Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..."

greenhorn23 · 10.01.2014, 10:07

Hallo an alle,

ich habe ein weiteres Problem mit meinem PC. Auch hier hat sich wohl ein Trojaner eingeschlichen. Das zeigt zumindest Spybot an. Auch lässt sich nicht mehr ordentlich damit arbeiten. Ständig gehen einfach irgendwelche Seiten auf, z.B.
hxxp://gip.driverdiv.net/sd/cpops-1.2.0.html?u=http%3A%2F%2Fgip.driverdiv.net%2Fsd%2Fapps%2Ffusionx%2F0.0.4.html%3Faff%3D1030-4000&p=PassShow

und manche Links auf seriösen Seiten wie z.B. ebay können gar nicht mehr angeklickt werden.

Hier alle Log-Daten:

Defogger

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:37 on 09/01/2014 (Anna)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled

-=E.O.F=-

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2014 01
Ran by Anna (administrator) on ANNA-PC on 09-01-2014 18:40:24
Running from C:\Users\Anna\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\lxeecoms.exe
(Ralink Technology, Corp.) C:\Program Files\Hama\Common\RaRegistry.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Team H2O) C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hama GmbH & Co KG) C:\Program Files\Hama\Common\RaUI.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Dropbox, Inc.) C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [H2O] - C:\Program Files\Syncrosoft\POS\H2O\cledx.exe [385024 2005-10-22] (Team H2O)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [CTHelper] - C:\Windows\System32\CTHELPER.EXE [23040 2009-02-23] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] - C:\Windows\System32\CTXFIHLP.EXE [23552 2009-02-23] (Creative Technology Ltd)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: C:\Windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {cbe70fbc-da3e-11e2-8cba-b6cb38289f20} - L:\HTC_Sync_Manager_PC.exe
MountPoints2: {fa6f7bbb-5fef-11e2-8d00-8474b38bdcf8} - J:\setup.exe
AppInit_DLLs: C:\Program Files\Citrix\ICA Client\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.)
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC8BCF86EB6ABCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: CtxIEInterceptorBHO Class - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
BHO: PassShow - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files\PassShow\150.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default
FF NetworkProxy: "http", "94.228.200.61"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Grooveshark Unblocker - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default\Extensions\grooveshark-unblocker@4ley.addons.mozilla.org.xpi
FF Extension: Adblock Plus - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKCU\...\Firefox\Extensions: [{57c20073-e24b-4b2a-aa91-70d1ad526cbf}] - C:\Program Files\PassShow\150.xpi
FF Extension: No Name - C:\Program Files\PassShow\150.xpi
FF Extension: No Name - C:\Program Files\PassShow\150.xpi

========================== Services (Whitelisted) =================

R2 lxee_device; C:\Windows\system32\lxeecoms.exe [598696 2010-04-14] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Hama\Common\RaRegistry.exe [185632 2009-12-10] (Ralink Technology, Corp.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R3 CLEDX; C:\Windows\System32\DRIVERS\cledx.sys [33792 2005-05-09] (Team H2O)
S3 COMMONFX; C:\Windows\System32\drivers\COMMONFX.SYS [98328 2009-02-23] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [98328 2009-02-23] (Creative Technology Ltd)
S3 CTAUDFX; C:\Windows\System32\drivers\CTAUDFX.SYS [528920 2009-02-23] (Creative Technology Ltd)
S3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [528920 2009-02-23] (Creative Technology Ltd)
S3 CTEAPSFX; C:\Windows\System32\drivers\CTEAPSFX.SYS [163352 2009-02-23] (Creative Technology Ltd)
S3 CTEAPSFX.SYS; C:\Windows\System32\drivers\CTEAPSFX.SYS [163352 2009-02-23] (Creative Technology Ltd)
S3 CTEDSPFX; C:\Windows\System32\drivers\CTEDSPFX.SYS [259096 2009-02-23] (Creative Technology Ltd)
S3 CTEDSPFX.SYS; C:\Windows\System32\drivers\CTEDSPFX.SYS [259096 2009-02-23] (Creative Technology Ltd)
S3 CTEDSPIO; C:\Windows\System32\drivers\CTEDSPIO.SYS [134168 2009-02-23] (Creative Technology Ltd)
S3 CTEDSPIO.SYS; C:\Windows\System32\drivers\CTEDSPIO.SYS [134168 2009-02-23] (Creative Technology Ltd)
S3 CTEDSPSY; C:\Windows\System32\drivers\CTEDSPSY.SYS [309784 2009-02-23] (Creative Technology Ltd)
S3 CTEDSPSY.SYS; C:\Windows\System32\drivers\CTEDSPSY.SYS [309784 2009-02-23] (Creative Technology Ltd)
S3 CTERFXFX; C:\Windows\System32\drivers\CTERFXFX.SYS [99352 2009-02-23] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [99352 2009-02-23] (Creative Technology Ltd)
S3 CTSBLFX; C:\Windows\System32\drivers\CTSBLFX.SYS [534040 2009-02-23] (Creative Technology Ltd)
S3 CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [534040 2009-02-23] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-16] (DT Soft Ltd)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [802840 2009-02-23] (Creative Technology Ltd)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [163864 2009-02-23] (Creative Technology Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2013-01-16] (Duplex Secure Ltd.)
R0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [61856 2002-05-22] (PACE Anti-Piracy, Inc.)
S2 Nsynas32; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-09 18:40 - 2014-01-09 18:40 - 00015378 _____ C:\Users\Anna\Desktop\FRST.txt
2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\FRST
2014-01-09 18:39 - 2014-01-09 18:39 - 01065947 _____ (Farbar) C:\Users\Anna\Desktop\FRST.exe
2014-01-09 18:37 - 2014-01-09 18:37 - 00000572 _____ C:\Users\Anna\Desktop\defogger_disable.log
2014-01-09 18:37 - 2014-01-09 18:37 - 00000176 _____ C:\Users\Anna\defogger_reenable
2014-01-09 18:36 - 2014-01-09 18:36 - 00050477 _____ C:\Users\Anna\Desktop\Defogger.exe
2014-01-09 18:35 - 2014-01-09 18:35 - 00050477 _____ C:\Users\Anna\Downloads\Defogger.exe
2013-12-27 18:49 - 2013-12-27 18:50 - 22964496 _____ C:\Users\Anna\Downloads\FullTiltPokerEuSetup.exe
2013-12-27 18:03 - 2013-12-27 18:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-27 18:03 - 2013-12-27 18:03 - 00002125 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-27 18:03 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-12-27 18:02 - 2013-12-27 18:04 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-27 18:01 - 2013-12-27 18:01 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Anna\Downloads\spybot-2.2.25.exe
2013-12-27 17:22 - 2014-01-06 23:27 - 00000000 ____D C:\Users\Anna\Desktop\Martin
2013-12-27 17:06 - 2013-12-27 17:17 - 00000000 ____D C:\AdwCleaner
2013-12-27 17:05 - 2013-12-27 17:05 - 01233962 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-23 15:51 - 2013-12-23 15:52 - 00000000 ____D C:\Users\Anna\Desktop\mama
2013-12-23 15:40 - 2013-12-27 17:31 - 00000000 ____D C:\Users\Anna\AppData\Roaming\MediaMonkey
2013-12-23 15:40 - 2013-12-23 15:40 - 00001007 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Users\Anna\AppData\Local\MediaMonkey
2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\ProgramData\MediaMonkey
2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Program Files\MediaMonkey
2013-12-23 15:39 - 2013-12-23 15:39 - 15069520 _____ (Ventis Media Inc.                                           ) C:\Users\Anna\Downloads\MediaMonkey_4.0.7.1511.exe
2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Users\Anna\AppData\Local\Macroplant,_LLC
2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Program Files\Sharepod
2013-12-23 15:24 - 2013-12-23 15:24 - 05965680 _____ (Macroplant LLC                                              ) C:\Users\Anna\Downloads\Sharepod_4_Setup_4010b.exe
2013-12-23 15:12 - 2013-12-23 15:12 - 00000000 ____D C:\Users\Anna\Desktop\Zumba
2013-12-23 14:42 - 2013-12-23 15:14 - 00000000 ____D C:\Users\Anna\Desktop\Eminem u Charts
2013-12-23 14:28 - 2013-12-23 15:18 - 00000000 ____D C:\Users\Anna\Desktop\iPod Musik
2013-12-23 14:27 - 2013-12-23 14:27 - 00001272 _____ C:\Users\Public\Desktop\SciLor's grooveshark™.com Downloader.lnk
2013-12-23 14:26 - 2014-01-09 14:16 - 00000340 _____ C:\Windows\Tasks\PassShow Update.job
2013-12-23 14:26 - 2014-01-06 23:15 - 00000000 ____D C:\Program Files\SciLor's grooveshark(tm).com Downloader
2013-12-23 14:26 - 2013-12-23 14:26 - 00000000 ____D C:\Program Files\PassShow
2013-12-23 14:25 - 2013-12-23 14:25 - 00923784 _____ (CNET Download.com) C:\Users\Anna\Downloads\cbsidlm-cbsi145-SciLors_Groovesharkcom_Downloader-ORG-75764950.exe
2013-12-23 14:06 - 2013-12-27 16:56 - 00000000 ____D C:\Users\Anna\AppData\Roaming\newnext.me
2013-12-23 14:06 - 2013-12-23 14:28 - 00000000 ____D C:\Users\Anna\AppData\Local\cache
2013-12-23 14:06 - 2013-12-23 14:27 - 00000000 ____D C:\Users\Anna\AppData\Local\genienext
2013-12-23 14:06 - 2013-12-23 14:12 - 00000332 _____ C:\Users\Anna\daemonprocess.txt
2013-12-23 14:06 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\.android
2013-12-23 13:43 - 2013-12-23 13:43 - 00689856 _____ C:\Users\Anna\Downloads\SciLors_Grooveshark(tm)_DownloaderSetup.exe
2013-12-21 19:24 - 2013-12-21 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 08:56 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 08:56 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 08:56 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 08:56 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 08:56 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 08:56 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 08:56 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 08:56 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 08:56 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 08:56 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 08:56 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 08:56 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 08:56 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 08:56 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 08:56 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 08:56 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 08:56 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 08:56 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 08:56 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 08:53 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 08:53 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 08:37 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 08:37 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 08:37 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 08:37 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 08:37 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 08:37 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 08:37 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 08:37 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 08:37 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 08:36 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 08:36 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-09 18:40 - 2014-01-09 18:40 - 00015378 _____ C:\Users\Anna\Desktop\FRST.txt
2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\FRST
2014-01-09 18:39 - 2014-01-09 18:39 - 01065947 _____ (Farbar) C:\Users\Anna\Desktop\FRST.exe
2014-01-09 18:37 - 2014-01-09 18:37 - 00000572 _____ C:\Users\Anna\Desktop\defogger_disable.log
2014-01-09 18:37 - 2014-01-09 18:37 - 00000176 _____ C:\Users\Anna\defogger_reenable
2014-01-09 18:37 - 2012-10-16 16:52 - 00000000 ____D C:\Users\Anna
2014-01-09 18:36 - 2014-01-09 18:36 - 00050477 _____ C:\Users\Anna\Desktop\Defogger.exe
2014-01-09 18:35 - 2014-01-09 18:35 - 00050477 _____ C:\Users\Anna\Downloads\Defogger.exe
2014-01-09 18:25 - 2012-10-16 16:48 - 01461373 _____ C:\Windows\WindowsUpdate.log
2014-01-09 18:06 - 2013-06-04 07:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-09 17:55 - 2012-10-21 11:56 - 00000000 ____D C:\ProgramData\Lx_cats
2014-01-09 17:07 - 2012-10-16 16:58 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 14:16 - 2013-12-23 14:26 - 00000340 _____ C:\Windows\Tasks\PassShow Update.job
2014-01-09 13:08 - 2009-07-14 05:34 - 00014624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-09 13:08 - 2009-07-14 05:34 - 00014624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-09 13:02 - 2013-06-12 21:30 - 00000000 ___RD C:\Users\Anna\Dropbox
2014-01-09 13:02 - 2013-06-12 21:20 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-09 13:02 - 2013-06-12 21:18 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Dropbox
2014-01-09 13:01 - 2012-10-21 11:35 - 00057150 _____ C:\ProgramData\lxeescan.log
2014-01-09 13:00 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-09 13:00 - 2009-07-14 05:39 - 00074919 _____ C:\Windows\setupact.log
2014-01-06 23:27 - 2013-12-27 17:22 - 00000000 ____D C:\Users\Anna\Desktop\Martin
2014-01-06 23:15 - 2013-12-23 14:26 - 00000000 ____D C:\Program Files\SciLor's grooveshark(tm).com Downloader
2013-12-31 11:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-31 11:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-27 18:50 - 2013-12-27 18:49 - 22964496 _____ C:\Users\Anna\Downloads\FullTiltPokerEuSetup.exe
2013-12-27 18:35 - 2013-12-27 18:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-27 18:04 - 2013-12-27 18:02 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-27 18:03 - 2013-12-27 18:03 - 00002125 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-27 18:01 - 2013-12-27 18:01 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Anna\Downloads\spybot-2.2.25.exe
2013-12-27 17:49 - 2009-07-14 09:56 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-27 17:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-27 17:31 - 2013-12-23 15:40 - 00000000 ____D C:\Users\Anna\AppData\Roaming\MediaMonkey
2013-12-27 17:17 - 2013-12-27 17:06 - 00000000 ____D C:\AdwCleaner
2013-12-27 17:05 - 2013-12-27 17:05 - 01233962 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-27 16:56 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\AppData\Roaming\newnext.me
2013-12-27 16:55 - 2012-10-16 22:54 - 00013110 _____ C:\Windows\PFRO.log
2013-12-23 15:52 - 2013-12-23 15:51 - 00000000 ____D C:\Users\Anna\Desktop\mama
2013-12-23 15:40 - 2013-12-23 15:40 - 00001007 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Users\Anna\AppData\Local\MediaMonkey
2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\ProgramData\MediaMonkey
2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Program Files\MediaMonkey
2013-12-23 15:39 - 2013-12-23 15:39 - 15069520 _____ (Ventis Media Inc.                                           ) C:\Users\Anna\Downloads\MediaMonkey_4.0.7.1511.exe
2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Users\Anna\AppData\Local\Macroplant,_LLC
2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Program Files\Sharepod
2013-12-23 15:24 - 2013-12-23 15:24 - 05965680 _____ (Macroplant LLC                                              ) C:\Users\Anna\Downloads\Sharepod_4_Setup_4010b.exe
2013-12-23 15:18 - 2013-12-23 14:28 - 00000000 ____D C:\Users\Anna\Desktop\iPod Musik
2013-12-23 15:14 - 2013-12-23 14:42 - 00000000 ____D C:\Users\Anna\Desktop\Eminem u Charts
2013-12-23 15:12 - 2013-12-23 15:12 - 00000000 ____D C:\Users\Anna\Desktop\Zumba
2013-12-23 14:28 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\AppData\Local\cache
2013-12-23 14:27 - 2013-12-23 14:27 - 00001272 _____ C:\Users\Public\Desktop\SciLor's grooveshark™.com Downloader.lnk
2013-12-23 14:27 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\AppData\Local\genienext
2013-12-23 14:26 - 2013-12-23 14:26 - 00000000 ____D C:\Program Files\PassShow
2013-12-23 14:25 - 2013-12-23 14:25 - 00923784 _____ (CNET Download.com) C:\Users\Anna\Downloads\cbsidlm-cbsi145-SciLors_Groovesharkcom_Downloader-ORG-75764950.exe
2013-12-23 14:12 - 2013-12-23 14:06 - 00000332 _____ C:\Users\Anna\daemonprocess.txt
2013-12-23 14:10 - 2013-04-30 11:53 - 00001427 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-23 14:06 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\.android
2013-12-23 13:47 - 2013-03-24 17:39 - 00000000 ____D C:\Users\Anna\AppData\Local\Google
2013-12-23 13:43 - 2013-12-23 13:43 - 00689856 _____ C:\Users\Anna\Downloads\SciLors_Grooveshark(tm)_DownloaderSetup.exe
2013-12-23 12:21 - 2012-10-16 16:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 19:25 - 2013-12-21 19:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-17 08:17 - 2013-11-08 16:35 - 00000000 ____D C:\Users\Anna\Desktop\Musik_Management
2013-12-12 17:06 - 2013-01-30 14:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-12 17:06 - 2013-01-30 14:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-12 15:08 - 2009-07-14 05:33 - 00411608 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 08:56 - 2013-01-16 16:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 08:55 - 2013-08-14 08:43 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 08:54 - 2012-10-16 18:16 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-10 14:31 - 2013-12-09 22:52 - 00000000 ____D C:\Users\Anna\Desktop\Erste Bilder

Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-31 11:39

==================== End Of Log ============================

--- --- ---

FRST-AdditionFRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-01-2014 01
Ran by Anna at 2014-01-09 18:41:26
Running from C:\Users\Anna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (Version: 2.10 - Michael Tippach)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (Version: 4.5.2.4291 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Authentication Manager (Version: 2.0.0.41479 - Citrix Systems, Inc.) Hidden
Citrix Receiver (DV) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash-Umleitung) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Citrix Receiver (Version: 13.1.200.22 - Citrix Systems, Inc.)
Citrix Receiver Inside (Version: 3.2.0.5844 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
DAEMON Tools Lite (Version: 4.46.1.0327 - DT Soft Ltd)
Das Postleitzahlen-Diagramm 3.8 (Version:  - Klaus Wessiepe, Softwareentwicklung und Vertrieb)
Dropbox (Version: 2.4.11 - Dropbox, Inc.)
E-MU Audio Drivers (Version:  - )
E-MU PatchMix DSP (Version:  - )
Falk Navi-Manager (Version: 1.2.172 - Falk Marcopolo Interactive GmbH)
Falk Navi-Manager (Version: 1.2.172 - Falk Marcopolo Interactive GmbH) Hidden
Free DWG Viewer 7.2 (Version: 7.2.0.51 - IGC)
Hama Wireless LAN Adapter (Version: 10.1.0 - Hama)
iCloud (Version: 3.0.2.163 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (Version:  - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Lexmark  (Version: 1.0.0.0 - )
MediaMonkey 4.0 (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (Version: 6.2.3 - )
Online Plug-in (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Parker WinMatch (Version:  - )
PassShow (Version:  - PassShow Software)
Picasa 3 (Version: 3.9 - Google, Inc.)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Reason 5.0 (Version: 5.0 - Propellerhead Software AB)
SciLor's grooveshark™.com Downloader 0.4.12 (Version: 0.4.12 - SciLor)
Self-Service Plug-in (Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Sharepod 4.0.1.0 (Version:  - Macroplant LLC)
Spybot - Search & Destroy (Version: 2.2.25 - Safer-Networking Ltd.)
Steinberg Cubase SX 3 (Version:  - Steinberg Media Technologies GmbH)
Steinberg Cubase SX v3.1.1.944 (Version:  - )
SyncroSoft Emu (Remove only) (Version:  - )
Syncrosofts Lizenz Kontrolle (Version:  - Syncrosoft Hard- Und Software GmbH)
syngo fastView (Version: VX57H31 - Siemens MedSW)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Waves Complete V9r5 (Version: 9.1.1 - Waves)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

08-12-2013 11:19:21 Windows Update
10-12-2013 22:05:58 Windows Update
12-12-2013 07:53:00 Windows Update
16-12-2013 05:53:07 Windows Update
19-12-2013 14:59:43 Windows Update
23-12-2013 13:03:27 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
23-12-2013 15:10:08 Windows Update
27-12-2013 16:06:50 Windows Update
27-12-2013 16:42:17 Windows Modules Installer
27-12-2013 16:47:53 Windows Modules Installer
27-12-2013 22:27:02 Windows Update
31-12-2013 10:19:52 Windows Update
03-01-2014 17:14:33 Windows Update
07-01-2014 16:38:27 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {38ED887B-36D0-49C7-8FE3-7AEB0242673F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {4940BA50-92D9-4F7F-B5B5-8AC123730954} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {73E26DB9-4899-4660-B37B-51278BD16B65} - System32\Tasks\PassShow Update => C:\Program Files\PassShow\PsUP.exe [2013-12-23] ()
Task: {C699C246-8B37-4EC9-85DE-DEE5C3CF15B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {F45101F3-98E1-43C5-BB13-E6454162E4C3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PassShow Update.job => C:\Program Files\PassShow\PsUP.exe

==================== Loaded Modules (whitelisted) =============

2012-06-18 16:24 - 2012-06-18 16:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2012-08-03 20:53 - 2012-08-03 20:53 - 00062968 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-27 18:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-27 18:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-16 16:43 - 2009-12-10 12:16 - 00918816 _____ () C:\Program Files\Hama\Common\RaWLAPI.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Anna\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-21 19:24 - 2013-12-21 19:24 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2009-05-18 12:29 - 2009-05-18 12:29 - 00819200 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeeptpc.dll
2009-11-04 12:14 - 2009-11-04 12:14 - 00165376 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeedrui.dll
2009-06-07 23:40 - 2009-06-07 23:40 - 00167936 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeePRPR.DLL
2009-11-04 12:14 - 2009-11-04 12:14 - 00236032 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeedr.dll
2013-12-12 17:06 - 2013-12-12 17:06 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
2013-12-27 18:02 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-27 18:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Nsynas32
Description: Nsynas32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Nsynas32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Description: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2014 11:15:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SciLors GrooveDownloader.exe, Version: 1.0.0.0, Zeitstempel: 0x52600965
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005d2914
ID des fehlerhaften Prozesses: 0x1570
Startzeit der fehlerhaften Anwendung: 0xSciLors GrooveDownloader.exe0
Pfad der fehlerhaften Anwendung: SciLors GrooveDownloader.exe1
Pfad des fehlerhaften Moduls: SciLors GrooveDownloader.exe2
Berichtskennung: SciLors GrooveDownloader.exe3

Error: (01/06/2014 11:15:25 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: SciLors GrooveDownloader.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei SciLors_GrooveDownloader.MainWindow.MainWindow_Closed(System.Object, System.EventArgs)
   bei System.Windows.Window.OnClosed(System.EventArgs)
   bei System.Windows.Window.WmDestroy()
   bei System.Windows.Window.WindowFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.UnsafeSendMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   bei System.Windows.Window.InternalClose(Boolean, Boolean)
   bei System.Windows.Application.DoShutdown()
   bei System.Windows.Application.ShutdownImpl()
   bei System.Windows.Application.ShutdownCallback(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.runTryCode(System.Object)
   bei System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei SciLors_GrooveDownloader.Application.Main()

Error: (01/06/2014 09:06:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SciLors GrooveDownloader.exe, Version: 1.0.0.0, Zeitstempel: 0x52600965
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003f2914
ID des fehlerhaften Prozesses: 0xd18
Startzeit der fehlerhaften Anwendung: 0xSciLors GrooveDownloader.exe0
Pfad der fehlerhaften Anwendung: SciLors GrooveDownloader.exe1
Pfad des fehlerhaften Moduls: SciLors GrooveDownloader.exe2
Berichtskennung: SciLors GrooveDownloader.exe3

Error: (01/06/2014 09:06:38 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: SciLors GrooveDownloader.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei SciLors_GrooveDownloader.MainWindow.MainWindow_Closed(System.Object, System.EventArgs)
   bei System.Windows.Window.OnClosed(System.EventArgs)
   bei System.Windows.Window.WmDestroy()
   bei System.Windows.Window.WindowFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.UnsafeSendMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   bei System.Windows.Window.InternalClose(Boolean, Boolean)
   bei System.Windows.Application.DoShutdown()
   bei System.Windows.Application.ShutdownImpl()
   bei System.Windows.Application.ShutdownCallback(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.runTryCode(System.Object)
   bei System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei SciLors_GrooveDownloader.Application.Main()

Error: (01/06/2014 08:13:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: EmuPatchMixDSP.exe, Version: 1.0.1.17, Zeitstempel: 0x401f098e
Name des fehlerhaften Moduls: EmuPatchMixDSP.dll, Version: 1.0.1.8, Zeitstempel: 0x401f08a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00019f58
ID des fehlerhaften Prozesses: 0x1484
Startzeit der fehlerhaften Anwendung: 0xEmuPatchMixDSP.exe0
Pfad der fehlerhaften Anwendung: EmuPatchMixDSP.exe1
Pfad des fehlerhaften Moduls: EmuPatchMixDSP.exe2
Berichtskennung: EmuPatchMixDSP.exe3

Error: (01/06/2014 07:33:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SciLors GrooveDownloader.exe, Version: 1.0.0.0, Zeitstempel: 0x52600965
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003a2914
ID des fehlerhaften Prozesses: 0x1320
Startzeit der fehlerhaften Anwendung: 0xSciLors GrooveDownloader.exe0
Pfad der fehlerhaften Anwendung: SciLors GrooveDownloader.exe1
Pfad des fehlerhaften Moduls: SciLors GrooveDownloader.exe2
Berichtskennung: SciLors GrooveDownloader.exe3

Error: (01/06/2014 07:33:31 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: SciLors GrooveDownloader.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei SciLors_GrooveDownloader.MainWindow.MainWindow_Closed(System.Object, System.EventArgs)
   bei System.Windows.Window.OnClosed(System.EventArgs)
   bei System.Windows.Window.WmDestroy()
   bei System.Windows.Window.WindowFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.UnsafeSendMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   bei System.Windows.Window.InternalClose(Boolean, Boolean)
   bei System.Windows.Application.DoShutdown()
   bei System.Windows.Application.ShutdownImpl()
   bei System.Windows.Application.ShutdownCallback(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.runTryCode(System.Object)
   bei System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei SciLors_GrooveDownloader.Application.Main()

Error: (01/06/2014 07:19:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3564078

Error: (01/06/2014 07:19:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3564078

Error: (01/06/2014 07:19:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/09/2014 05:05:14 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (01/09/2014 05:05:14 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (01/09/2014 05:01:34 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (01/09/2014 05:01:34 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (01/09/2014 01:01:09 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sptd

Error: (01/09/2014 01:00:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Nsynas32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/09/2014 01:00:21 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (01/09/2014 01:00:15 PM) (Source: sptd) (User: )
Description: Der Treiber hat einen internen Fehler in seinen Datenstrukturen für  festgestellt.

Error: (01/08/2014 09:25:22 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/08/2014 02:24:39 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sptd


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 64%
Total physical RAM: 3318.3 MB
Available physical RAM: 1162.28 MB
Total Pagefile: 6632.84 MB
Available Pagefile: 4362.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1873.3 MB

==================== Drives ================================

Drive c: (Volume) (Fixed) (Total:446.23 GB) (Free:278.25 GB) NTFS
Drive e: (TREKSTOR) (Fixed) (Total:149.01 GB) (Free:50.23 GB) FAT32
Drive j: (WAVES9R5) (CDROM) (Total:0.75 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5960FD37)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 0B33A529)
Partition 1: (Active) - (Size=149 GB) - (Type=0B)

==================== End Of Log ============================

--- --- ---
Spybot-Report

Code:

ATTFilter

Search results from Spybot - Search & Destroy

10.01.2014 09:54:52
Scan took 00:22:59.
27 items found.

Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp

Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp

SweetIM: [SBI $AA2FA8DB] User settings (Registry Key, nothing done)
  HKEY_USERS\.DEFAULT\Software\SweetIM

SweetIM: [SBI $AA2FA8DB] User settings (Registry Key, nothing done)
  HKEY_USERS\S-1-5-18\Software\SweetIM

SweetIM: [SBI $08F288FC] User settings (Registry Key, nothing done)
  HKEY_USERS\.DEFAULT\Software\ImInstaller

SweetIM: [SBI $B05CF80C] User settings (Registry Key, nothing done)
  HKEY_USERS\S-1-5-18\Software\ImInstaller

SweetIM: [SBI $156C1FE6] Settings (Registry Key, nothing done)
  HKEY_USERS\.DEFAULT\Software\SweetIM\Toolbars

SweetIM: [SBI $156C1FE6] Settings (Registry Key, nothing done)
  HKEY_USERS\S-1-5-18\Software\SweetIM\Toolbars

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CRKS8W4V\secureinclude.ebaystatic.com\ebayLSO.sol
  Properties.size=131
  Properties.md5=D3ED6DCAE3C3081EF612CD0EC2757558
  Properties.filedate=1389285997
  Properties.filedatetext=2014-01-09 17:46:36

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CRKS8W4V\secureinclude.ebaystatic.com\ebayT.sol
  Properties.size=39
  Properties.md5=B43F43445AA3414DDC22EC80FBB22871
  Properties.filedate=1389285997
  Properties.filedatetext=2014-01-09 17:46:36

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CRKS8W4V\www.paypalobjects.com\paypalLSO.sol
  Properties.size=111
  Properties.md5=36B2FE09D6EF0C12ABC7A8240B86D561
  Properties.filedate=1389286265
  Properties.filedatetext=2014-01-09 17:51:04

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CRKS8W4V\www.paypalobjects.com\ppLsoTest.sol
  Properties.size=48
  Properties.md5=74EE4375686A2069414EEF13E7B62789
  Properties.filedate=1389286255
  Properties.filedatetext=2014-01-09 17:50:55

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CRKS8W4V\www.ajaxcdn.org\swf.swf\dm_cookie.sol
  Properties.size=415
  Properties.md5=ED4E3C925CD421F9BE689B124CAAFEF2
  Properties.filedate=1389339904
  Properties.filedatetext=2014-01-10 08:45:04

DoubleClick: [SBI $19447DDC] Tracking cookie (Firefox: Anna (default)) (Browser: Cookie, nothing done)
  

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3567876854-2728293220-477572695-1001\Software\Microsoft\Microsoft Management Console\Recent File List

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3567876854-2728293220-477572695-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3567876854-2728293220-477572695-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3567876854-2728293220-477572695-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (13) (Browser: Cache, nothing done)
  

Verlauf: [SBI $49804B54] Browser: History (5) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (163) (Browser: Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-12-27 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2013-11-12 Includes\Adware.sbi (*)
2013-12-23 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2013-10-16 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-10-29 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-12-23 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-10-29 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-12-03 Includes\TrojansC-03.sbi (*)
2013-12-23 Includes\TrojansC-04.sbi (*)
2013-12-10 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)

GMER hat nicht funktioniert. Hier erschien folgende Fehlermeldung:
Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk \Device\Harddisk3\DR3 ein.

Das selbe kam beim Versuch im abgesicherten Modus zu scannen.
Auch google hat mir da nicht viel weitergeholfen.

Ich danke für eure Hilfe.

Grüße

cosinus · 10.01.2014, 10:20

hi

Zitat:

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard

Enterprise Office und Professional Windows - ist das ein gewerblich genutztes System?
Du weißt schon, dass man ein Enterprise Office nur als Firmenkunde über (schweineteure) Volumenlizenz-Verträge bekommt?

greenhorn23 · 10.01.2014, 14:11

Der PC wird von mir sowohl privat als auch gewerblich genutzt. Ich hab quasi ein Homeoffice.
Ich weiß, dass gewerblich genutzte Systeme nicht in dieses Forum gehören, aber ich kann da
schwer eine Grenze ziehen.

Ich hoffe dass es dennoch eine Möglichkeit gibt, die auch aktzeptabel für euch ist.

Vielleicht gibt es auch eine andere Adresse an die ich mich wenden könnte.

cosinus · 10.01.2014, 14:28

Wir bereinigen doch auch gewerbliche Systeme, das ist nicht der Punkt.

Ich möchte da immer nur drauf hinweisen, denn

1. ist normalerweise ein Admin für die Kiste zuständig (ok in deinem Fall nicht zutreffend)
2. kann ein Log von einem gewerblichen System brisante Kundendaten enthalten

Lies daher folgenden Text bitte und teile mir mit ob du weitermachen willst:

Zitat:

Zitat von http://www.trojaner-board.de/108422-loeschen-logfiles-andere-anfragen.html

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

Gelesen und verstanden?

greenhorn23 · 10.01.2014, 14:32

Ja das habe ich schon gelesen, danke aber für den Hinweis.
Wie du schon sagst, einen persönlichen Admin habe ich leider nicht:-)
Ansonsten läuft meine Arbeit über eine Desktop Remote Verbindung, also ich habe
direkt auf meinem Rechner keine brisanten Daten.

Von daher steht einem nächsten Schritt nichts im Wege.

cosinus · 10.01.2014, 14:55

Ok

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

greenhorn23 · 10.01.2014, 16:03

Ist ohne Fünde durchgelaufen. Gerade hat sich aber schon wieder einfach eine Seite geöffnet:
hxxp://gip.driverdiv.net/...

Hier die Log-Datei:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.10.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Anna :: ANNA-PC [administrator]

10.01.2014 15:43:13
mbar-log-2014-01-10 (15-43-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 213859
Time elapsed: 11 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 10.01.2014, 17:36

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

greenhorn23 · 10.01.2014, 21:25

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.016 - Bericht erstellt am 10/01/2014 um 21:05:15
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Anna - ANNA-PC
# Gestartet von : C:\Users\Anna\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [16148 octets] - [27/12/2013 17:07:36]
AdwCleaner[R1].txt - [921 octets] - [10/01/2014 21:04:06]
AdwCleaner[S0].txt - [15622 octets] - [27/12/2013 17:17:10]
AdwCleaner[S1].txt - [843 octets] - [10/01/2014 21:05:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [902 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x86
Ran by Anna on 10.01.2014 at 21:10:54,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3567876854-2728293220-477572695-1001\Software\ib updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3567876854-2728293220-477572695-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasmancs



~~~ Files

Successfully deleted: [File] "C:\Users\Anna\appdata\locallow\SkwConfig.bin"



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\lwb3fzqz.default\prefs.js

user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://db.tt/3hg8n7sv/|||864137
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://db.tt/3hg8n7sv/|#|ol
Emptied folder: C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\lwb3fzqz.default\minidumps [98 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2014 at 21:13:26,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2014
Ran by Anna (administrator) on ANNA-PC on 10-01-2014 21:18:23
Running from C:\Users\Anna\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\lxeecoms.exe
(Ralink Technology, Corp.) C:\Program Files\Hama\Common\RaRegistry.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Team H2O) C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Hama GmbH & Co KG) C:\Program Files\Hama\Common\RaUI.exe
(Dropbox, Inc.) C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [H2O] - C:\Program Files\Syncrosoft\POS\H2O\cledx.exe [385024 2005-10-22] (Team H2O)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [CTHelper] - C:\Windows\System32\CTHELPER.EXE [23040 2009-02-23] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] - C:\Windows\System32\CTXFIHLP.EXE [23552 2009-02-23] (Creative Technology Ltd)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: C:\Windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {cbe70fbc-da3e-11e2-8cba-b6cb38289f20} - L:\HTC_Sync_Manager_PC.exe
MountPoints2: {fa6f7bbb-5fef-11e2-8d00-8474b38bdcf8} - J:\setup.exe
AppInit_DLLs: C:\Program Files\Citrix\ICA Client\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.)
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC8BCF86EB6ABCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: CtxIEInterceptorBHO Class - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
BHO: PassShow - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files\PassShow\150.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default
FF NetworkProxy: "http", "94.228.200.61"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Grooveshark Unblocker - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default\Extensions\grooveshark-unblocker@4ley.addons.mozilla.org.xpi
FF Extension: Adblock Plus - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\lwb3fzqz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKCU\...\Firefox\Extensions: [{57c20073-e24b-4b2a-aa91-70d1ad526cbf}] - C:\Program Files\PassShow\150.xpi
FF Extension: No Name - C:\Program Files\PassShow\150.xpi
FF Extension: No Name - C:\Program Files\PassShow\150.xpi

========================== Services (Whitelisted) =================

R2 lxee_device; C:\Windows\system32\lxeecoms.exe [598696 2010-04-14] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Hama\Common\RaRegistry.exe [185632 2009-12-10] (Ralink Technology, Corp.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R3 CLEDX; C:\Windows\System32\DRIVERS\cledx.sys [33792 2005-05-09] (Team H2O)
S3 COMMONFX; C:\Windows\System32\drivers\COMMONFX.SYS [98328 2009-02-23] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [98328 2009-02-23] (Creative Technology Ltd)
S3 CTAUDFX; C:\Windows\System32\drivers\CTAUDFX.SYS [528920 2009-02-23] (Creative Technology Ltd)
S3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [528920 2009-02-23] (Creative Technology Ltd)
S3 CTEAPSFX; C:\Windows\System32\drivers\CTEAPSFX.SYS [163352 2009-02-23] (Creative Technology Ltd)
S3 CTEAPSFX.SYS; C:\Windows\System32\drivers\CTEAPSFX.SYS [163352 2009-02-23] (Creative Technology Ltd)
S3 CTEDSPFX; C:\Windows\System32\drivers\CTEDSPFX.SYS [259096 2009-02-23] (Creative Technology Ltd)
S3 CTEDSPFX.SYS; C:\Windows\System32\drivers\CTEDSPFX.SYS [259096 2009-02-23] (Creative Technology Ltd)
S3 CTEDSPIO; C:\Windows\System32\drivers\CTEDSPIO.SYS [134168 2009-02-23] (Creative Technology Ltd)
S3 CTEDSPIO.SYS; C:\Windows\System32\drivers\CTEDSPIO.SYS [134168 2009-02-23] (Creative Technology Ltd)
S3 CTEDSPSY; C:\Windows\System32\drivers\CTEDSPSY.SYS [309784 2009-02-23] (Creative Technology Ltd)
S3 CTEDSPSY.SYS; C:\Windows\System32\drivers\CTEDSPSY.SYS [309784 2009-02-23] (Creative Technology Ltd)
S3 CTERFXFX; C:\Windows\System32\drivers\CTERFXFX.SYS [99352 2009-02-23] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [99352 2009-02-23] (Creative Technology Ltd)
S3 CTSBLFX; C:\Windows\System32\drivers\CTSBLFX.SYS [534040 2009-02-23] (Creative Technology Ltd)
S3 CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [534040 2009-02-23] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-16] (DT Soft Ltd)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [802840 2009-02-23] (Creative Technology Ltd)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [163864 2009-02-23] (Creative Technology Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2013-01-16] (Duplex Secure Ltd.)
R0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [61856 2002-05-22] (PACE Anti-Piracy, Inc.)
S2 Nsynas32; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-10 21:15 - 2014-01-10 21:15 - 00000000 ____D C:\Users\Anna\Desktop\FRST-OlderVersion
2014-01-10 21:13 - 2014-01-10 21:13 - 00002212 _____ C:\Users\Anna\Desktop\JRT.txt
2014-01-10 21:10 - 2014-01-10 21:10 - 01037068 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe
2014-01-10 21:10 - 2014-01-10 21:10 - 00000000 ____D C:\Windows\ERUNT
2014-01-10 21:07 - 2014-01-10 21:07 - 00000981 _____ C:\Users\Anna\Desktop\AdwCleaner[S1].txt
2014-01-10 21:03 - 2014-01-10 21:03 - 01233962 _____ C:\Users\Anna\Desktop\adwcleaner.exe
2014-01-10 15:43 - 2014-01-10 21:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-10 15:43 - 2014-01-10 16:07 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-10 15:41 - 2014-01-10 15:41 - 00000000 ____D C:\Users\Anna\Desktop\mbar-1.07.0.1008
2014-01-10 15:39 - 2014-01-10 16:07 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-10 15:38 - 2014-01-10 15:38 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Anna\Desktop\mbar-1.07.0.1008.exe
2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\Anna\Desktop\mbar
2014-01-10 14:46 - 2014-01-10 14:46 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2014-01-10 14:45 - 2014-01-10 14:45 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-10 14:45 - 2014-01-10 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-10 14:45 - 2014-01-10 14:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-10 14:45 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-10 09:54 - 2014-01-10 09:54 - 00008219 _____ C:\Users\Anna\Desktop\Spybot_Scan Results.140110-0954.txt
2014-01-09 20:30 - 2014-01-09 20:30 - 00000000 ____D C:\Windows\pss
2014-01-09 18:59 - 2014-01-09 18:59 - 00377856 _____ C:\Users\Anna\Desktop\gmer_2.1.19163.exe
2014-01-09 18:41 - 2014-01-10 21:17 - 00015731 _____ C:\Users\Anna\Desktop\Addition.txt
2014-01-09 18:40 - 2014-01-10 21:18 - 00015265 _____ C:\Users\Anna\Desktop\FRST.txt
2014-01-09 18:40 - 2014-01-10 21:15 - 00000000 ____D C:\FRST
2014-01-09 18:39 - 2014-01-10 21:15 - 01066141 _____ (Farbar) C:\Users\Anna\Desktop\FRST.exe
2014-01-09 18:37 - 2014-01-09 18:37 - 00000572 _____ C:\Users\Anna\Desktop\defogger_disable.log
2014-01-09 18:37 - 2014-01-09 18:37 - 00000176 _____ C:\Users\Anna\defogger_reenable
2014-01-09 18:36 - 2014-01-09 18:36 - 00050477 _____ C:\Users\Anna\Desktop\Defogger.exe
2014-01-09 18:35 - 2014-01-09 18:35 - 00050477 _____ C:\Users\Anna\Downloads\Defogger.exe
2013-12-27 18:49 - 2013-12-27 18:50 - 22964496 _____ C:\Users\Anna\Downloads\FullTiltPokerEuSetup.exe
2013-12-27 18:03 - 2013-12-27 18:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-27 18:03 - 2013-12-27 18:03 - 00002125 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-27 18:03 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-12-27 18:02 - 2013-12-27 18:04 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-27 18:01 - 2013-12-27 18:01 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Anna\Downloads\spybot-2.2.25.exe
2013-12-27 17:22 - 2014-01-06 23:27 - 00000000 ____D C:\Users\Anna\Desktop\Martin
2013-12-27 17:06 - 2014-01-10 21:05 - 00000000 ____D C:\AdwCleaner
2013-12-27 17:05 - 2013-12-27 17:05 - 01233962 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-23 15:51 - 2013-12-23 15:52 - 00000000 ____D C:\Users\Anna\Desktop\mama
2013-12-23 15:40 - 2013-12-27 17:31 - 00000000 ____D C:\Users\Anna\AppData\Roaming\MediaMonkey
2013-12-23 15:40 - 2013-12-23 15:40 - 00001007 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Users\Anna\AppData\Local\MediaMonkey
2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\ProgramData\MediaMonkey
2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Program Files\MediaMonkey
2013-12-23 15:39 - 2013-12-23 15:39 - 15069520 _____ (Ventis Media Inc.                                           ) C:\Users\Anna\Downloads\MediaMonkey_4.0.7.1511.exe
2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Users\Anna\AppData\Local\Macroplant,_LLC
2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Program Files\Sharepod
2013-12-23 15:24 - 2013-12-23 15:24 - 05965680 _____ (Macroplant LLC                                              ) C:\Users\Anna\Downloads\Sharepod_4_Setup_4010b.exe
2013-12-23 15:12 - 2013-12-23 15:12 - 00000000 ____D C:\Users\Anna\Desktop\Zumba
2013-12-23 14:42 - 2013-12-23 15:14 - 00000000 ____D C:\Users\Anna\Desktop\Eminem u Charts
2013-12-23 14:28 - 2013-12-23 15:18 - 00000000 ____D C:\Users\Anna\Desktop\iPod Musik
2013-12-23 14:27 - 2013-12-23 14:27 - 00001272 _____ C:\Users\Public\Desktop\SciLor's grooveshark™.com Downloader.lnk
2013-12-23 14:26 - 2014-01-10 21:06 - 00000340 _____ C:\Windows\Tasks\PassShow Update.job
2013-12-23 14:26 - 2014-01-06 23:15 - 00000000 ____D C:\Program Files\SciLor's grooveshark(tm).com Downloader
2013-12-23 14:26 - 2013-12-23 14:26 - 00000000 ____D C:\Program Files\PassShow
2013-12-23 14:25 - 2013-12-23 14:25 - 00923784 _____ (CNET Download.com) C:\Users\Anna\Downloads\cbsidlm-cbsi145-SciLors_Groovesharkcom_Downloader-ORG-75764950.exe
2013-12-23 14:06 - 2013-12-27 16:56 - 00000000 ____D C:\Users\Anna\AppData\Roaming\newnext.me
2013-12-23 14:06 - 2013-12-23 14:28 - 00000000 ____D C:\Users\Anna\AppData\Local\cache
2013-12-23 14:06 - 2013-12-23 14:27 - 00000000 ____D C:\Users\Anna\AppData\Local\genienext
2013-12-23 14:06 - 2013-12-23 14:12 - 00000332 _____ C:\Users\Anna\daemonprocess.txt
2013-12-23 14:06 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\.android
2013-12-23 13:43 - 2013-12-23 13:43 - 00689856 _____ C:\Users\Anna\Downloads\SciLors_Grooveshark(tm)_DownloaderSetup.exe
2013-12-21 19:24 - 2013-12-21 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 08:56 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 08:56 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 08:56 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 08:56 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 08:56 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 08:56 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 08:56 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 08:56 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 08:56 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 08:56 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 08:56 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 08:56 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 08:56 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 08:56 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 08:56 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 08:56 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 08:56 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 08:56 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 08:56 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 08:53 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 08:53 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 08:37 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 08:37 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 08:37 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 08:37 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 08:37 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 08:37 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 08:37 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 08:37 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 08:37 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 08:36 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 08:36 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-10 21:18 - 2014-01-09 18:40 - 00015265 _____ C:\Users\Anna\Desktop\FRST.txt
2014-01-10 21:17 - 2014-01-09 18:41 - 00015731 _____ C:\Users\Anna\Desktop\Addition.txt
2014-01-10 21:15 - 2014-01-10 21:15 - 00000000 ____D C:\Users\Anna\Desktop\FRST-OlderVersion
2014-01-10 21:15 - 2014-01-09 18:40 - 00000000 ____D C:\FRST
2014-01-10 21:15 - 2014-01-09 18:39 - 01066141 _____ (Farbar) C:\Users\Anna\Desktop\FRST.exe
2014-01-10 21:13 - 2014-01-10 21:13 - 00002212 _____ C:\Users\Anna\Desktop\JRT.txt
2014-01-10 21:13 - 2009-07-14 05:34 - 00014960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-10 21:13 - 2009-07-14 05:34 - 00014960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-10 21:12 - 2012-10-16 16:58 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-10 21:10 - 2014-01-10 21:10 - 01037068 _____ (Thisisu) C:\Users\Anna\Desktop\JRT.exe
2014-01-10 21:10 - 2014-01-10 21:10 - 00000000 ____D C:\Windows\ERUNT
2014-01-10 21:09 - 2012-10-16 16:48 - 01552499 _____ C:\Windows\WindowsUpdate.log
2014-01-10 21:07 - 2014-01-10 21:07 - 00000981 _____ C:\Users\Anna\Desktop\AdwCleaner[S1].txt
2014-01-10 21:07 - 2013-06-12 21:30 - 00000000 ___RD C:\Users\Anna\Dropbox
2014-01-10 21:07 - 2013-06-12 21:18 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Dropbox
2014-01-10 21:06 - 2013-12-23 14:26 - 00000340 _____ C:\Windows\Tasks\PassShow Update.job
2014-01-10 21:06 - 2012-10-21 11:35 - 00057810 _____ C:\ProgramData\lxeescan.log
2014-01-10 21:06 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-10 21:06 - 2009-07-14 05:39 - 00075255 _____ C:\Windows\setupact.log
2014-01-10 21:05 - 2013-12-27 17:06 - 00000000 ____D C:\AdwCleaner
2014-01-10 21:03 - 2014-01-10 21:03 - 01233962 _____ C:\Users\Anna\Desktop\adwcleaner.exe
2014-01-10 21:01 - 2014-01-10 15:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-10 21:01 - 2013-06-04 07:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-10 16:07 - 2014-01-10 15:43 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-10 16:07 - 2014-01-10 15:39 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-10 15:41 - 2014-01-10 15:41 - 00000000 ____D C:\Users\Anna\Desktop\mbar-1.07.0.1008
2014-01-10 15:38 - 2014-01-10 15:38 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Anna\Desktop\mbar-1.07.0.1008.exe
2014-01-10 15:38 - 2014-01-10 15:38 - 00000000 ____D C:\Users\Anna\Desktop\mbar
2014-01-10 14:46 - 2014-01-10 14:46 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2014-01-10 14:45 - 2014-01-10 14:45 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-10 14:45 - 2014-01-10 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-10 14:45 - 2014-01-10 14:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-10 09:54 - 2014-01-10 09:54 - 00008219 _____ C:\Users\Anna\Desktop\Spybot_Scan Results.140110-0954.txt
2014-01-09 20:30 - 2014-01-09 20:30 - 00000000 ____D C:\Windows\pss
2014-01-09 18:59 - 2014-01-09 18:59 - 00377856 _____ C:\Users\Anna\Desktop\gmer_2.1.19163.exe
2014-01-09 18:37 - 2014-01-09 18:37 - 00000572 _____ C:\Users\Anna\Desktop\defogger_disable.log
2014-01-09 18:37 - 2014-01-09 18:37 - 00000176 _____ C:\Users\Anna\defogger_reenable
2014-01-09 18:37 - 2012-10-16 16:52 - 00000000 ____D C:\Users\Anna
2014-01-09 18:36 - 2014-01-09 18:36 - 00050477 _____ C:\Users\Anna\Desktop\Defogger.exe
2014-01-09 18:35 - 2014-01-09 18:35 - 00050477 _____ C:\Users\Anna\Downloads\Defogger.exe
2014-01-09 17:55 - 2012-10-21 11:56 - 00000000 ____D C:\ProgramData\Lx_cats
2014-01-09 13:02 - 2013-06-12 21:20 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-06 23:27 - 2013-12-27 17:22 - 00000000 ____D C:\Users\Anna\Desktop\Martin
2014-01-06 23:15 - 2013-12-23 14:26 - 00000000 ____D C:\Program Files\SciLor's grooveshark(tm).com Downloader
2013-12-31 11:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-31 11:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-27 18:50 - 2013-12-27 18:49 - 22964496 _____ C:\Users\Anna\Downloads\FullTiltPokerEuSetup.exe
2013-12-27 18:35 - 2013-12-27 18:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-27 18:04 - 2013-12-27 18:02 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-27 18:03 - 2013-12-27 18:03 - 00002125 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-27 18:01 - 2013-12-27 18:01 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Anna\Downloads\spybot-2.2.25.exe
2013-12-27 17:49 - 2009-07-14 09:56 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-27 17:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-27 17:31 - 2013-12-23 15:40 - 00000000 ____D C:\Users\Anna\AppData\Roaming\MediaMonkey
2013-12-27 17:05 - 2013-12-27 17:05 - 01233962 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-27 16:56 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\AppData\Roaming\newnext.me
2013-12-27 16:55 - 2012-10-16 22:54 - 00013110 _____ C:\Windows\PFRO.log
2013-12-23 15:52 - 2013-12-23 15:51 - 00000000 ____D C:\Users\Anna\Desktop\mama
2013-12-23 15:40 - 2013-12-23 15:40 - 00001007 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Users\Anna\AppData\Local\MediaMonkey
2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\ProgramData\MediaMonkey
2013-12-23 15:40 - 2013-12-23 15:40 - 00000000 ____D C:\Program Files\MediaMonkey
2013-12-23 15:39 - 2013-12-23 15:39 - 15069520 _____ (Ventis Media Inc.                                           ) C:\Users\Anna\Downloads\MediaMonkey_4.0.7.1511.exe
2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Users\Anna\AppData\Local\Macroplant,_LLC
2013-12-23 15:29 - 2013-12-23 15:29 - 00000000 ____D C:\Program Files\Sharepod
2013-12-23 15:24 - 2013-12-23 15:24 - 05965680 _____ (Macroplant LLC                                              ) C:\Users\Anna\Downloads\Sharepod_4_Setup_4010b.exe
2013-12-23 15:18 - 2013-12-23 14:28 - 00000000 ____D C:\Users\Anna\Desktop\iPod Musik
2013-12-23 15:14 - 2013-12-23 14:42 - 00000000 ____D C:\Users\Anna\Desktop\Eminem u Charts
2013-12-23 15:12 - 2013-12-23 15:12 - 00000000 ____D C:\Users\Anna\Desktop\Zumba
2013-12-23 14:28 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\AppData\Local\cache
2013-12-23 14:27 - 2013-12-23 14:27 - 00001272 _____ C:\Users\Public\Desktop\SciLor's grooveshark™.com Downloader.lnk
2013-12-23 14:27 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\AppData\Local\genienext
2013-12-23 14:26 - 2013-12-23 14:26 - 00000000 ____D C:\Program Files\PassShow
2013-12-23 14:25 - 2013-12-23 14:25 - 00923784 _____ (CNET Download.com) C:\Users\Anna\Downloads\cbsidlm-cbsi145-SciLors_Groovesharkcom_Downloader-ORG-75764950.exe
2013-12-23 14:12 - 2013-12-23 14:06 - 00000332 _____ C:\Users\Anna\daemonprocess.txt
2013-12-23 14:10 - 2013-04-30 11:53 - 00001427 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-23 14:06 - 2013-12-23 14:06 - 00000000 ____D C:\Users\Anna\.android
2013-12-23 13:47 - 2013-03-24 17:39 - 00000000 ____D C:\Users\Anna\AppData\Local\Google
2013-12-23 13:43 - 2013-12-23 13:43 - 00689856 _____ C:\Users\Anna\Downloads\SciLors_Grooveshark(tm)_DownloaderSetup.exe
2013-12-23 12:21 - 2012-10-16 16:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 19:25 - 2013-12-21 19:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-17 08:17 - 2013-11-08 16:35 - 00000000 ____D C:\Users\Anna\Desktop\Musik_Management
2013-12-12 17:06 - 2013-01-30 14:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-12 17:06 - 2013-01-30 14:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-12 15:08 - 2009-07-14 05:33 - 00411608 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 08:56 - 2013-01-16 16:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 08:55 - 2013-08-14 08:43 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 08:54 - 2012-10-16 18:16 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\ose00000.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 19:47

==================== End Of Log ============================

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2014
Ran by Anna at 2014-01-10 21:19:03
Running from C:\Users\Anna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (Version: 2.10 - Michael Tippach)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (Version: 4.5.2.4291 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Authentication Manager (Version: 2.0.0.41479 - Citrix Systems, Inc.) Hidden
Citrix Receiver (DV) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash-Umleitung) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Citrix Receiver (Version: 13.1.200.22 - Citrix Systems, Inc.)
Citrix Receiver Inside (Version: 3.2.0.5844 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
DAEMON Tools Lite (Version: 4.46.1.0327 - DT Soft Ltd)
Das Postleitzahlen-Diagramm 3.8 (Version:  - Klaus Wessiepe, Softwareentwicklung und Vertrieb)
Dropbox (Version: 2.4.11 - Dropbox, Inc.)
E-MU Audio Drivers (Version:  - )
E-MU PatchMix DSP (Version:  - )
Falk Navi-Manager (Version: 1.2.172 - Falk Marcopolo Interactive GmbH)
Falk Navi-Manager (Version: 1.2.172 - Falk Marcopolo Interactive GmbH) Hidden
Free DWG Viewer 7.2 (Version: 7.2.0.51 - IGC)
Hama Wireless LAN Adapter (Version: 10.1.0 - Hama)
iCloud (Version: 3.0.2.163 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (Version:  - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Lexmark  (Version: 1.0.0.0 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaMonkey 4.0 (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (Version: 6.2.3 - )
Online Plug-in (Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Parker WinMatch (Version:  - )
PassShow (Version:  - PassShow Software)
Picasa 3 (Version: 3.9 - Google, Inc.)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Reason 5.0 (Version: 5.0 - Propellerhead Software AB)
SciLor's grooveshark™.com Downloader 0.4.12 (Version: 0.4.12 - SciLor)
Self-Service Plug-in (Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Sharepod 4.0.1.0 (Version:  - Macroplant LLC)
Spybot - Search & Destroy (Version: 2.2.25 - Safer-Networking Ltd.)
Steinberg Cubase SX 3 (Version:  - Steinberg Media Technologies GmbH)
Steinberg Cubase SX v3.1.1.944 (Version:  - )
SyncroSoft Emu (Remove only) (Version:  - )
Syncrosofts Lizenz Kontrolle (Version:  - Syncrosoft Hard- Und Software GmbH)
syngo fastView (Version: VX57H31 - Siemens MedSW)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Waves Complete V9r5 (Version: 9.1.1 - Waves)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

08-12-2013 11:19:21 Windows Update
10-12-2013 22:05:58 Windows Update
12-12-2013 07:53:00 Windows Update
16-12-2013 05:53:07 Windows Update
19-12-2013 14:59:43 Windows Update
23-12-2013 13:03:27 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
23-12-2013 15:10:08 Windows Update
27-12-2013 16:06:50 Windows Update
27-12-2013 16:42:17 Windows Modules Installer
27-12-2013 16:47:53 Windows Modules Installer
27-12-2013 22:27:02 Windows Update
31-12-2013 10:19:52 Windows Update
03-01-2014 17:14:33 Windows Update
07-01-2014 16:38:27 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {38ED887B-36D0-49C7-8FE3-7AEB0242673F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {4940BA50-92D9-4F7F-B5B5-8AC123730954} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {73E26DB9-4899-4660-B37B-51278BD16B65} - System32\Tasks\PassShow Update => C:\Program Files\PassShow\PsUP.exe [2013-12-23] ()
Task: {C699C246-8B37-4EC9-85DE-DEE5C3CF15B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {F45101F3-98E1-43C5-BB13-E6454162E4C3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PassShow Update.job => C:\Program Files\PassShow\PsUP.exe

==================== Loaded Modules (whitelisted) =============

2012-08-03 20:53 - 2012-08-03 20:53 - 00062968 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-27 18:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-27 18:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-16 16:43 - 2009-12-10 12:16 - 00918816 _____ () C:\Program Files\Hama\Common\RaWLAPI.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Anna\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-21 19:24 - 2013-12-21 19:24 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-12 17:06 - 2013-12-12 17:06 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Nsynas32
Description: Nsynas32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Nsynas32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Description: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3318.3 MB
Available physical RAM: 1820.15 MB
Total Pagefile: 6632.84 MB
Available Pagefile: 5139.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1881.64 MB

==================== Drives ================================

Drive c: (Volume) (Fixed) (Total:446.23 GB) (Free:277.77 GB) NTFS
Drive e: (TREKSTOR) (Fixed) (Total:149.01 GB) (Free:50.23 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5960FD37)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 0B33A529)
Partition 1: (Active) - (Size=149 GB) - (Type=0B)

==================== End Of Log ============================

FRST brachte dieses Mal einen Fehler:
Aufgrund eines unerwarteten Fehlers können Sie die Datei nicht Kopieren.
Wenn der Fehler weiterhin ausgegeben wird, können Sie mithilfe des Fehlercodes in der Hilfe nach diesem Problem suchen.

Fehler 0x80030002: install.rdf wurde nicht gefunden

install.rdf
Typ: RDF-Datei
Änderungsdatum: 19.12.2013 21:50
Größe: 898 Bytes

Ich konnte nur Abbrechen anklicken.

cosinus · 11.01.2014, 01:35

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

greenhorn23 · 11.01.2014, 14:26

Malwarebytes Anti-Malware :

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.11.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Anna :: ANNA-PC [Administrator]

11.01.2014 11:45:04
MBAM-log-2014-01-11 (11-54-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210701
Laufzeit: 9 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKCR\CLSID\{2d661e5b-7d7a-417c-b5b5-6479017bb314} (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{b8c3b958-ec6a-4d2f-bf2d-c7906acd3da0} (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{88f2ef1e-a38b-44dd-ae7c-57dfa28ba40f} (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1efa552d-e5a6-4610-a9d1-8cd285646842 (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\dhogjnnleghndloamdkljhnhdchpcijl (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\Software\Mozilla\Firefox\Extensions|{57c20073-e24b-4b2a-aa91-70d1ad526cbf} (PUP.Optional.PassShow.A) -> Daten: C:\Program Files\PassShow\150.xpi -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files\PassShow (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
C:\Users\Anna\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Anna\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 16
C:\Program Files\PassShow\150.dll (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
C:\Users\Anna\Downloads\SciLorsGroovesharkcomDownloader.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\Anna\Produkt Key\produkey-x64.zip (PUP.PSWTool.ProductKey) -> Keine Aktion durchgeführt.
C:\Users\Anna\Produkt Key\produkey.zip (PUP.PSWTool.ProductKey) -> Keine Aktion durchgeführt.
C:\Users\Anna\Produkt Key\produkey_setup.exe (PUP.PSWTool.ProductKey) -> Keine Aktion durchgeführt.
C:\Program Files\PassShow\150.crx (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
C:\Program Files\PassShow\01.db (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
C:\Program Files\PassShow\150.dat (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
C:\Program Files\PassShow\150.xpi (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
C:\Program Files\PassShow\PsUP.exe (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
C:\Program Files\PassShow\Sqlite3.dll (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
C:\Program Files\PassShow\Uninstall.exe (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\PassShow Update.job (PUP.Optional.PassShow.A) -> Keine Aktion durchgeführt.
C:\Users\Anna\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Anna\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Anna\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.

(Ende)

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2ef87490f9dd684db22db1d56c1fe1de
# engine=16610
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-11 12:56:53
# local_time=2014-01-11 01:56:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 4600437 26982895 0 0
# scanned=220523
# found=1
# cleaned=0
# scan_time=6850
sh=5C28A2F86BE59B7AD904CF0123313D97D362D899 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJI80YK1\easydriverpro803[1].data"

Gruß

cosinus · 12.01.2014, 17:14

Nur Reste. Hast du die Funde mit Malwarebytes entfernt?

greenhorn23 · 12.01.2014, 19:52

Hallo,

ja habe mit Malwarebytes alles entfernt. Habe es auch gerade nochmal durchlaufen lassen - keine Funde.
Habe auch keine Seiten mehr gehabt, die sich einfach öffnen. Sieht also bei mir ganz gut aus.

cosinus · 13.01.2014, 11:44

TFC - Temp File Cleaner

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

greenhorn23 · 13.01.2014, 19:06

TFC ist erledigt.

Ansonsten habe ich weder Funde noch Probleme. Ich werde die nächsten Tage mal schauen wie es sich jetzt arbeiten lässt. Aber fürs Erste wars das.

Dann kann ich mich nur bedanken für die bombastische Hilfe.
Eine kleine Spende ist auch schon an euch raus gegangen;-).

12.01.2014, 17:14	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..." Nur Reste. Hast du die Funde mit Malwarebytes entfernt? __________________ Logfiles bitte immer in CODE-Tags posten

Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..."

Log-Analyse und Auswertung: Windows 7: Trojaner auf PC "http://onlinewebfind.com/ads-clicktrack..."