2013-12-27 16:56 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\AppData\Roaming\newnext.me 2013-12-27 16:55 - 2012-10-16 22:54 - 00013110 _____ C:\Windows\PFRO.log 2013-12-23 15:52 - 2013-12-23 15:51 - 00000000 ____D C:\Users\Anna\Desktop\mama 2013-12-23 15:40 - 2013-12-23 15:40 - 00001007 _____ C:\Users\Public\Desktop\MediaMonkey.lnk 2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Users\Anna\AppData\Local\MediaMonkey 2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\ProgramData\MediaMonkey 2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Program Files\MediaMonkey 2013-12-23 15:39 - 2013-12-23 15:39 - 15069520 _____ (Ventis Media Inc. ) C:\Users\Anna\Downloads\MediaMonkey_4.0.7.1511.exe 2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Users\Anna\AppData\Local\Macroplant,_LLC 2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Program Files\Sharepod 2013-12-23 15:24 - 2013-12-23 15:24 - 05965680 _____ (Macroplant LLC ) C:\Users\Anna\Downloads\Sharepod_4_Setup_4010b.exe 2013-12-23 15:18 - 2013-12-23 14:28 - 00000000 ____D C:\Users\Anna\Desktop\iPod Musik 2013-12-23 15:14 - 2013-12-23 14:42 - 00000000 ____D C:\Users\Anna\Desktop\Eminem u Charts 2013-12-23 15:12 - 2013-12-23 15:12 - 00000000 ____D C:\Users\Anna\Desktop\Zumba 2013-12-23 14:28 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\AppData\Local\cache 2013-12-23 14:27 - 2013-12-23 14:27 - 00001272 _____ C:\Users\Public\Desktop\SciLor's grooveshark™.com Downloader.lnk 2013-12-23 14:27 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\AppData\Local\genienext 2013-12-23 14:26 - 2013-12-23 14:26 - 00000000 ____D C:\Program Files\PassShow 2013-12-23 14:25 - 2013-12-23 14:25 - 00923784 _____ (CNET Download.com) C:\Users\Anna\Downloads\cbsidlm-cbsi145-SciLors_Groovesharkcom_Downloader-ORG-75764950.exe 2013-12-23 14:12 - 2013-12-23 14:06 - 00000332 _____ C:\Users\Anna\daemonprocess.txt 2013-12-23 14:10 - 2013-04-30 11:53 - 00001427 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-23 14:06 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\.android 2013-12-23 13:47 - 2013-03-24 17:39 - 00000000 ____D C:\Users\Anna\AppData\Local\Google 2013-12-23 13:43 - 2013-12-23 13:43 - 00689856 _____ C:\Users\Anna\Downloads\SciLors_Grooveshark(tm)_DownloaderSetup.exe 2013-12-23 12:21 - 2012-10-16 16:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-12-21 19:25 - 2013-12-21 19:24 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-17 08:17 - 2013-11-08 16:35 - 00000000 ____D C:\Users\Anna\Desktop\Musik_Management 2013-12-12 17:06 - 2013-01-30 14:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-12-12 17:06 - 2013-01-30 14:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-12-12 15:08 - 2009-07-14 05:33 - 00411608 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-12 08:56 - 2013-01-16 16:25 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-12 08:55 - 2013-08-14 08:43 - 00000000 ____D C:\Windows\system32\MRT 2013-12-12 08:54 - 2012-10-16 18:16 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Anna\AppData\Local\Temp\ose00000.exe C:\Users\Anna\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-09 19:47 ==================== End Of Log ============================ Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2014 Ran by Anna at 2014-01-10 21:19:03 Running from C:\Users\Anna\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621 - ABBYY Software House) Adobe Flash Player 10 ActiveX (Version: 10.0.22.87 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated) Apple Application Support (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) ASIO4ALL (Version: 2.10 - Michael Tippach) Bonjour (Version: 3.0.0.10 - Apple Inc.) CDBurnerXP (Version: 4.5.2.4291 - CDBurnerXP) Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495 - Cisco Systems, Inc.) Hidden Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Citrix Authentication Manager (Version: 2.0.0.41479 - Citrix Systems, Inc.) Hidden Citrix Receiver (DV) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden Citrix Receiver (HDX Flash-Umleitung) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden Citrix Receiver (USB) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden Citrix Receiver (Version: 13.1.200.22 - Citrix Systems, Inc.) Citrix Receiver Inside (Version: 3.2.0.5844 - Citrix Systems, Inc.) Hidden Citrix Receiver(Aero) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden DAEMON Tools Lite (Version: 4.46.1.0327 - DT Soft Ltd) Das Postleitzahlen-Diagramm 3.8 (Version: - Klaus Wessiepe, Softwareentwicklung und Vertrieb) Dropbox (Version: 2.4.11 - Dropbox, Inc.) E-MU Audio Drivers (Version: - ) E-MU PatchMix DSP (Version: - ) Falk Navi-Manager (Version: 1.2.172 - Falk Marcopolo Interactive GmbH) Falk Navi-Manager (Version: 1.2.172 - Falk Marcopolo Interactive GmbH) Hidden Free DWG Viewer 7.2 (Version: 7.2.0.51 - IGC) Hama Wireless LAN Adapter (Version: 10.1.0 - Hama) iCloud (Version: 3.0.2.163 - Apple Inc.) Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930 - Intel Corporation) Intel(R) TV Wizard (Version: - Intel Corporation) iTunes (Version: 11.1.3.8 - Apple Inc.) Lexmark (Version: 1.0.0.0 - ) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) MediaMonkey 4.0 (Version: 4.0 - Ventis Media Inc.) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (Version: 26.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) Notepad++ (Version: 6.2.3 - ) Online Plug-in (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden Parker WinMatch (Version: - ) PassShow (Version: - PassShow Software) Picasa 3 (Version: 3.9 - Google, Inc.) QuickTime (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (Version: 6.0.1.5919 - Realtek Semiconductor Corp.) Reason 5.0 (Version: 5.0 - Propellerhead Software AB) SciLor's grooveshark™.com Downloader 0.4.12 (Version: 0.4.12 - SciLor) Self-Service Plug-in (Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden Sharepod 4.0.1.0 (Version: - Macroplant LLC) Spybot - Search & Destroy (Version: 2.2.25 - Safer-Networking Ltd.) Steinberg Cubase SX 3 (Version: - Steinberg Media Technologies GmbH) Steinberg Cubase SX v3.1.1.944 (Version: - ) SyncroSoft Emu (Remove only) (Version: - ) Syncrosofts Lizenz Kontrolle (Version: - Syncrosoft Hard- Und Software GmbH) syngo fastView (Version: VX57H31 - Siemens MedSW) Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft) Waves Complete V9r5 (Version: 9.1.1 - Waves) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Mobile-Gerätecenter (Version: 6.1.6965.0 - Microsoft Corporation) WinRAR 4.20 (32-Bit) (Version: 4.20.0 - win.rar GmbH) ==================== Restore Points ========================= 08-12-2013 11:19:21 Windows Update 10-12-2013 22:05:58 Windows Update 12-12-2013 07:53:00 Windows Update 16-12-2013 05:53:07 Windows Update 19-12-2013 14:59:43 Windows Update 23-12-2013 13:03:27 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 23-12-2013 15:10:08 Windows Update 27-12-2013 16:06:50 Windows Update 27-12-2013 16:42:17 Windows Modules Installer 27-12-2013 16:47:53 Windows Modules Installer 27-12-2013 22:27:02 Windows Update 31-12-2013 10:19:52 Windows Update 03-01-2014 17:14:33 Windows Update 07-01-2014 16:38:27 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {38ED887B-36D0-49C7-8FE3-7AEB0242673F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: {4940BA50-92D9-4F7F-B5B5-8AC123730954} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: {73E26DB9-4899-4660-B37B-51278BD16B65} - System32\Tasks\PassShow Update => C:\Program Files\PassShow\PsUP.exe [2013-12-23] () Task: {C699C246-8B37-4EC9-85DE-DEE5C3CF15B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated) Task: {F45101F3-98E1-43C5-BB13-E6454162E4C3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\PassShow Update.job => C:\Program Files\PassShow\PsUP.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-03 20:53 - 2012-08-03 20:53 - 00062968 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-27 18:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-12-27 18:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2013-01-16 16:43 - 2009-12-10 12:16 - 00918816 _____ () C:\Program Files\Hama\Common\RaWLAPI.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Anna\AppData\Roaming\Dropbox\bin\libcef.dll 2013-12-21 19:24 - 2013-12-21 19:24 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-12-12 17:06 - 2013-12-12 17:06 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Nsynas32 Description: Nsynas32 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Nsynas32 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) Description: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 3318.3 MB Available physical RAM: 1820.15 MB Total Pagefile: 6632.84 MB Available Pagefile: 5139.13 MB Total Virtual: 2047.88 MB Available Virtual: 1881.64 MB ==================== Drives ================================ Drive c: (Volume) (Fixed) (Total:446.23 GB) (Free:277.77 GB) NTFS Drive e: (TREKSTOR) (Fixed) (Total:149.01 GB) (Free:50.23 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5960FD37) Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 0B33A529) Partition 1: (Active) - (Size=149 GB) - (Type=0B) ==================== End Of Log ============================ FRST brachte dieses Mal einen Fehler: Aufgrund eines unerwarteten Fehlers können Sie die Datei nicht Kopieren. Wenn der Fehler weiterhin ausgegeben wird, können Sie mithilfe des Fehlercodes in der Hilfe nach diesem Problem suchen. Fehler 0x80030002: install.rdf wurde nicht gefunden install.rdf Typ: RDF-Datei Änderungsdatum: 19.12.2013 21:50 Größe: 898 Bytes Ich konnte nur Abbrechen anklicken. |
11.01.2014, 01:35 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
11.01.2014, 14:26 | #11 |
| Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." Malwarebytes Anti-Malware : Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.11.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16476 Anna :: ANNA-PC [Administrator] 11.01.2014 11:45:04 MBAM-log-2014-01-11 (11-54-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 210701 Laufzeit: 9 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKCR\CLSID\{2d661e5b-7d7a-417c-b5b5-6479017bb314} (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{b8c3b958-ec6a-4d2f-bf2d-c7906acd3da0} (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. HKCR\Interface\{88f2ef1e-a38b-44dd-ae7c-57dfa28ba40f} (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1efa552d-e5a6-4610-a9d1-8cd285646842 (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\dhogjnnleghndloamdkljhnhdchpcijl (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\Software\Mozilla\Firefox\Extensions|{57c20073-e24b-4b2a-aa91-70d1ad526cbf} (PUP.Optional.PassShow.A) -> Daten: C:\Program Files\PassShow\150.xpi -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Program Files\PassShow (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. C:\Users\Anna\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\Anna\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 16 C:\Program Files\PassShow\150.dll (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. C:\Users\Anna\Downloads\SciLorsGroovesharkcomDownloader.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt. C:\Users\Anna\Produkt Key\produkey-x64.zip (PUP.PSWTool.ProductKey) -> Keine Aktion durchgeführt. C:\Users\Anna\Produkt Key\produkey.zip (PUP.PSWTool.ProductKey) -> Keine Aktion durchgeführt. C:\Users\Anna\Produkt Key\produkey_setup.exe (PUP.PSWTool.ProductKey) -> Keine Aktion durchgeführt. C:\Program Files\PassShow\150.crx (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. C:\Program Files\PassShow\01.db (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. C:\Program Files\PassShow\150.dat (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. C:\Program Files\PassShow\150.xpi (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. C:\Program Files\PassShow\PsUP.exe (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. C:\Program Files\PassShow\Sqlite3.dll (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. C:\Program Files\PassShow\Uninstall.exe (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\PassShow Update.job (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt. C:\Users\Anna\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\Anna\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\Anna\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=2ef87490f9dd684db22db1d56c1fe1de # engine=16610 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-01-11 12:56:53 # local_time=2014-01-11 01:56:53 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5892 16777213 88 94 4600437 26982895 0 0 # scanned=220523 # found=1 # cleaned=0 # scan_time=6850 sh=5C28A2F86BE59B7AD904CF0123313D97D362D899 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJI80YK1\easydriverpro803[1].data" |
12.01.2014, 17:14 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." Nur Reste. Hast du die Funde mit Malwarebytes entfernt?
__________________ Logfiles bitte immer in CODE-Tags posten |
12.01.2014, 19:52 | #13 |
| Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." Hallo, ja habe mit Malwarebytes alles entfernt. Habe es auch gerade nochmal durchlaufen lassen - keine Funde. Habe auch keine Seiten mehr gehabt, die sich einfach öffnen. Sieht also bei mir ganz gut aus. |
13.01.2014, 11:44 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." TFC - Temp File Cleaner Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
13.01.2014, 19:06 | #15 |
| Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." TFC ist erledigt. Ansonsten habe ich weder Funde noch Probleme. Ich werde die nächsten Tage mal schauen wie es sich jetzt arbeiten lässt. Aber fürs Erste wars das. Dann kann ich mich nur bedanken für die bombastische Hilfe. Eine kleine Spende ist auch schon an euch raus gegangen;-). |
Themen zu Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." |
4d36e972-e325-11ce-bfc1-08002be10318, adblock, adobe, bonjour, browser, cubase, defender, ebay, email, error, excel, fehlermeldung, firefox, flash player, mozilla, plug-in, problem, prozessor, realtek, refresh, registry key, safer networking, scan, security, services.exe, software, svchost.exe, temp, trojaner, tv wizard, usb, user agent, windows, windows xp |