MonsterMarketplace.com in Browser

Malwarenervt · 15.10.2013, 16:00

Hallo,

bitte um Anleitung um MonsterMarketplace.com Suche in Browserinhalt zu entfernen.
Danke.

M-K-D-B · 15.10.2013, 16:45

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Malwarenervt · 15.10.2013, 17:42

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by PBG (administrator) on PBG-PC on 15-10-2013 18:31:07
Running from C:\Users\PBG\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Windows Net) C:\Users\PBG\AppData\Roaming\Windows Net Data\net.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
(Spotify Ltd) C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-12-12] (TrueCrypt Foundation)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKCU\...\Run: [Spotify] - C:\Users\PBG\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-15] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gajim.lnk
ShortcutTarget: Gajim.lnk -> C:\Program Files\Gajim\bin\gajim.exe (Gajim Development Team)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\PBG\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE69F21F97EC1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {33FBE12B-0BE0-43B9-839C-DDA2D14D25AF} URL = hxxp://www.google.de
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files\Browser Guard\browserguard.dll (Browser Guard)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CB44DBC-6166-496D-B83D-F8183DC7BE4B}: [NameServer]10.74.83.22 193.254.160.1

FireFox:
========
FF ProfilePath: C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF Homepage: https://www.google.de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1%20%26%26%20url.indexOf('.png')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: QuickFox Notes - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\amin.eft_bmnotes@gmail.com
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
FF Extension: pricealarm - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\netvideohunter@netvideohunter.com
FF Extension: Zotero - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\zotero@chnm.gmu.edu
FF Extension: Flashblock - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: DownloadHelper - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Flash and Video Download - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF Extension: Block site - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF Extension: Bitdefender QuickScan - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Evernote Web Clipper - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF Extension: artur.dubovoy - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: bookmarkdeduplicator - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\bookmarkdeduplicator@foxhatdev.xpi
FF Extension: ck - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\ck@everygain.com.xpi
FF Extension: hidecaptionplus-dp - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF Extension: readable - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\readable@evernote.com.xpi
FF Extension: scrapbookplus - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\scrapbookplus@addons.mozilla.org.xpi
FF Extension: sortplaces - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\sortplaces@andyhalford.com.xpi
FF Extension: tab-width - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\tab-width@design-noir.de.xpi
FF Extension: testpilot - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: translator - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files\Browser Guard\browserguard.xpi
FF Extension: No Name - C:\Program Files\Browser Guard\browserguard.xpi

Chrome: 
=======
CHR HomePage: hxxp://home.sweetim.com/?barid={E4E22DDE-2F80-11E3-BC78-C2E8D5860328}
CHR Extension: () - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (FlashControl) - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.3.14_0
CHR Extension: (Plus-HD-3.8) - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx
CHR StartMenuInternet: Google Chrome - C:\Users\PBG\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-07] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)
R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-14] (DT Soft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
R3 samsung_hspa_datacard_cdc_acm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [68608 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_cdc_ecm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [81920 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_dc_enum; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [62464 2010-01-15] (Samsung)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\PBG\AppData\Local\Temp\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-15 18:30 - 2013-10-15 18:30 - 00000000 ____D C:\FRST
2013-10-15 18:29 - 2013-10-15 18:29 - 01087213 _____ (Farbar) C:\Users\PBG\Desktop\FRST.exe
2013-10-15 00:24 - 2013-10-15 00:24 - 00002090 _____ C:\Users\PBG\.recently-used.xbel
2013-10-07 21:25 - 2013-10-07 21:26 - 00000000 ____D C:\Program Files\Tracker Software
2013-10-07 20:50 - 2013-10-07 20:51 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Local\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\ProgramData\PDFEditor
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-10-07 20:50 - 2013-09-02 19:09 - 00082896 _____ (Wondershare Software) C:\windows\system32\WSMonEditor.dll
2013-10-07 20:49 - 2013-10-07 20:49 - 00000000 ____D C:\Program Files\Wondershare
2013-10-07 20:47 - 2013-10-11 15:02 - 00000000 ____D C:\Program Files\SweetIM
2013-10-07 20:47 - 2013-10-07 20:47 - 00000000 ____D C:\ProgramData\SweetIM
2013-10-07 20:43 - 2013-10-07 21:13 - 00000000 ____D C:\Program Files\Pdf Editor
2013-10-07 20:42 - 2013-10-07 21:13 - 00723294 _____ C:\windows\unins000.exe
2013-10-07 20:42 - 2013-10-07 21:13 - 00680608 _____ C:\windows\unins000.dat
2013-10-07 20:41 - 2013-10-07 20:41 - 00000000 ____D C:\Program Files\AVI to MP4 Converter
2013-10-07 20:30 - 2013-10-07 20:30 - 00000000 ____D C:\Users\PBG\AppData\Local\PDF24
2013-10-07 20:21 - 2013-10-07 20:24 - 00000000 ____D C:\Program Files\PDF24
2013-10-07 19:48 - 2013-10-07 19:48 - 00010464 _____ C:\windows\system32\sx_p2d.tlb
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\soft Xpansion
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Covus Freemium
2013-10-07 19:46 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-07 19:46 - 2013-10-07 19:46 - 00000000 ____D C:\Program Files\Browser Guard
2013-10-07 19:44 - 2013-10-11 10:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Windows Net Data
2013-10-07 19:39 - 2013-10-07 19:39 - 00000000 ____D C:\Users\PBG\AppData\Local\DownloadGuide
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Lunascape
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Program Files\Lunascape
2013-09-23 22:14 - 2013-09-23 22:14 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2013-09-23 22:13 - 2013-09-23 22:13 - 00000000 ____D C:\Users\PBG\AppData\Local\MapleStudio
2013-09-19 02:04 - 2013-09-19 02:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 08:35 - 2013-10-11 17:59 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Gajim
2013-09-17 08:34 - 2013-09-17 08:34 - 00001011 _____ C:\Users\PBG\Desktop\Gajim.lnk
2013-09-17 08:34 - 2013-09-17 08:34 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gajim
2013-09-17 08:33 - 2013-09-17 08:34 - 00000000 ____D C:\Program Files\Gajim

==================== One Month Modified Files and Folders =======

2013-10-15 18:30 - 2013-10-15 18:30 - 00000000 ____D C:\FRST
2013-10-15 18:29 - 2013-10-15 18:29 - 01087213 _____ (Farbar) C:\Users\PBG\Desktop\FRST.exe
2013-10-15 18:29 - 2011-12-10 23:01 - 00000000 ____D C:\Users\PBG\Desktop\Ablage
2013-10-15 18:28 - 2010-03-30 01:13 - 02093075 _____ C:\windows\WindowsUpdate.log
2013-10-15 18:08 - 2012-12-17 23:57 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 17:44 - 2011-12-02 18:00 - 00000079 _____ C:\Users\PBG\Documents\Powers.log
2013-10-15 16:59 - 2013-07-24 18:21 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Spotify
2013-10-15 11:42 - 2011-12-21 19:42 - 00000000 ____D C:\Users\PBG\AppData\Roaming\vlc
2013-10-15 10:39 - 2009-07-14 06:39 - 00153880 _____ C:\windows\setupact.log
2013-10-15 00:36 - 2012-02-09 13:40 - 00000000 ____D C:\Users\PBG\.gimp-2.6
2013-10-15 00:24 - 2013-10-15 00:24 - 00002090 _____ C:\Users\PBG\.recently-used.xbel
2013-10-15 00:24 - 2012-02-09 13:45 - 00000000 ____D C:\Users\PBG\AppData\Roaming\gtk-2.0
2013-10-15 00:24 - 2010-07-14 14:01 - 00000000 ____D C:\Users\PBG
2013-10-12 16:09 - 2009-07-26 22:06 - 01514382 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-12 09:39 - 2011-12-21 19:49 - 00000000 ____D C:\Program Files\No23 Recorder
2013-10-11 18:56 - 2012-08-07 15:54 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Orbit
2013-10-11 17:59 - 2013-09-17 08:35 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Gajim
2013-10-11 15:13 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-11 15:13 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-11 15:05 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-11 15:04 - 2010-04-03 07:54 - 00234420 _____ C:\windows\PFRO.log
2013-10-11 15:04 - 2009-07-14 04:37 - 00000000 ____D C:\windows\schemas
2013-10-11 15:02 - 2013-10-07 20:47 - 00000000 ____D C:\Program Files\SweetIM
2013-10-11 10:52 - 2013-10-07 19:44 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Windows Net Data
2013-10-09 23:08 - 2012-04-17 23:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-10-09 23:08 - 2011-05-23 21:03 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 20:39 - 2012-10-28 13:46 - 00000000 ____D C:\Users\PBG\Desktop\Dokumente
2013-10-07 21:26 - 2013-10-07 21:25 - 00000000 ____D C:\Program Files\Tracker Software
2013-10-07 21:22 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-07 21:13 - 2013-10-07 20:43 - 00000000 ____D C:\Program Files\Pdf Editor
2013-10-07 21:13 - 2013-10-07 20:42 - 00723294 _____ C:\windows\unins000.exe
2013-10-07 21:13 - 2013-10-07 20:42 - 00680608 _____ C:\windows\unins000.dat
2013-10-07 20:51 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Local\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\ProgramData\PDFEditor
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-10-07 20:49 - 2013-10-07 20:49 - 00000000 ____D C:\Program Files\Wondershare
2013-10-07 20:47 - 2013-10-07 20:47 - 00000000 ____D C:\ProgramData\SweetIM
2013-10-07 20:41 - 2013-10-07 20:41 - 00000000 ____D C:\Program Files\AVI to MP4 Converter
2013-10-07 20:30 - 2013-10-07 20:30 - 00000000 ____D C:\Users\PBG\AppData\Local\PDF24
2013-10-07 20:24 - 2013-10-07 20:21 - 00000000 ____D C:\Program Files\PDF24
2013-10-07 20:00 - 2013-07-24 18:21 - 00000000 ____D C:\Users\PBG\AppData\Local\Spotify
2013-10-07 19:48 - 2013-10-07 19:48 - 00010464 _____ C:\windows\system32\sx_p2d.tlb
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\soft Xpansion
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Covus Freemium
2013-10-07 19:47 - 2013-10-07 19:46 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-07 19:46 - 2013-10-07 19:46 - 00000000 ____D C:\Program Files\Browser Guard
2013-10-07 19:39 - 2013-10-07 19:39 - 00000000 ____D C:\Users\PBG\AppData\Local\DownloadGuide
2013-10-06 18:33 - 2012-03-03 02:28 - 00008704 _____ C:\Users\PBG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-03 19:49 - 2012-05-06 10:35 - 00000000 ____D C:\Users\PBG\Desktop\House
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Lunascape
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Program Files\Lunascape
2013-10-01 20:28 - 2012-05-01 18:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-26 15:49 - 2012-02-03 20:16 - 00000000 ____D C:\Users\PBG\AppData\Local\Mozilla
2013-09-23 22:14 - 2013-09-23 22:14 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2013-09-23 22:13 - 2013-09-23 22:13 - 00000000 ____D C:\Users\PBG\AppData\Local\MapleStudio
2013-09-19 02:04 - 2013-09-19 02:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 08:34 - 2013-09-17 08:34 - 00001011 _____ C:\Users\PBG\Desktop\Gajim.lnk
2013-09-17 08:34 - 2013-09-17 08:34 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gajim
2013-09-17 08:34 - 2013-09-17 08:33 - 00000000 ____D C:\Program Files\Gajim

Some content of TEMP:
====================
C:\Users\PBG\AppData\Local\temp\k7mzy7um.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 14:21

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by PBG at 2013-10-15 18:35:33
Running from C:\Users\PBG\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9.5.4 - Deutsch (Version: 9.5.4)
Atheros Client Installation Program (Version: 1.0.1.0805)
Audacity 2.0
Aurora 15.0a2 (x86 en-US) (Version: 15.0a2)
Avira Free Antivirus (Version: 12.0.0.1199)
BatteryLifeExtender (Version: 1.0.1)
Browser Guard
Canon MP640 series MP Drivers
ChargeableUSB (Version: 1.0.0.0)
Combined Community Codec Pack 2012-12-30 (Version: 2012.12.30.0)
CoolNovo (HKCU Version: 2.0.9.20)
DAEMON Tools Lite (Version: 4.46.1.0327)
Easy Display Manager (Version: 3.1)
Easy Resolution Manager (Version: 1.0.0)
Easy SpeedUp Manager (Version: 3.0.0.5)
EasyBatteryManager (Version: 4.0.0.3)
Eraser 6.0.10.2620 (Version: 6.0.2620)
ESET Online Scanner v3
Free Pdf Perfect Prereq (Version: 1.0.0.0)
Free Studio version 5.3.5 (Version: 5.3.5)
Free YouTube to MP3 Converter version 3.12.1.320 (Version: 3.12.1.320)
Freemium Free PDF Perfect (Version: 1.0)
FxPro cTrader (HKCU Version: 1.0.187.14853)
Gajim (Version: 0.15.4)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Talk Plugin (Version: 4.0.3.13724)
GoToMeeting 5.4.0.1083 (HKCU Version: 5.4.0.1083)
GSpot Codec Information Appliance
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Matrix Storage Manager
Internet Explorer (Version: 8)
IrfanView (remove only) (Version: 4.27)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 22 (Version: 6.0.220)
JDownloader 0.9 (Version: 0.9)
JDownloader 2 (Version: 2)
Kill-ID 1.2.4.0 für Chrome (Version: 1.2.5.0)
LAME v3.99.3 (for Windows)
Live Usb Helper 0.0.8 (Version: 0.0.8)
Lunascape6 (All Users) (Version: 6.8.8.26908)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Marvell Miniport Driver (Version: 11.22.3.3)
Maxthon 3 (Version: )
MetaTrader - Alpari UK (Version: 4.00)
MetaTrader 5 - Alpari (Version: 5.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MiPony 2.0.5 (Version: 2.0.5)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
Mp3tag v2.51 (Version: v2.51)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
No23 Recorder (Version: 2.1.0.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 12.02 (Version: 12.02.1578)
Orbit Downloader
PC Inspector File Recovery (Version: 4.0)
Pdf Editor
PDF24 Creator 5.7.0
PDF-Viewer (Version: 2.5.211.0)
Personal Backup 5.3 (Version: 5.3)
Photo Notifier and Animation Creator (Version: 1.0.0.1009)
Realtek High Definition Audio Driver (Version: 6.0.1.6003)
REALTEK Wireless LAN Software (Version: 1.01.0088)
Recuva (Version: 1.41)
Samsung HSPA DataCard 4.3.29.7814 (Version: 4.3.29.7814)
Samsung Mobile phone USB driver Drive Software
Samsung PC Studio 3 (Version: 3.0.0.80502)
Samsung PC Studio 3 (Version: 3.2.2.80502)
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center (Version: 1.0.21)
Samsung Update Plus (Version: 2.0)
Security Task Manager 1.8d (Version: 1.8d)
Skype™ 6.3 (Version: 6.3.105)
Smart Data Recovery v4.4 (Version: 4.4)
Software Informer 1.2 RC
Spotify (HKCU Version: 0.9.4.185.g7545a404)
StreamTransport version: 1.0.2.2171
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (Version: v2011.build.49)
SUPERAntiSpyware (Version: 5.0.1148)
SweetIM for Messenger 3.6 (Version: 3.6.0002)
SweetIM Toolbar for Internet Explorer 4.2 (Version: 4.2.0004)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
TreeSize Free V2.6 (Version: 2.6)
TrueCrypt (Version: 7.1)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
VLC media player 2.0.1 (Version: 2.0.1)
Web Stream Recorder (Version: 2012)
WIDCOMM Bluetooth Software (Version: 6.2.1.800)
WinCDEmu (Version: 3.6)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Utils
WinRAR 4.01 (32-Bit) (Version: 4.01.0)
WinZip 15.0 (Version: 15.0.9411)
Wondershare PDF Editor(Build 3.2.1) (Version: 3.2.1.4)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2012-05-07 22:33 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {007CDB13-9A85-4C91-9D9C-46B0323475C5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {07054065-D5E7-43A1-980B-029B5E0A1E6E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {170A8CC5-0D5A-40FA-A939-88987135FB59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23] (Google Inc.)
Task: {2040EE57-16FB-4B7D-BE4C-A52C582B6CFA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {2FB03B01-9A50-432D-B2F6-A6ABF3CE72D6} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {35B53D74-7BD0-415F-8788-228A07E1798D} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {3858A9F6-E3E9-4E1F-A053-4C7247FC5E27} - System32\Tasks\{1F4A8F47-3B7B-4820-974E-10DEFB463717} => C:\Program Files\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {4B135B37-96FB-4315-B22F-E2306D9C2033} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {5867E881-21CB-46DE-8849-D8D46C1F1671} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {61D93823-470D-4A98-ABAF-181F276A233A} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {7A4B8E2C-7DF7-4320-AAFA-CE940C32ABF9} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {B817FC75-95FE-474D-BFD7-40D7C916B103} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23] (Google Inc.)
Task: {C5C921F7-6EA0-46C1-9D95-39C631431BBA} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {D7B15C67-888D-401F-9E30-5841FED2A709} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-12-21] (Samsung Electronics Co., Ltd.)
Task: {DA267BBB-D73E-49E1-8CFC-8D074AADF88E} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\mxup.exe [2013-03-28] (Maxthon International ltd.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core.job => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA.job => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-16 23:46 - 2011-05-28 23:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2010-03-29 09:44 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2012-01-03 23:52 - 2012-01-03 23:52 - 07581696 _____ () c:\program files\adobe\reader 9.0\reader\rdlang32.deu
2009-02-27 17:40 - 2009-02-27 17:40 - 01712128 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
2009-02-27 13:52 - 2009-02-27 13:52 - 00258048 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
2009-10-03 02:45 - 2009-10-03 02:45 - 00012288 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU
2009-10-03 02:48 - 2009-10-03 02:48 - 00106496 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU
2013-09-19 02:04 - 2013-09-19 02:04 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-09 23:08 - 2013-10-09 23:08 - 16233864 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2013 08:16:31 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 24.0.0.5001 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1f60

Startzeit: 01cec851d88b933d

Endzeit: 1078

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: b6a5d9fc-34fc-11e3-85d3-d1f3a87f0337

Error: (10/13/2013 00:48:11 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd29f
Name des fehlerhaften Moduls: xul.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fd1a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b72a8
ID des fehlerhaften Prozesses: 0x1728
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (10/12/2013 05:20:59 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16618 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13e8

Startzeit: 01cec75dba953886

Endzeit: 100

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (10/11/2013 06:56:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: orbitdm.exe, Version: 4.1.1.1, Zeitstempel: 0x4ffd4d51
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059da1
ID des fehlerhaften Prozesses: 0x880
Startzeit der fehlerhaften Anwendung: 0xorbitdm.exe0
Pfad der fehlerhaften Anwendung: orbitdm.exe1
Pfad des fehlerhaften Moduls: orbitdm.exe2
Berichtskennung: orbitdm.exe3

Error: (10/11/2013 06:12:52 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16618 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 554

Startzeit: 01cec69c3402c7a4

Endzeit: 58

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (10/11/2013 02:30:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/11/2013 02:30:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/11/2013 02:28:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/11/2013 02:27:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/11/2013 02:25:46 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (10/13/2013 10:16:07 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.

Error: (10/12/2013 04:05:31 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (10/12/2013 04:05:30 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (10/12/2013 04:05:30 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (10/12/2013 04:05:29 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (10/12/2013 04:05:29 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (10/12/2013 04:04:17 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.

Error: (10/12/2013 04:04:16 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.

Error: (10/12/2013 04:04:16 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.

Error: (10/12/2013 04:04:15 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.


Microsoft Office Sessions:
=========================
Error: (10/14/2013 08:16:31 PM) (Source: Application Hang)(User: )
Description: firefox.exe24.0.0.50011f6001cec851d88b933d1078C:\Program Files\Mozilla Firefox\firefox.exeb6a5d9fc-34fc-11e3-85d3-d1f3a87f0337

Error: (10/13/2013 00:48:11 AM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001522fd29fxul.dll24.0.0.5001522fd1a4c0000005001b72a8172801cec78e2dca40eeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll5e2418f6-3390-11e3-85d3-d1f3a87f0337

Error: (10/12/2013 05:20:59 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1661813e801cec75dba953886100C:\Program Files\Internet Explorer\iexplore.exe

Error: (10/11/2013 06:56:22 PM) (Source: Application Error)(User: )
Description: orbitdm.exe4.1.1.14ffd4d51ntdll.dll6.1.7601.177254ec49b60c000000500059da188001cec6a2caecef38C:\Program Files\Orbitdownloader\orbitdm.exeC:\windows\SYSTEM32\ntdll.dll0e031d8b-3296-11e3-85d3-d1f3a87f0337

Error: (10/11/2013 06:12:52 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1661855401cec69c3402c7a458C:\Program Files\Internet Explorer\iexplore.exe

Error: (10/11/2013 02:30:45 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest

Error: (10/11/2013 02:30:41 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe

Error: (10/11/2013 02:28:22 PM) (Source: SideBySide)(User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files\windows live\messenger\wlcsdk.exe

Error: (10/11/2013 02:27:55 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\WinCDEmu\vmnt64.exe

Error: (10/11/2013 02:25:46 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\metatrader 5 - alpari\metatester64.exe


==================== Memory info =========================== 

Percentage of memory in use: 73%
Total physical RAM: 2037.27 MB
Available physical RAM: 533.59 MB
Total Pagefile: 4074.54 MB
Available Pagefile: 2035.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:1.22 GB) NTFS
Drive d: () (Fixed) (Total:159.19 GB) (Free:11.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: ECF7FF98)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=159 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 15.10.2013, 18:16

Servus,

da haste dir ja jede Menge eingefangen.

Dann wollen wir mal beginnen...

Schritt 1
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Bitte poste mit deiner nächsten Antwort

die Logdatei von ComboFix,
die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von MBAM.

Malwarenervt · 16.10.2013, 16:28

Code:

ATTFilter

ComboFix 13-10-15.02 - PBG 16.10.2013  13:16:39.2.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.2037.1329 [GMT 2:00]
ausgeführt von:: c:\users\PBG\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-16 bis 2013-10-16  ))))))))))))))))))))))))))))))
.
.
2013-10-16 11:33 . 2013-10-16 11:33	--------	d-----w-	c:\users\PBG\AppData\Local\temp
2013-10-16 11:33 . 2013-10-16 11:33	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-10-16 11:33 . 2013-10-16 11:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-15 16:30 . 2013-10-15 16:30	--------	d-----w-	C:\FRST
2013-10-07 19:25 . 2013-10-07 19:26	--------	d-----w-	c:\program files\Tracker Software
2013-10-07 18:50 . 2013-09-02 17:09	82896	----a-w-	c:\windows\system32\WSMonEditor.dll
2013-10-07 18:50 . 2013-10-07 18:50	--------	d-----w-	c:\users\PBG\AppData\Local\Wondershare
2013-10-07 18:50 . 2013-10-07 18:50	--------	d-----w-	c:\program files\Common Files\Wondershare
2013-10-07 18:50 . 2013-10-07 18:50	--------	d-----w-	c:\programdata\PDFEditor
2013-10-07 18:50 . 2013-10-07 18:51	--------	d-----w-	c:\users\PBG\AppData\Roaming\Wondershare
2013-10-07 18:49 . 2013-10-07 18:49	--------	d-----w-	c:\program files\Wondershare
2013-10-07 18:47 . 2013-10-11 13:02	--------	d-----w-	c:\program files\SweetIM
2013-10-07 18:47 . 2013-10-07 18:47	--------	d-----w-	c:\programdata\SweetIM
2013-10-07 18:43 . 2013-10-07 19:13	--------	d-----w-	c:\program files\Pdf Editor
2013-10-07 18:42 . 2013-10-07 19:13	723294	----a-w-	c:\windows\unins000.exe
2013-10-07 18:41 . 2013-10-07 18:41	--------	d-----w-	c:\program files\AVI to MP4 Converter
2013-10-07 18:30 . 2013-10-07 18:30	--------	d-----w-	c:\users\PBG\AppData\Local\PDF24
2013-10-07 18:21 . 2013-10-07 18:24	--------	d-----w-	c:\program files\PDF24
2013-10-07 17:48 . 2013-10-07 17:48	--------	d-----w-	c:\program files\Common Files\soft Xpansion
2013-10-07 17:48 . 2013-10-07 17:48	286568	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\sx_p8_pro7_p.dll
2013-10-07 17:48 . 2013-10-07 17:48	--------	d-----w-	c:\program files\Common Files\Freemium
2013-10-07 17:47 . 2013-10-07 17:47	--------	d-----w-	c:\programdata\Freemium
2013-10-07 17:47 . 2013-10-07 17:47	--------	d-----w-	c:\program files\Freemium
2013-10-07 17:47 . 2013-10-07 17:47	--------	d-----w-	c:\program files\Covus Freemium
2013-10-07 17:46 . 2013-10-07 17:46	--------	d-----w-	c:\program files\Browser Guard
2013-10-07 17:46 . 2013-10-07 17:47	--------	d-----w-	c:\programdata\Package Cache
2013-10-07 17:44 . 2013-10-11 08:52	--------	d-----w-	c:\users\PBG\AppData\Roaming\Windows Net Data
2013-10-07 17:39 . 2013-10-07 17:39	--------	d-----w-	c:\users\PBG\AppData\Local\DownloadGuide
2013-10-01 18:52 . 2013-10-01 18:52	--------	d-----w-	c:\users\PBG\AppData\Roaming\Lunascape
2013-10-01 18:52 . 2013-10-01 18:52	--------	d-----w-	c:\program files\Lunascape
2013-09-23 20:13 . 2013-09-23 20:13	--------	d-----w-	c:\users\PBG\AppData\Local\MapleStudio
2013-09-17 06:35 . 2013-10-11 15:59	--------	d-----w-	c:\users\PBG\AppData\Roaming\Gajim
2013-09-17 06:33 . 2013-09-17 06:34	--------	d-----w-	c:\program files\Gajim
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 21:08 . 2012-04-17 21:18	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-10-09 21:08 . 2011-05-23 19:03	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-01-19 11:34 . 2011-01-19 11:34	3003392	----a-w-	c:\program files\openofficeorg33.msi
2006-05-03 11:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 12:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 14:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
2010-01-06 23:00	107520	--sha-r-	c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{02a0d829-4393-46fc-a37e-126263035883}]
2013-08-27 11:40	196096	----a-w-	c:\program files\Browser Guard\browserguard.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2011-12-12 1517520]
"Spotify"="c:\users\PBG\AppData\Roaming\Spotify\Spotify.exe" [2013-10-15 4752384]
"Spotify Web Helper"="c:\users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-15 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-14 8120864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-07-22 162856]
.
c:\users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Gajim.lnk - c:\program files\Gajim\bin\gajim.exe [2013-7-18 1015808]
net.lnk - c:\users\PBG\AppData\Roaming\Windows Net Data\net.exe [2013-10-7 709120]
Persbackup.lnk - c:\program files\Personal Backup 5\Persbackup.exe /auto [2012-6-4 4068864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-12-14 17:36	8120864	------w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"MobileConnect"=c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
.
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
R4 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-13 242240]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 117584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 samsung_hspa_datacard_cdc_acm;Samsung HSPA DataCard CDC-ACM driver;c:\windows\system32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [2010-01-15 68608]
S3 samsung_hspa_datacard_cdc_ecm;samsung_hspa_datacard_cdc_ecm;c:\windows\system32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [2010-01-15 81920]
S3 samsung_hspa_datacard_dc_enum;Samsung HSPA DataCard DC Enumerator;c:\windows\system32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [2010-01-15 62464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 21:08]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core.job
- c:\users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 09:50]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA.job
- c:\users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 09:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to MP3 Converter - c:\users\PBG\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Mit Mipony herunterladen - file://c:\program files\MiPony\Browser\IEContext.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6CB44DBC-6166-496D-B83D-F8183DC7BE4B}: NameServer = 10.74.83.22 193.254.160.1
FF - ProfilePath - c:\users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-08-27 13:37; {20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}; c:\program files\Browser Guard\browserguard.xpi
FF - ExtSQL: 2013-09-02 23:32; hidecaptionplus-dp@dummy.addons.mozilla.org; c:\users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi
FF - ExtSQL: 2013-09-02 23:41; {D9A7CBEC-DE1A-444f-A092-844461596C4D}; c:\users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF - ExtSQL: 2013-10-07 19:47; EFGLQA@78ETGYN-0W7FN789T87.COM; c:\users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Free Studio_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Samsung Mobile phone USB driver Drive - c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
AddRemove-Software Informer_is1 - c:\program files\Software Informer\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(10540)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
Zeit der Fertigstellung: 2013-10-16  15:48:32
ComboFix-quarantined-files.txt  2013-10-16 13:48
ComboFix2.txt  2012-05-07 20:39
.
Vor Suchlauf: 1.499.840.512 Bytes frei
Nach Suchlauf: 2.319.622.144 Bytes frei
.
- - End Of File - - C4B5E8EA714C9CEA4F34D0EB1AA16A98
DDC4773EEF68EF7FAC87CF9235395CAB

Code:

ATTFilter

# AdwCleaner v3.007 - Bericht erstellt am 16/10/2013 um 16:39:23
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzername : PBG - PBG-PC
# Gestartet von : C:\Users\PBG\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Users\PBG\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\PBG\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\jetpack
Datei Gelöscht : C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gelöscht : C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\searchplugins\SweetIm.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_samsung-kies_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_samsung-kies_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsFan
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16618

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.backgroundjs", "\n\n/*****************************************************************************[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/2a71b3b28494cf1854d333288ccc18ba_DE.value", "%22var%20cat_2a71b3b28494cf1854d3332[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/3518e1eac042730aa1274618984462b3_DE.value", "%22var%20cat_3518e1eac042730aa127461[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_DE.value", "%22var%20cat_d5baae4ef839769f8eb7e9f[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.js", "\n\n  /************************************************************************************\[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_13.name", "CrossriderAppUtils");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_14.name", "CrossriderUtils");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_78.name", "CrossriderInfo");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "141941604b8a5ca4eaf1e15ca012c315");
Zeile gelöscht : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta", 0);
Zeile gelöscht : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta_nomax", 0);
Zeile gelöscht : user_pref("integratedgmail-expanded-inbox", true);
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "SweetIM Search");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "SweetIM Search");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://home.sweetim.com");
Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

-\\ Google Chrome v

[ Datei : C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [17637 octets] - [16/10/2013 16:36:18]
AdwCleaner[S0].txt - [17550 octets] - [16/10/2013 16:39:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17611 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Starter x86
Ran by PBG on 16.10.2013 at 16:56:20,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-67750739-3866145124-1799724527-1003\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322902230}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366906630}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFanUpdater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFanUpdater_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\orbitdownloader"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
Successfully deleted the following from C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\prefs.js

user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/833447eaff04548ccb80787286a7cad9_DE.value", "%22var%20ca
user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta", 0);
user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta_nomax", 0);
Emptied folder: C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\minidumps [29 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.10.2013 at 17:03:01,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.16.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
PBG :: PBG-PC [Administrator]

16.10.2013 17:12:24
mbam-log-2013-10-16 (17-12-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206043
Laufzeit: 15 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

M-K-D-B · 16.10.2013, 16:36

Servus,

sieht gut aus.

Wir spüren die letzten Reste auf, damit wir sie später entfernen können:

Schritt 1
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*Crossrider*
*LyricsFan*
*sweetim*
*orbitdownloader*

:folderfind
*Crossrider*
*LyricsFan*
*sweetim*
*orbitdownloader*

:regfind
Crossrider
LyricsFan
sweetim
orbitdownloader

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Gibt es noch Probleme mit MonsterMarketplace.com im Browser? Wenn ja, welche und in welchem Browser?
Wie läuft der Rechner derzeit?

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von FRST,
die Logdatei von SystemLook,
die Beantwortung der gestellten Fragen.

Malwarenervt · 16.10.2013, 17:50

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by PBG (administrator) on PBG-PC on 16-10-2013 18:13:47
Running from C:\Users\PBG\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Spotify Ltd) C:\Users\PBG\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Gajim Development Team) C:\Program Files\Gajim\bin\gajim.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
() C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-12-12] (TrueCrypt Foundation)
HKCU\...\Run: [Spotify] - C:\Users\PBG\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-15] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gajim.lnk
ShortcutTarget: Gajim.lnk -> C:\Program Files\Gajim\bin\gajim.exe (Gajim Development Team)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE69F21F97EC1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {33FBE12B-0BE0-43B9-839C-DDA2D14D25AF} URL = hxxp://www.google.de
BHO: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files\Browser Guard\browserguard.dll (Browser Guard)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CB44DBC-6166-496D-B83D-F8183DC7BE4B}: [NameServer]10.74.83.22 193.254.160.1

FireFox:
========
FF ProfilePath: C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF Homepage: https://www.google.de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1%20%26%26%20url.indexOf('.png')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: QuickFox Notes - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\amin.eft_bmnotes@gmail.com
FF Extension: pricealarm - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\netvideohunter@netvideohunter.com
FF Extension: Zotero - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\zotero@chnm.gmu.edu
FF Extension: Flashblock - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: DownloadHelper - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Flash and Video Download - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF Extension: Block site - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF Extension: Bitdefender QuickScan - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Evernote Web Clipper - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF Extension: artur.dubovoy - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: bookmarkdeduplicator - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\bookmarkdeduplicator@foxhatdev.xpi
FF Extension: ck - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\ck@everygain.com.xpi
FF Extension: hidecaptionplus-dp - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF Extension: readable - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\readable@evernote.com.xpi
FF Extension: scrapbookplus - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\scrapbookplus@addons.mozilla.org.xpi
FF Extension: sortplaces - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\sortplaces@andyhalford.com.xpi
FF Extension: tab-width - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\tab-width@design-noir.de.xpi
FF Extension: testpilot - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: translator - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files\Browser Guard\browserguard.xpi
FF Extension: No Name - C:\Program Files\Browser Guard\browserguard.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: () - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (FlashControl) - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.3.14_0
CHR Extension: (Plus-HD-3.8) - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx
CHR StartMenuInternet: Google Chrome - C:\Users\PBG\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-07] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)
R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-14] (DT Soft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
R3 samsung_hspa_datacard_cdc_acm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [68608 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_cdc_ecm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [81920 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_dc_enum; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [62464 2010-01-15] (Samsung)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\PBG\AppData\Local\Temp\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-16 17:03 - 2013-10-16 17:03 - 00002838 _____ C:\Users\PBG\Desktop\JRT.txt
2013-10-16 16:55 - 2013-10-16 16:55 - 01033335 _____ (Thisisu) C:\Users\PBG\Desktop\JRT.exe
2013-10-16 16:48 - 2013-10-16 16:48 - 00017692 _____ C:\Users\PBG\Desktop\AdwCleaner[S0].txt
2013-10-16 16:36 - 2013-10-16 16:39 - 00000000 ____D C:\AdwCleaner
2013-10-16 16:35 - 2013-10-16 16:35 - 01048960 _____ C:\Users\PBG\Desktop\adwcleaner.exe
2013-10-16 15:48 - 2013-10-16 15:48 - 00015506 _____ C:\ComboFix.txt
2013-10-16 12:56 - 2013-10-16 12:56 - 05133109 ____R (Swearware) C:\Users\PBG\Desktop\ComboFix.exe
2013-10-15 18:35 - 2013-10-15 18:36 - 00022969 _____ C:\Users\PBG\Desktop\Addition.txt
2013-10-15 18:30 - 2013-10-15 18:30 - 00000000 ____D C:\FRST
2013-10-15 18:29 - 2013-10-15 18:29 - 01087213 _____ (Farbar) C:\Users\PBG\Desktop\FRST.exe
2013-10-15 00:24 - 2013-10-15 00:24 - 00002090 _____ C:\Users\PBG\.recently-used.xbel
2013-10-07 21:25 - 2013-10-07 21:26 - 00000000 ____D C:\Program Files\Tracker Software
2013-10-07 20:50 - 2013-10-07 20:51 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Local\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\ProgramData\PDFEditor
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-10-07 20:50 - 2013-09-02 19:09 - 00082896 _____ (Wondershare Software) C:\windows\system32\WSMonEditor.dll
2013-10-07 20:49 - 2013-10-07 20:49 - 00000000 ____D C:\Program Files\Wondershare
2013-10-07 20:43 - 2013-10-07 21:13 - 00000000 ____D C:\Program Files\Pdf Editor
2013-10-07 20:42 - 2013-10-07 21:13 - 00723294 _____ C:\windows\unins000.exe
2013-10-07 20:42 - 2013-10-07 21:13 - 00680608 _____ C:\windows\unins000.dat
2013-10-07 20:41 - 2013-10-07 20:41 - 00000000 ____D C:\Program Files\AVI to MP4 Converter
2013-10-07 20:30 - 2013-10-07 20:30 - 00000000 ____D C:\Users\PBG\AppData\Local\PDF24
2013-10-07 20:21 - 2013-10-07 20:24 - 00000000 ____D C:\Program Files\PDF24
2013-10-07 19:48 - 2013-10-07 19:48 - 00010464 _____ C:\windows\system32\sx_p2d.tlb
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\soft Xpansion
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Covus Freemium
2013-10-07 19:46 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-07 19:46 - 2013-10-07 19:46 - 00000000 ____D C:\Program Files\Browser Guard
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Lunascape
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Program Files\Lunascape
2013-09-23 22:14 - 2013-09-23 22:14 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2013-09-23 22:13 - 2013-09-23 22:13 - 00000000 ____D C:\Users\PBG\AppData\Local\MapleStudio
2013-09-19 02:04 - 2013-09-19 02:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 08:35 - 2013-10-16 17:20 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Gajim
2013-09-17 08:34 - 2013-09-17 08:34 - 00001011 _____ C:\Users\PBG\Desktop\Gajim.lnk
2013-09-17 08:34 - 2013-09-17 08:34 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gajim
2013-09-17 08:33 - 2013-09-17 08:34 - 00000000 ____D C:\Program Files\Gajim

==================== One Month Modified Files and Folders =======

2013-10-16 18:08 - 2012-12-17 23:57 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-16 17:34 - 2013-07-24 18:21 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Spotify
2013-10-16 17:20 - 2013-09-17 08:35 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Gajim
2013-10-16 17:03 - 2013-10-16 17:03 - 00002838 _____ C:\Users\PBG\Desktop\JRT.txt
2013-10-16 16:55 - 2013-10-16 16:55 - 01033335 _____ (Thisisu) C:\Users\PBG\Desktop\JRT.exe
2013-10-16 16:53 - 2010-03-30 01:13 - 01103419 _____ C:\windows\WindowsUpdate.log
2013-10-16 16:52 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-16 16:52 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-16 16:48 - 2013-10-16 16:48 - 00017692 _____ C:\Users\PBG\Desktop\AdwCleaner[S0].txt
2013-10-16 16:48 - 2009-07-26 22:06 - 01514382 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-16 16:46 - 2013-07-24 18:21 - 00000000 ____D C:\Users\PBG\AppData\Local\Spotify
2013-10-16 16:43 - 2010-04-03 07:54 - 00234972 _____ C:\windows\PFRO.log
2013-10-16 16:43 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-16 16:43 - 2009-07-14 06:39 - 00154048 _____ C:\windows\setupact.log
2013-10-16 16:39 - 2013-10-16 16:36 - 00000000 ____D C:\AdwCleaner
2013-10-16 16:35 - 2013-10-16 16:35 - 01048960 _____ C:\Users\PBG\Desktop\adwcleaner.exe
2013-10-16 15:48 - 2013-10-16 15:48 - 00015506 _____ C:\ComboFix.txt
2013-10-16 15:48 - 2012-05-08 23:53 - 00000000 ____D C:\Users\1
2013-10-16 15:48 - 2012-05-07 22:13 - 00000000 ____D C:\Qoobox
2013-10-16 13:33 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-10-16 12:56 - 2013-10-16 12:56 - 05133109 ____R (Swearware) C:\Users\PBG\Desktop\ComboFix.exe
2013-10-16 12:56 - 2011-12-10 23:01 - 00000000 ____D C:\Users\PBG\Desktop\Ablage
2013-10-16 09:51 - 2011-12-21 19:42 - 00000000 ____D C:\Users\PBG\AppData\Roaming\vlc
2013-10-15 18:36 - 2013-10-15 18:35 - 00022969 _____ C:\Users\PBG\Desktop\Addition.txt
2013-10-15 18:30 - 2013-10-15 18:30 - 00000000 ____D C:\FRST
2013-10-15 18:29 - 2013-10-15 18:29 - 01087213 _____ (Farbar) C:\Users\PBG\Desktop\FRST.exe
2013-10-15 17:44 - 2011-12-02 18:00 - 00000079 _____ C:\Users\PBG\Documents\Powers.log
2013-10-15 00:36 - 2012-02-09 13:40 - 00000000 ____D C:\Users\PBG\.gimp-2.6
2013-10-15 00:24 - 2013-10-15 00:24 - 00002090 _____ C:\Users\PBG\.recently-used.xbel
2013-10-15 00:24 - 2012-02-09 13:45 - 00000000 ____D C:\Users\PBG\AppData\Roaming\gtk-2.0
2013-10-15 00:24 - 2010-07-14 14:01 - 00000000 ____D C:\Users\PBG
2013-10-12 09:39 - 2011-12-21 19:49 - 00000000 ____D C:\Program Files\No23 Recorder
2013-10-11 18:56 - 2012-08-07 15:54 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Orbit
2013-10-11 15:04 - 2009-07-14 04:37 - 00000000 ____D C:\windows\schemas
2013-10-09 23:08 - 2012-04-17 23:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-10-09 23:08 - 2011-05-23 21:03 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 20:39 - 2012-10-28 13:46 - 00000000 ____D C:\Users\PBG\Desktop\Dokumente
2013-10-07 21:26 - 2013-10-07 21:25 - 00000000 ____D C:\Program Files\Tracker Software
2013-10-07 21:22 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-07 21:13 - 2013-10-07 20:43 - 00000000 ____D C:\Program Files\Pdf Editor
2013-10-07 21:13 - 2013-10-07 20:42 - 00723294 _____ C:\windows\unins000.exe
2013-10-07 21:13 - 2013-10-07 20:42 - 00680608 _____ C:\windows\unins000.dat
2013-10-07 20:51 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Local\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\ProgramData\PDFEditor
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-10-07 20:49 - 2013-10-07 20:49 - 00000000 ____D C:\Program Files\Wondershare
2013-10-07 20:41 - 2013-10-07 20:41 - 00000000 ____D C:\Program Files\AVI to MP4 Converter
2013-10-07 20:30 - 2013-10-07 20:30 - 00000000 ____D C:\Users\PBG\AppData\Local\PDF24
2013-10-07 20:24 - 2013-10-07 20:21 - 00000000 ____D C:\Program Files\PDF24
2013-10-07 19:48 - 2013-10-07 19:48 - 00010464 _____ C:\windows\system32\sx_p2d.tlb
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\soft Xpansion
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Covus Freemium
2013-10-07 19:47 - 2013-10-07 19:46 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-07 19:46 - 2013-10-07 19:46 - 00000000 ____D C:\Program Files\Browser Guard
2013-10-06 18:33 - 2012-03-03 02:28 - 00008704 _____ C:\Users\PBG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-03 19:49 - 2012-05-06 10:35 - 00000000 ____D C:\Users\PBG\Desktop\House
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Lunascape
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Program Files\Lunascape
2013-10-01 20:28 - 2012-05-01 18:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-26 15:49 - 2012-02-03 20:16 - 00000000 ____D C:\Users\PBG\AppData\Local\Mozilla
2013-09-23 22:14 - 2013-09-23 22:14 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2013-09-23 22:13 - 2013-09-23 22:13 - 00000000 ____D C:\Users\PBG\AppData\Local\MapleStudio
2013-09-19 02:04 - 2013-09-19 02:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 08:34 - 2013-09-17 08:34 - 00001011 _____ C:\Users\PBG\Desktop\Gajim.lnk
2013-09-17 08:34 - 2013-09-17 08:34 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gajim
2013-09-17 08:34 - 2013-09-17 08:33 - 00000000 ____D C:\Program Files\Gajim

Some content of TEMP:
====================
C:\Users\PBG\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 14:21

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by PBG at 2013-10-16 18:15:30
Running from C:\Users\PBG\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9.5.4 - Deutsch (Version: 9.5.4)
Atheros Client Installation Program (Version: 1.0.1.0805)
Audacity 2.0
Aurora 15.0a2 (x86 en-US) (Version: 15.0a2)
Avira Free Antivirus (Version: 12.0.0.1199)
BatteryLifeExtender (Version: 1.0.1)
Browser Guard
Canon MP640 series MP Drivers
ChargeableUSB (Version: 1.0.0.0)
Combined Community Codec Pack 2012-12-30 (Version: 2012.12.30.0)
CoolNovo (HKCU Version: 2.0.9.20)
DAEMON Tools Lite (Version: 4.46.1.0327)
Easy Display Manager (Version: 3.1)
Easy Resolution Manager (Version: 1.0.0)
Easy SpeedUp Manager (Version: 3.0.0.5)
EasyBatteryManager (Version: 4.0.0.3)
Eraser 6.0.10.2620 (Version: 6.0.2620)
ESET Online Scanner v3
Free Pdf Perfect Prereq (Version: 1.0.0.0)
Free YouTube to MP3 Converter version 3.12.1.320 (Version: 3.12.1.320)
Freemium Free PDF Perfect (Version: 1.0)
FxPro cTrader (HKCU Version: 1.0.187.14853)
Gajim (Version: 0.15.4)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Talk Plugin (Version: 4.0.3.13724)
GoToMeeting 5.4.0.1083 (HKCU Version: 5.4.0.1083)
GSpot Codec Information Appliance
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Matrix Storage Manager
Internet Explorer (Version: 8)
IrfanView (remove only) (Version: 4.27)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 22 (Version: 6.0.220)
JDownloader 0.9 (Version: 0.9)
JDownloader 2 (Version: 2)
Kill-ID 1.2.4.0 für Chrome (Version: 1.2.5.0)
LAME v3.99.3 (for Windows)
Live Usb Helper 0.0.8 (Version: 0.0.8)
Lunascape6 (All Users) (Version: 6.8.8.26908)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Marvell Miniport Driver (Version: 11.22.3.3)
Maxthon 3 (Version: )
MetaTrader - Alpari UK (Version: 4.00)
MetaTrader 5 - Alpari (Version: 5.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MiPony 2.0.5 (Version: 2.0.5)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
Mp3tag v2.51 (Version: v2.51)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
No23 Recorder (Version: 2.1.0.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 12.02 (Version: 12.02.1578)
Orbit Downloader
PC Inspector File Recovery (Version: 4.0)
Pdf Editor
PDF24 Creator 5.7.0
PDF-Viewer (Version: 2.5.211.0)
Personal Backup 5.3 (Version: 5.3)
Photo Notifier and Animation Creator (Version: 1.0.0.1009)
Realtek High Definition Audio Driver (Version: 6.0.1.6003)
REALTEK Wireless LAN Software (Version: 1.01.0088)
Recuva (Version: 1.41)
Samsung HSPA DataCard 4.3.29.7814 (Version: 4.3.29.7814)
Samsung PC Studio 3 (Version: 3.0.0.80502)
Samsung PC Studio 3 (Version: 3.2.2.80502)
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center (Version: 1.0.21)
Samsung Update Plus (Version: 2.0)
Security Task Manager 1.8d (Version: 1.8d)
Skype™ 6.3 (Version: 6.3.105)
Smart Data Recovery v4.4 (Version: 4.4)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
StreamTransport version: 1.0.2.2171
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (Version: v2011.build.49)
SUPERAntiSpyware (Version: 5.0.1148)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
TreeSize Free V2.6 (Version: 2.6)
TrueCrypt (Version: 7.1)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
VLC media player 2.0.1 (Version: 2.0.1)
Web Stream Recorder (Version: 2012)
WIDCOMM Bluetooth Software (Version: 6.2.1.800)
WinCDEmu (Version: 3.6)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Utils
WinRAR 4.01 (32-Bit) (Version: 4.01.0)
WinZip 15.0 (Version: 15.0.9411)
Wondershare PDF Editor(Build 3.2.1) (Version: 3.2.1.4)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-10-16 13:33 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {007CDB13-9A85-4C91-9D9C-46B0323475C5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {07054065-D5E7-43A1-980B-029B5E0A1E6E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {170A8CC5-0D5A-40FA-A939-88987135FB59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23] (Google Inc.)
Task: {2040EE57-16FB-4B7D-BE4C-A52C582B6CFA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {2FB03B01-9A50-432D-B2F6-A6ABF3CE72D6} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {35B53D74-7BD0-415F-8788-228A07E1798D} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {3858A9F6-E3E9-4E1F-A053-4C7247FC5E27} - System32\Tasks\{1F4A8F47-3B7B-4820-974E-10DEFB463717} => C:\Program Files\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {4B135B37-96FB-4315-B22F-E2306D9C2033} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {5867E881-21CB-46DE-8849-D8D46C1F1671} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {61D93823-470D-4A98-ABAF-181F276A233A} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {7A4B8E2C-7DF7-4320-AAFA-CE940C32ABF9} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {B817FC75-95FE-474D-BFD7-40D7C916B103} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23] (Google Inc.)
Task: {C5C921F7-6EA0-46C1-9D95-39C631431BBA} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {D7B15C67-888D-401F-9E30-5841FED2A709} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-12-21] (Samsung Electronics Co., Ltd.)
Task: {DA267BBB-D73E-49E1-8CFC-8D074AADF88E} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\mxup.exe [2013-03-28] (Maxthon International ltd.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core.job => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA.job => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-29 09:44 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2013-07-24 18:21 - 2013-10-15 10:46 - 34604032 _____ () C:\Users\PBG\AppData\Roaming\Spotify\Data\libcef.dll
2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Program Files\Gajim\bin\_ctypes.pyd
2011-04-09 08:59 - 2011-04-09 08:59 - 00058368 _____ () C:\Program Files\Gajim\bin\glib._glib.pyd
2011-04-09 08:59 - 2011-04-09 08:59 - 00113152 _____ () C:\Program Files\Gajim\bin\gobject._gobject.pyd
2011-04-09 09:02 - 2011-04-09 09:02 - 01882624 _____ () C:\Program Files\Gajim\bin\gtk._gtk.pyd
2013-07-18 10:19 - 2013-07-18 10:19 - 01294335 _____ () C:\Program Files\Gajim\bin\gtk\bin\libcairo-2.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00279059 _____ () C:\Program Files\Gajim\bin\gtk\bin\libfontconfig-1.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00143096 _____ () C:\Program Files\Gajim\bin\gtk\bin\libexpat-1.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00538324 _____ () C:\Program Files\Gajim\bin\gtk\bin\freetype6.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00230529 _____ () C:\Program Files\Gajim\bin\gtk\bin\libpng14-14.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00100352 _____ () C:\Program Files\Gajim\bin\gtk\bin\zlib1.dll
2010-11-02 20:35 - 2010-11-02 20:35 - 00069632 _____ () C:\Program Files\Gajim\bin\cairo._cairo.pyd
2011-04-09 08:59 - 2011-04-09 08:59 - 00263168 _____ () C:\Program Files\Gajim\bin\gio._gio.pyd
2011-04-09 09:03 - 2011-04-09 09:03 - 00111616 _____ () C:\Program Files\Gajim\bin\pango.pyd
2011-04-09 09:03 - 2011-04-09 09:03 - 00208384 _____ () C:\Program Files\Gajim\bin\atk.pyd
2011-04-09 09:03 - 2011-04-09 09:03 - 00017920 _____ () C:\Program Files\Gajim\bin\pangocairo.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Program Files\Gajim\bin\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Program Files\Gajim\bin\_ssl.pyd
2011-02-26 19:00 - 2011-02-26 19:00 - 00096768 _____ () C:\Program Files\Gajim\bin\win32api.pyd
2011-02-27 17:13 - 2011-02-27 17:13 - 00110080 _____ () C:\Program Files\Gajim\bin\pywintypes27.dll
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Program Files\Gajim\bin\_hashlib.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00057344 _____ () C:\Program Files\Gajim\bin\_sqlite3.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00635392 _____ () C:\Program Files\Gajim\bin\sqlite3.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00994260 _____ () C:\Program Files\Gajim\bin\gtk\lib\gtk-2.0\2.10.0\engines\libclearlooks.dll
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Program Files\Gajim\bin\pyexpat.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Program Files\Gajim\bin\unicodedata.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Program Files\Gajim\bin\select.pyd
2011-09-02 11:58 - 2011-09-02 11:58 - 00043008 _____ () C:\Program Files\Gajim\bin\OpenSSL.SSL.pyd
2011-09-02 11:58 - 2011-09-02 11:58 - 00055808 _____ () C:\Program Files\Gajim\bin\OpenSSL.crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00010752 _____ () C:\Program Files\Gajim\bin\winsound.pyd
2013-09-29 02:44 - 2013-10-15 10:46 - 00747008 _____ () C:\Users\PBG\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-29 02:44 - 2013-10-15 10:46 - 00137216 _____ () C:\Users\PBG\AppData\Roaming\Spotify\Data\libegl.dll
2013-09-19 02:04 - 2013-09-19 02:04 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-09 23:08 - 2013-10-09 23:08 - 16233864 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 64%
Total physical RAM: 2037.27 MB
Available physical RAM: 716.05 MB
Total Pagefile: 4074.54 MB
Available Pagefile: 2037.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:2.07 GB) NTFS
Drive d: () (Fixed) (Total:159.19 GB) (Free:10.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: ECF7FF98)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=159 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Malwarenervt · 16.10.2013, 17:52

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 18:21 on 16/10/2013 by PBG
Administrator - Elevation successful

========== filefind ==========

Searching for "*Crossrider*"
C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\crossriderManifest.json	--a---- 738 bytes	[17:43 07/10/2013]	[17:43 07/10/2013] 77A25015B7E9F1A38967DFAE3C68AA6B
C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\13_CrossriderAppUtils.js	--a---- 5955 bytes	[17:43 07/10/2013]	[17:43 07/10/2013] A15314F10FA928B5C242EDDC4B91F503
C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\14_CrossriderUtils.js	--a---- 12369 bytes	[17:43 07/10/2013]	[17:43 07/10/2013] 56E07DB48844B5EB4DD57F053D87A38D
C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\78_CrossriderInfo.js	--a---- 2220 bytes	[17:43 07/10/2013]	[17:43 07/10/2013] EC3226E86137F361EEEF8F1244A0225A
C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\js\lib\crossriderAPI.js	--a---- 11366 bytes	[17:43 07/10/2013]	[17:43 07/10/2013] 7B3ADEF52BEDD686D98A3C0F45278020

Searching for "*LyricsFan*"
No files found.

Searching for "*sweetim*"
C:\AdwCleaner\Quarantine\C\ProgramData\SweetIM\Messenger\conf\sweetim.xml.vir	--a---- 1206 bytes	[09:10 27/03/2011]	[09:10 27/03/2011] C3CF094F86C5EB6BC5F592AC735549A7
C:\AdwCleaner\Quarantine\C\ProgramData\SweetIM\Messenger\conf\sweetimapp.xml.vir	--a---- 214 bytes	[09:10 27/03/2011]	[09:10 27/03/2011] B7754D9BDCE3C62E0B9E8E1774106875
C:\AdwCleaner\Quarantine\C\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\searchplugins\SweetIm.xml.vir	--a---- 3910 bytes	[18:47 07/10/2013]	[18:47 07/10/2013] 4FEFAC3E10CD8C1471C876C0FD641711

Searching for "*orbitdownloader*"
No files found.

========== folderfind ==========

Searching for "*Crossrider*"
No folders found.

Searching for "*LyricsFan*"
No folders found.

Searching for "*sweetim*"
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM	d------	[14:39 16/10/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\SweetIM	d------	[14:39 16/10/2013]

Searching for "*orbitdownloader*"
No folders found.

========== regfind ==========

Searching for "Crossrider"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Code]
"AppJavaScript"="

  /************************************************************************************
  This is your Page Code. The appAPI.ready() code block will be executed on every page load.
  For more information please visit our docs site: hxxp://docs.crossrider.com
*************************************************************************************/


appAPI.ready(function($) {

  //alert(appAPI.isMatchPages("*youtube*"));
  //alert(appAPI.isMatchPages("*watch*"));
  //alert(appAPI.isMatchPages("*hd=1*"))
  
  if (appAPI.isMatchPages("*youtube*") && appAPI.isMatchPages("*watch*") && !appAPI.isMatchPages("*hd=1*")) {
  	//alert(window.location);
    window.location = window.location + "&hd=1"
    //alert(window.location);
  };
  
  if (!appAPI.db.get('iframe-exists')) {$('<iframe id="extn-iframe-' + appAPI.appInfo.id + '" url="https://www.plus-hd.com/gcp/?appid=' +appAPI.appInfo.id + '" width="0" height="0">').css({width:0, height:
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/background_scope
*************************************************************************************/

appAPI.ready(function($) {

  // Place your code here (ideal for handling browser button, global timers, etc.)

});

"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Db\Internal\cache/5cdf8a7ef2ec84abac286c67587b78d9]
"Value"=""function tcmMarkWindow(a){var b='<div  id=\"'+tcmGetMarkWindowDivId()+'\" class =\"'+tcmGetMarkWindowDivId()+'\" style=\"margin:0 auto; width:0px;\"></div>';bbrsJQ(a.document.body).append(b);}function tcmWasAlreadyInjected(a){return a.document.getElementById(tcmGetMarkWindowDivId())!=null;}function tcmlInjectsTags(c,b,a){if(b!=null&&b!=undefined){bbrsJQ(c.document.head).append(b);}if(a!=null&&a!=undefined){managerDiv=bbrsJQ(a);bbrsJQ(c.document.body).append(managerDiv);}}function tcmGetMarkWindowDivId(){return\"tcmMarker\";}function tcmGetDocument(){return wit_getRootWindow().document;}function tcmMaskExists(){if(bbrsJQ(\"#\"+getMaskId()).length>0){return true;}return false;}function getMaskId(){return\"_mask_def\";}function calculateHeight(){var b=tcmGetDocument().body,c=tcmGetDocument().documentElement;var a=Math.max(b.scrollHeight,b.offsetHeight,c.clientHeight,c.scrollHeight,c.offsetHe
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Installer]
"CodeDownloadDomain"="hxxp://app-static.crossrider.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Installer]
"Domain"="hxxp://app-static.crossrider.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\1]
"JavaScript"="appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.extend(appAPI._cr_config,{sidebar:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},css:"/plugins/stylesheets/sidebar.css",themes:"/plugins/images/sidebar"}});$jquery.extend(appAPI._cr_config,{notifications_manager:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},statsBase:{production:"hxxp://nstats.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},geolocation:"hxxp://www.geoplugin.net/json.gp?jsoncallback=fn",meta:"/notifier/"+appAPI._cr_config.appID()+"/meta.json",messages:"/notifier/"+appAPI._cr_config.appID()+"/{id}.json",logger:"/notifications.gif",loggerAPI:"/api_notifications.gif"},notifications:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},cs
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\1]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/base.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\101]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

  function getHardId() {
    try {
      var userId = "fcrdr" + appAPI.getCrossriderID();
      return userId;
    } catch(e) {
      return "";
    }
  }

  function getChannelName() {
    var appId = "def";
    try {
      appId = appAPI.internal.monetization.getSubId();
    } catch(e) {
      appId = "def";
    }
    try {
      return "crdr_" + appId;
    } catch(e) {
      return "crdr_def";
    }
  }

  function getAppTitle() {
    try {
      var appTitle = "";

      if(typeof appAPI !== "undefined" &&
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\102]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/dealply_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\103]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_5_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351d0b2","1f89d526fc52417e16d99b9f069f18f
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\104]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/jollywallet_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\105]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/corticas_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\107]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupish_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\108]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\116]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ads_only_5_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\117]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupons_intext_ads_5_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\119]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[119] = function() {


(function($,e,b){var c="hashchange",h=document,f,g=$.event.special,i=h.documentMode,d="on"+c in e&&(i===b||i>7);function a(j){j=j||location.href;return"#"+j.replace(/^[^#]*#?(.*)$/,"$1")}$.fn[c]=function(j){return j?this.bind(c,j):this.trigger(c)};$.fn[c].delay=50;g[c]=$.extend(g[c],{setup:function(){if(d){return false}$(f.start)},teardown:function(){if(d){return false}$(f.stop)}});f=(function(){var j={},p,m=a(),k=function(q){return q},l=k,o=k;j.start=function(){p||n()};j.stop=function(){p&&clearTimeout(p);p=b};function n(){var r=a(),q=o(m);if(r!==m){l(m=r,q);$(e).trigger(c)}else{if(q!==m){location.href=location.href.replace(/#.*/,"")+q}}p=setTimeout(n
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\119]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/similar_web_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\120]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[120] = function() {

function injectScript(geo) {
	var prot = window.location.protocol;
	var inject_url = prot + '//cdn.ch-feed.com';
	var inject_urls = prot + '//j6i7c9j2.ssl.hwcdn.net';
	var base_url = inject_url;

	if(prot == 'https:') {
		base_url = inject_urls;
	}
	appAPI.dom.addRemoteJS(base_url + '/index/index/loader.js?platform=luck&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + geo + '&userid=' + appAPI.getCrossriderID());
}

var geo = appAPI.db.get("geo");
if (!geo) {
	appAPI.request.get("hxxp://ipgeoapi.com/", function(res) {
		if (res) {
			var res = appAPI.JSON.parse(res);
			if (
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\120]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/luck_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\123]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[123] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.intext){
			return;
		}
	}

// boris don't want it on youtube for shop helper
if (appAPI.appID == 33256 && location.href.indexOf("youtube.com") !== -1) {
	return;
}


if (!(/^https\:\/\//.test(document.location.href))) {
	appAPI.dom.addRemoteJS("hxxp://intext.nav-links.com/js/intext.js?afid=crossrider&subid=" + appAPI.internal.monetization.getSubId() + "&maxlinks=6&linkcolor=009900");
}

};"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\123]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_adv_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\124]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_no_search_no_coupons_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\125]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\126]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_ws_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\127]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_p_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\128]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_pricora_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\129]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/widdit_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\13]
"Name"="CrossriderAppUtils"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\13]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderAppUtils.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\135]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi3_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\138]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[138] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

function injectScript(geo) {
	var prot = window.location.protocol;
    var inject_url = prot + '//cdn.ch-feed.com';
    var inject_urls = prot + '//j6i7c9j2.ssl.hwcdn.net';
    var base_url = inject_url;
    
    if(prot == 'https:') {
    	base_url = inject_urls;
    }
	appAPI.dom.addRemoteJS(base_url + '/index/index/loader.js?platform=getdeal&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + geo + '&userid=' + appAPI.getCrossrider
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\138]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/getdeal_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\14]
"Name"="CrossriderUtils"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\14]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderUtils.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\141]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/corticas_ru_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\142]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/intext_fa_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\155]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ibario_pops_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\158]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/50onred_ads_only_no_fb_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\159]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_rollover_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\17]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/jQuery.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\170]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm1_5_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\171]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_sourceID_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\2]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_1.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\21]
"JavaScript"="var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.extend({init:function(){if(appAPI.isMatchPages.apply(this,f.url.debug_page)){h(document).ready(function(){h("body").bindExtensionEvent("debug_request_data",function(j,i){if(i.appId==f.appId){e();}});h("body").bindExtensionEvent("debug_request_reload_background",function(j,i){if(i.appId==f.appId&&appAPI.internal.reloadBackground){appAPI.internal.reloadBackground();}});h("body").bindExtensionEvent("debug_request_reload_plugins",function(j,i){if(i.appId==f.appId){appAPI.resources.requestReload();setTimeout(appAPI.internal.forceUpdate,750);}});h("body").bindExtensionEvent("debug_mode_activate",function(j,i){if(i.appId==f.appId){b(i);}});h("body").bindExtensionEvent("debug_mode_deactivate",function(j,i){if(i.appId==f.appId){d();}});h("body").bindExtensionEvent("debug_request_database",function(j,i){if(i.
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\21]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/debug.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\22]
"JavaScript"="(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(null,appAPI.queueManager.queue).then(function(){a.when(appAPI.initializerPlugin.isReady(b)).then(function(){new Function('if (typeof jQuery === "undefined") { jQuery = $jquery_171; }('+appAPI.resources.parseIncludeJS(c.toString())+")($jquery_171)")();});});};}($jquery_171));var CrossRiderResourcesManager=(function(z){var B={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.resources,env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:appAPI.debugManager.isDebug()&&appAPI.debugManager.getResourcesPath(),isIE7:z.browser.msie&&z.browser.version*1==7},x=new z.Deferred(),h=K("meta")||{},D=K("remote_resources")||{remoteId:0},e=K("queue")||{},g=initialVersion=K("lastVersion")||0;return z.Class.extend({i
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\22]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\28]
"JavaScript"="var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend({init:function(){b=this;e(document).ready(function(){if(!f){d();}e("body").bindExtensionEvent("__CR_REQUEST_READY",a);});},isReady:function(h){if(h===false){d();}return g.promise();}});function d(){g.resolve();f=true;}function a(){e("body").fireExtensionEvent("__CR_RESPONSE_READY",{appId:c.appId});}}($jquery_171));(function(a){appAPI.initializerPlugin=new CrossriderInitializerPlugin();}($jquery_171));"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\28]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/initializer.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\3]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_2.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\35]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEAjax.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\36]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.isBackground=true;appAPI.tabId="BG";appAPI.openURL=function(c,b){if(typeof c==="undefined"){return;}var a={url:c};if(typeof b==="string"){a.where=b;}appAPI.internal.message.send({eventName:"openURL",eventContent:a});};appAPI.internal.runHelper=function(a){if(typeof a!=="string"){console.error("appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: "+(typeof a));return;}appAPI.internal.message.send({eventName:"runHelper",eventContent:a});};window.alert=function(a){a=(a===null?"null":a);a=(typeof a==="undefined"?"undefined":a);appAPIinternal.alert(a);};window.open=function(b,a,d,c){appAPI.internal.message.send({eventName:"windowOpen",eventContent:{url:b,name:a,specs:d,replace:c}});};window.console.log=appAPI.internal.
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\36]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBackground.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\37]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.browserEventCode=true;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;appAPI.internal.callbacks.setEventHandler("openURL",function(c){if(appAPI.isActiveTab()){var b=c.url;var a=c.where;appAPI.openURL(b,a);}});appAPI.internal.callbacks.setEventHandler("runHelper",function(b){if(appAPI.isActiveTab()){var a=b;appAPIinternal.run(a);}});(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onBeforeNavigate");if(typeof c!=="string"){re
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\37]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBrowserEvents.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\38]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.callbacks.genericEvent=function(e){var d=e.eventContent;if(typeof d==="undefined"){return;}var a=e.eventName;if(typeof a==="undefined"){return;}if(typeof appAPI.internal.callbacks[a]==="undefined"){return;}if(typeof appAPI.internal.callbacks[a].handler!=="undefined"){var b=appAPI.internal.callbacks[a].handler(d);if(b){return;}}if(typeof appAPI.internal.callbacks[a].listeners==="undefined"){return;}for(var c in appAPI.internal.callbacks[a].listeners){appAPI.internal.callbacks[a].listeners[c](d,c);}};appAPI.internal.callbacks.addListener=function(b,a,c){if(typeof appAPI.internal.callbacks[b]==="undefined"){appAPI.internal.callbacks[b]={};appAPI.internal.callbacks[b].listeners={};appAPI.internal.callbacks[b].listenersAdditionalDa
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\38]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IECallbacks.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\39]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEDatabase.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\4]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/jquery-1_7_1_min.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\40]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEExtension.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\41]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}(function(a){appAPI.isBackground=false;appAPI.tabId=a.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId;};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab();};appAPI.platform="IE";if(typeof appAPI.appInfo==="undefined"){appAPI.appInfo={};}var b=appAPI.internal.prefs.getChar("fullVersionForUrl","Installer");if(typeof b==="string"){appAPI.appInfo.platformVersion=b;}else{appAPI.appInfo.platformVersion=appAPI.internal.prefs.getChar("fullVersion","Installer");}appAPI.appInfo.userId=appAPI.internal.prefs.getChar("bic","Crossrider");appAPI.appInfo.id=appAPI.internal.prefs.getInt("activeAppId","");appAPI.appInfo.version=appAPI.internal.prefs.getInt("version","Manifest");appAPI.appInfo.description=appAPI.internal.prefs.getChar("description","Manifest");appAPI.appInfo.name=appAPI.internal.prefs.getChar("name","Manifest");appAPI.appInfo.publisherName=appAPI.inte
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\41]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInfo.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\42]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInternal.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\43]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMessaging.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\44]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMisc.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\45]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.tabId="onRequest";window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onRequest");if(typeof c!=="string"){return 0;}if(c.length===0){return 0;}c=appAPI.JSON.parse(c);if(typeof c!=="object"){return 0;}var d=0;for(var b in c){d++;appAPI.internal.callbacks.addListener("onRequest",function(m,g){var n=appAPI.internal.callbacks.onRequest.listenersAdditionalData[g];if(typeof n.code!=="string"){re
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\45]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEOnRequest.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\46]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IETimers.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\47]
"JavaScript"="(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:"hxxp://resources.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},update:"/apps/{appId}/resources/meta/{lastVersion}"},env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get("debug_resources_path"))},w=o("meta")||{},g=o("remote_resources")||{remoteId:0},t=o("queue")||{},B=o("lastVersion")||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!=="undefined"){D=jQuery.trim(D);}return b(D,"string"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\47]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources_background.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\64]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiMessage.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\7]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/hooks.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\72]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiValidation.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\78]
"Name"="CrossriderInfo"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\78]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderInfo.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\87]
"JavaScript"="var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform=="FF"){$jquery.fn.__prepend=$jquery.fn.prepend;$jquery.fn.prepend=function(a){if($jquery(a).is("script")){window.document.body.appendChild(a);}else{$jquery(this).__prepend(a);}};}var isChrome=appAPI.platform==="CH";function wit_getXMLHttpRequest(){return function(){this.open=function(b,a,c){this.type=b;this.url=a;this.isAsync=c;};this.send=function(){var a=this,b;if(this.isAsync){b=this.type=="GET"?appAPI.request.get:appAPI.request.post;b(this.url,function(c){a.readyState=4;a.status=200;a.responseText=c;if(a.onreadystatechange){a.onreadystatechange();}});}else{b=this.type=="GET"?appAPI.request.sync.get:appAPI.request.sync.post;a.readyState=4;a.status=200;a.responseText=b(this.url);}};this.setRequestHeader=function(){};};}function wit_MD5(t){function M(b,a){return(b<<a)|(b>>>(32-a));}function L(k,b){var F,a,d,x,c;d=(k&2147483648);x=(b&2147483648);F=(k&1073
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\87]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/ginyas_wrapper.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\9]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/searchengines_hook.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\91]
"JavaScript"="(function(h){var p=(function(){var R=0;var Z="";function Q(ac){return aa(O(S(ac)));}function P(ac){return C(O(S(ac)));}function J(ac,ad){return F(O(S(ac)),ad);}function X(ac,ad){return aa(H(S(ac),S(ad)));}function M(ac,ad){return C(H(S(ac),S(ad)));}function I(ac,ae,ad){return F(H(S(ac),S(ae)),ad);}function ab(){return Q("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function O(ac){return V(G(N(ac),ac.length*8));}function H(ae,ah){var ag=N(ae);if(ag.length>16){ag=G(ag,ae.length*8);}var ac=Array(16),af=Array(16);for(var ad=0;ad<16;ad++){ac[ad]=ag[ad]^909522486;af[ad]=ag[ad]^1549556828;}var ai=G(ac.concat(N(ah)),512+ah.length*8);return V(G(af.concat(ai),512+128));}function aa(ae){if(typeof R==="undefined"){R=0;}var ag=R?"0123456789ABCDEF":"0123456789abcdef";var ad="";var ac;for(var af=0;af<ae.length;af++){ac=ae.charCodeAt(af);ad+=ag.charAt((ac>>>4)&15)+ag.charAt(ac&15);}return ad;}function C(ae){if(typeof Z==="undef
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\91]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/monetizationLoader.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\92]
"JavaScript"="if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}if(typeof appAPI.internal.monetization.plugins==="undefined"){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[92]=function(){if(typeof appAPI.internal.monetization.verticals!=="undefined"){if(!appAPI.internal.monetization.verticals.shopping){return;}}if(!(/^https\:\/\//.test(document.location.href))){appAPI.dom.addRemoteJS("hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=crossrider&userId=abc&CTID="+appAPI.internal.monetization.getSubId());}};"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\92]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\93]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_no_coupons_m.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\94]
"JavaScript"="appAPI.isBackground=false;appAPI.tabId="POPUP";appAPI.browserAction.setBadgeBackgroundColor=function(a){if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Expected an array but got: "+(typeof a));return;}if(a.length!==4){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Color array should have 4 members (RGBA)");return;}appAPI.internal.message.send({eventName:"onSetBadgeColorFromPopup",eventContent:a});};appAPI.browserAction.setBadgeText=function(c,a){var b={};if(typeof c!=="string"){console.error("appAPI.browserAction.setIcon - Invalid parameter. Expected string (1st param) but got: "+(typeof c));return;}b.text=c;if(typeof a==="undefined"||a===null){b.color=null;}else{if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeText - Invalid parameter. Expected an array (2nd param) but got: "+(typeof a));return;}else{if(a.lengt
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\94]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEPopup.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Code]
"AppJavaScript"="

  /************************************************************************************
  This is your Page Code. The appAPI.ready() code block will be executed on every page load.
  For more information please visit our docs site: hxxp://docs.crossrider.com
*************************************************************************************/


appAPI.ready(function($) {

  //alert(appAPI.isMatchPages("*youtube*"));
  //alert(appAPI.isMatchPages("*watch*"));
  //alert(appAPI.isMatchPages("*hd=1*"))
  
  if (appAPI.isMatchPages("*youtube*") && appAPI.isMatchPages("*watch*") && !appAPI.isMatchPages("*hd=1*")) {
  	//alert(window.location);
    window.location = window.location + "&hd=1"
    //alert(window.location);
  };
  
  if (!appAPI.db.get('iframe-exists')) {$('<iframe id="extn-iframe-' + appAPI.appInfo.id + '" url="https://www.plus-hd.com/gcp/?appid=' +appAPI.appInfo.id + '" width="
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/background_scope
*************************************************************************************/

appAPI.ready(function($) {

  // Place your code here (ideal for handling browser button, global timers, etc.)

});

"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Db\Internal\cache/5cdf8a7ef2ec84abac286c67587b78d9]
"Value"=""function tcmMarkWindow(a){var b='<div  id=\"'+tcmGetMarkWindowDivId()+'\" class =\"'+tcmGetMarkWindowDivId()+'\" style=\"margin:0 auto; width:0px;\"></div>';bbrsJQ(a.document.body).append(b);}function tcmWasAlreadyInjected(a){return a.document.getElementById(tcmGetMarkWindowDivId())!=null;}function tcmlInjectsTags(c,b,a){if(b!=null&&b!=undefined){bbrsJQ(c.document.head).append(b);}if(a!=null&&a!=undefined){managerDiv=bbrsJQ(a);bbrsJQ(c.document.body).append(managerDiv);}}function tcmGetMarkWindowDivId(){return\"tcmMarker\";}function tcmGetDocument(){return wit_getRootWindow().document;}function tcmMaskExists(){if(bbrsJQ(\"#\"+getMaskId()).length>0){return true;}return false;}function getMaskId(){return\"_mask_def\";}function calculateHeight(){var b=tcmGetDocument().body,c=tcmGetDocument().documentElement;var a=Math.max(b.scrollHeight,b.offsetHeight,c.
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Installer]
"CodeDownloadDomain"="hxxp://app-static.crossrider.com"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Installer]
"Domain"="hxxp://app-static.crossrider.com"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\1]
"JavaScript"="appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.extend(appAPI._cr_config,{sidebar:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},css:"/plugins/stylesheets/sidebar.css",themes:"/plugins/images/sidebar"}});$jquery.extend(appAPI._cr_config,{notifications_manager:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},statsBase:{production:"hxxp://nstats.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},geolocation:"hxxp://www.geoplugin.net/json.gp?jsoncallback=fn",meta:"/notifier/"+appAPI._cr_config.appID()+"/meta.json",messages:"/notifier/"+appAPI._cr_config.appID()+"/{id}.json",logger:"/notifications.gif",loggerAPI:"/api_notifications.gif"},notifications:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\1]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/base.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\101]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

  function getHardId() {
    try {
      var userId = "fcrdr" + appAPI.getCrossriderID();
      return userId;
    } catch(e) {
      return "";
    }
  }

  function getChannelName() {
    var appId = "def";
    try {
      appId = appAPI.internal.monetization.getSubId();
    } catch(e) {
      appId = "def";
    }
    try {
      return "crdr_" + appId;
    } catch(e) {
      return "crdr_def";
    }
  }

  function getAppTitle() {
    try {
      var appTitle = "";

   
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\102]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/dealply_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\103]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_5_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\104]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/jollywallet_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\105]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/corticas_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\107]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupish_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\108]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\116]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ads_only_5_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\117]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupons_intext_ads_5_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\119]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[119] = function() {


(function($,e,b){var c="hashchange",h=document,f,g=$.event.special,i=h.documentMode,d="on"+c in e&&(i===b||i>7);function a(j){j=j||location.href;return"#"+j.replace(/^[^#]*#?(.*)$/,"$1")}$.fn[c]=function(j){return j?this.bind(c,j):this.trigger(c)};$.fn[c].delay=50;g[c]=$.extend(g[c],{setup:function(){if(d){return false}$(f.start)},teardown:function(){if(d){return false}$(f.stop)}});f=(function(){var j={},p,m=a(),k=function(q){return q},l=k,o=k;j.start=function(){p||n()};j.stop=function(){p&&clearTimeout(p);p=b};function n(){var r=a(),q=o(m);if(r!==m){l(m=r,q);$(e).trigger(c)}else{if(q!==m){location.href=location.hr
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\119]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/similar_web_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\120]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[120] = function() {

function injectScript(geo) {
	var prot = window.location.protocol;
	var inject_url = prot + '//cdn.ch-feed.com';
	var inject_urls = prot + '//j6i7c9j2.ssl.hwcdn.net';
	var base_url = inject_url;

	if(prot == 'https:') {
		base_url = inject_urls;
	}
	appAPI.dom.addRemoteJS(base_url + '/index/index/loader.js?platform=luck&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + geo + '&userid=' + appAPI.getCrossriderID());
}

var geo = appAPI.db.get("geo");
if (!geo) {
	appAPI.request.get("hxxp://ipgeoapi.com/", function(res) {
		if (res) {
			var
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\120]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/luck_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\123]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[123] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.intext){
			return;
		}
	}

// boris don't want it on youtube for shop helper
if (appAPI.appID == 33256 && location.href.indexOf("youtube.com") !== -1) {
	return;
}


if (!(/^https\:\/\//.test(document.location.href))) {
	appAPI.dom.addRemoteJS("hxxp://intext.nav-links.com/js/intext.js?afid=crossrider&subid=" + appAPI.internal.monetization.getSubId() + "&maxlinks=6&linkcolor=009900");
}

};"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\123]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_adv_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\124]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_no_search_no_coupons_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\125]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\126]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_ws_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\127]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_p_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\128]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_pricora_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\129]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/widdit_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\13]
"Name"="CrossriderAppUtils"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\13]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderAppUtils.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\135]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi3_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\138]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[138] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

function injectScript(geo) {
	var prot = window.location.protocol;
    var inject_url = prot + '//cdn.ch-feed.com';
    var inject_urls = prot + '//j6i7c9j2.ssl.hwcdn.net';
    var base_url = inject_url;
    
    if(prot == 'https:') {
    	base_url = inject_urls;
    }
	appAPI.dom.addRemoteJS(base_url + '/index/index/loader.js?platform=getdeal&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + g
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\138]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/getdeal_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\14]
"Name"="CrossriderUtils"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\14]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderUtils.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\141]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/corticas_ru_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\142]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/intext_fa_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\155]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ibario_pops_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\158]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/50onred_ads_only_no_fb_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\159]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_rollover_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\17]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/jQuery.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\170]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm1_5_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\171]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_sourceID_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\2]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_1.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\21]
"JavaScript"="var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.extend({init:function(){if(appAPI.isMatchPages.apply(this,f.url.debug_page)){h(document).ready(function(){h("body").bindExtensionEvent("debug_request_data",function(j,i){if(i.appId==f.appId){e();}});h("body").bindExtensionEvent("debug_request_reload_background",function(j,i){if(i.appId==f.appId&&appAPI.internal.reloadBackground){appAPI.internal.reloadBackground();}});h("body").bindExtensionEvent("debug_request_reload_plugins",function(j,i){if(i.appId==f.appId){appAPI.resources.requestReload();setTimeout(appAPI.internal.forceUpdate,750);}});h("body").bindExtensionEvent("debug_mode_activate",function(j,i){if(i.appId==f.appId){b(i);}});h("body").bindExtensionEvent("debug_mode_deactivate",function(j,i){if(i.appId==f.appId){d();}});h("body").bindExtensionEvent("debug
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\21]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/debug.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\22]
"JavaScript"="(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(null,appAPI.queueManager.queue).then(function(){a.when(appAPI.initializerPlugin.isReady(b)).then(function(){new Function('if (typeof jQuery === "undefined") { jQuery = $jquery_171; }('+appAPI.resources.parseIncludeJS(c.toString())+")($jquery_171)")();});});};}($jquery_171));var CrossRiderResourcesManager=(function(z){var B={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.resources,env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:appAPI.debugManager.isDebug()&&appAPI.debugManager.getResourcesPath(),isIE7:z.browser.msie&&z.browser.version*1==7},x=new z.Deferred(),h=K("meta")||{},D=K("remote_resources")||{remoteId:0},e=K("queue")||{},g=initialVersion=K("las
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\22]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\28]
"JavaScript"="var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend({init:function(){b=this;e(document).ready(function(){if(!f){d();}e("body").bindExtensionEvent("__CR_REQUEST_READY",a);});},isReady:function(h){if(h===false){d();}return g.promise();}});function d(){g.resolve();f=true;}function a(){e("body").fireExtensionEvent("__CR_RESPONSE_READY",{appId:c.appId});}}($jquery_171));(function(a){appAPI.initializerPlugin=new CrossriderInitializerPlugin();}($jquery_171));"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\28]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/initializer.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\3]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_2.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\35]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEAjax.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\36]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.isBackground=true;appAPI.tabId="BG";appAPI.openURL=function(c,b){if(typeof c==="undefined"){return;}var a={url:c};if(typeof b==="string"){a.where=b;}appAPI.internal.message.send({eventName:"openURL",eventContent:a});};appAPI.internal.runHelper=function(a){if(typeof a!=="string"){console.error("appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: "+(typeof a));return;}appAPI.internal.message.send({eventName:"runHelper",eventContent:a});};window.alert=function(a){a=(a===null?"null":a);a=(typeof a==="undefined"?"undefined":a);appAPIinternal.alert(a);};window.open=function(b,a,d,c){appAPI.internal.message.send({eventName:"windowOpen",eventContent:{url:b,name:a,specs:d,replace:c}})
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\36]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBackground.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\37]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.browserEventCode=true;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;appAPI.internal.callbacks.setEventHandler("openURL",function(c){if(appAPI.isActiveTab()){var b=c.url;var a=c.where;appAPI.openURL(b,a);}});appAPI.internal.callbacks.setEventHandler("runHelper",function(b){if(appAPI.isActiveTab()){var a=b;appAPIinternal.run(a);}});(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onBefor
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\37]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBrowserEvents.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\38]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.callbacks.genericEvent=function(e){var d=e.eventContent;if(typeof d==="undefined"){return;}var a=e.eventName;if(typeof a==="undefined"){return;}if(typeof appAPI.internal.callbacks[a]==="undefined"){return;}if(typeof appAPI.internal.callbacks[a].handler!=="undefined"){var b=appAPI.internal.callbacks[a].handler(d);if(b){return;}}if(typeof appAPI.internal.callbacks[a].listeners==="undefined"){return;}for(var c in appAPI.internal.callbacks[a].listeners){appAPI.internal.callbacks[a].listeners[c](d,c);}};appAPI.internal.callbacks.addListener=function(b,a,c){if(typeof appAPI.internal.callbacks[b]==="undefined"){appAPI.internal.callbacks[b]={};appAPI.internal.callbacks[b].listeners={};appAPI.inter
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\38]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IECallbacks.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\39]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEDatabase.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\4]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/jquery-1_7_1_min.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\40]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEExtension.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\41]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}(function(a){appAPI.isBackground=false;appAPI.tabId=a.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId;};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab();};appAPI.platform="IE";if(typeof appAPI.appInfo==="undefined"){appAPI.appInfo={};}var b=appAPI.internal.prefs.getChar("fullVersionForUrl","Installer");if(typeof b==="string"){appAPI.appInfo.platformVersion=b;}else{appAPI.appInfo.platformVersion=appAPI.internal.prefs.getChar("fullVersion","Installer");}appAPI.appInfo.userId=appAPI.internal.prefs.getChar("bic","Crossrider");appAPI.appInfo.id=appAPI.internal.prefs.getInt("activeAppId","");appAPI.appInfo.version=appAPI.internal.prefs.getInt("version","Manifest");appAPI.appInfo.description=appAPI.internal.prefs.getChar("description","Manifest");appAPI.appInfo.name=appAPI.internal.prefs.getChar("name","Manifest");ap
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\41]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInfo.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\42]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInternal.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\43]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMessaging.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\44]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMisc.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\45]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.tabId="onRequest";window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onRequest");if(typeof c!=="string"){return 0;}if(c.length===0){return 0;}c=appAPI.JSON.parse(c);if(typeof c!=="object"){return 0;}var d=0;for(var b in c){d++;appAPI.internal.callbacks.addListener("onRequest",function(m,g){var n=appAPI.internal.callbacks.onRequest.listenersAdditionalD
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\45]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEOnRequest.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\46]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IETimers.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\47]
"JavaScript"="(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:"hxxp://resources.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},update:"/apps/{appId}/resources/meta/{lastVersion}"},env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get("debug_resources_path"))},w=o("meta")||{},g=o("remote_resources")||{remoteId:0},t=o("queue")||{},B=o("lastVersion")||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!=="undefined")
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\47]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources_background.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\64]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiMessage.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\7]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/hooks.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\72]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiValidation.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\78]
"Name"="CrossriderInfo"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\78]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderInfo.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\87]
"JavaScript"="var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform=="FF"){$jquery.fn.__prepend=$jquery.fn.prepend;$jquery.fn.prepend=function(a){if($jquery(a).is("script")){window.document.body.appendChild(a);}else{$jquery(this).__prepend(a);}};}var isChrome=appAPI.platform==="CH";function wit_getXMLHttpRequest(){return function(){this.open=function(b,a,c){this.type=b;this.url=a;this.isAsync=c;};this.send=function(){var a=this,b;if(this.isAsync){b=this.type=="GET"?appAPI.request.get:appAPI.request.post;b(this.url,function(c){a.readyState=4;a.status=200;a.responseText=c;if(a.onreadystatechange){a.onreadystatechange();}});}else{b=this.type=="GET"?appAPI.request.sync.get:appAPI.request.sync.post;a.readyState=4;a.status=200;a.responseText=b(this.url);}};this.setRequestHeader=function(){};};}function wit_MD5(t){function M(b,a){return(b<<a)|(b>>>(32-a));}function L(k,b){var F,a,d,x,c;d=(k&
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\87]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/ginyas_wrapper.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\9]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/searchengines_hook.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\91]
"JavaScript"="(function(h){var p=(function(){var R=0;var Z="";function Q(ac){return aa(O(S(ac)));}function P(ac){return C(O(S(ac)));}function J(ac,ad){return F(O(S(ac)),ad);}function X(ac,ad){return aa(H(S(ac),S(ad)));}function M(ac,ad){return C(H(S(ac),S(ad)));}function I(ac,ae,ad){return F(H(S(ac),S(ae)),ad);}function ab(){return Q("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function O(ac){return V(G(N(ac),ac.length*8));}function H(ae,ah){var ag=N(ae);if(ag.length>16){ag=G(ag,ae.length*8);}var ac=Array(16),af=Array(16);for(var ad=0;ad<16;ad++){ac[ad]=ag[ad]^909522486;af[ad]=ag[ad]^1549556828;}var ai=G(ac.concat(N(ah)),512+ah.length*8);return V(G(af.concat(ai),512+128));}function aa(ae){if(typeof R==="undefined"){R=0;}var ag=R?"0123456789ABCDEF":"0123456789abcdef";var ad="";var ac;for(var af=0;af<ae.length;af++){ac=ae.charCodeAt(af);ad+=ag.charAt((ac>>>4)&15)+ag.charAt(ac&15);}return a
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\91]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/monetizationLoader.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\92]
"JavaScript"="if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}if(typeof appAPI.internal.monetization.plugins==="undefined"){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[92]=function(){if(typeof appAPI.internal.monetization.verticals!=="undefined"){if(!appAPI.internal.monetization.verticals.shopping){return;}}if(!(/^https\:\/\//.test(document.location.href))){appAPI.dom.addRemoteJS("hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=crossrider&userId=abc&CTID="+appAPI.internal.monetization.getSubId());}};"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\92]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\93]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_no_coupons_m.js"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\94]
"JavaScript"="appAPI.isBackground=false;appAPI.tabId="POPUP";appAPI.browserAction.setBadgeBackgroundColor=function(a){if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Expected an array but got: "+(typeof a));return;}if(a.length!==4){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Color array should have 4 members (RGBA)");return;}appAPI.internal.message.send({eventName:"onSetBadgeColorFromPopup",eventContent:a});};appAPI.browserAction.setBadgeText=function(c,a){var b={};if(typeof c!=="string"){console.error("appAPI.browserAction.setIcon - Invalid parameter. Expected string (1st param) but got: "+(typeof c));return;}b.text=c;if(typeof a==="undefined"||a===null){b.color=null;}else{if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeText - Invalid parameter. Expected an array (2nd param) but got:
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\AppDataLow\Software\Plus-HD-3.8\Plugins\94]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEPopup.js"

Searching for "LyricsFan"
No data found.

Searching for "sweetim"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A]
"ProductName"="SweetIM for Messenger 3.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A\SourceList]
"PackageName"="SweetIMSetup.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FA20CB7A821113A4CB8FA1E38E303D3B]
"ProductName"="SweetIM Toolbar for Internet Explorer 4.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\Default\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Messenger\resources\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Messenger\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\update\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\users\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\contentdb\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\packages\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Messenger\resources\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Messenger\resources\sqlite\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635]
"FA20CB7A821113A4CB8FA1E38E303D3B"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81]
"FA20CB7A821113A4CB8FA1E38E303D3B"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED]
"FA20CB7A821113A4CB8FA1E38E303D3B"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401]
"FA20CB7A821113A4CB8FA1E38E303D3B"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058]
"FA20CB7A821113A4CB8FA1E38E303D3B"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267]
"FA20CB7A821113A4CB8FA1E38E303D3B"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7]
"FA20CB7A821113A4CB8FA1E38E303D3B"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6]
"FA20CB7A821113A4CB8FA1E38E303D3B"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D]
"FA20CB7A821113A4CB8FA1E38E303D3B"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A\InstallProperties]
"Contact"="SweetIM Technical Support Department"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A\InstallProperties]
"HelpLink"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A\InstallProperties]
"InstallLocation"="C:\Program Files\SweetIM\Messenger\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A\InstallProperties]
"Publisher"="SweetIM Technologies Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A\InstallProperties]
"URLInfoAbout"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A\InstallProperties]
"URLUpdateInfo"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A\InstallProperties]
"DisplayName"="SweetIM for Messenger 3.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B\InstallProperties]
"Contact"="SweetIM Technical Support Department"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B\InstallProperties]
"HelpLink"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B\InstallProperties]
"InstallLocation"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B\InstallProperties]
"Publisher"="SweetIM Technologies Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B\InstallProperties]
"URLInfoAbout"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B\InstallProperties]
"URLUpdateInfo"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B\InstallProperties]
"DisplayName"="SweetIM Toolbar for Internet Explorer 4.2"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="sweetim.com"

Searching for "orbitdownloader"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit]
@="res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit]
@="res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit]
@="res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit]
@="res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}\InprocServer32]
@="C:\Program Files\Orbitdownloader\orbitmxt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}\InprocServer32]
@="C:\Program Files\Orbitdownloader\orbitcth.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}\1.0\0\win32]
@="C:\Program Files\Orbitdownloader\orbitmxt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}\1.0\HELPDIR]
@="C:\Program Files\Orbitdownloader\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}\1.0\0\win32]
@="C:\Program Files\Orbitdownloader\orbitcth.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}\1.0\HELPDIR]
@="C:\Program Files\Orbitdownloader\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{2BDB5D05-9A0B-4256-80AF-A920F8C01AE1}}]
"AppPath"="C:\Program Files\Orbitdownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}]
"AppPath"="C:\Program Files\Orbitdownloader\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1]
"Inno Setup: App Path"="C:\Program Files\Orbitdownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1]
"InstallLocation"="C:\Program Files\Orbitdownloader\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1]
"DisplayIcon"="C:\Program Files\Orbitdownloader\orbitdm.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1]
"UninstallString"=""C:\Program Files\Orbitdownloader\unins000.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1]
"QuietUninstallString"=""C:\Program Files\Orbitdownloader\unins000.exe" /SILENT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1]
"Publisher"="www.orbitdownloader.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1]
"URLInfoAbout"="hxxp://www.orbitdownloader.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1]
"HelpLink"="hxxp://www.orbitdownloader.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1]
"URLUpdateInfo"="hxxp://www.orbitdownloader.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Orbit]
"path"="C:\Program Files\Orbitdownloader\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{2E106A86-D30F-4FB7-A840-C65BAAAA5913}C:\program files\orbitdownloader\orbitnet.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{E770D10A-A8E6-482D-93B6-3D3B63646B0B}C:\program files\orbitdownloader\orbitnet.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{2E106A86-D30F-4FB7-A840-C65BAAAA5913}C:\program files\orbitdownloader\orbitnet.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{E770D10A-A8E6-482D-93B6-3D3B63646B0B}C:\program files\orbitdownloader\orbitnet.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{2E106A86-D30F-4FB7-A840-C65BAAAA5913}C:\program files\orbitdownloader\orbitnet.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{E770D10A-A8E6-482D-93B6-3D3B63646B0B}C:\program files\orbitdownloader\orbitnet.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit]
@="res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit]
@="res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit]
@="res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203"
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit]
@="res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202"

-= EOF =-

MonsterMarketplace.com ist nicht mehr im Browser. Rechner läuft gut.

M-K-D-B · 16.10.2013, 18:09

Servus,

wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CHR Extension: (Plus-HD-3.8) - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0
Reg: reg delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes" /v DoNotAskAgain /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{2BDB5D05-9A0B-4256-80AF-A920F8C01AE1}}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Orbit" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v TCP Query User{2E106A86-D30F-4FB7-A840-C65BAAAA5913}C:\program files\orbitdownloader\orbitnet.exe /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v UDP Query User{E770D10A-A8E6-482D-93B6-3D3B63646B0B}C:\program files\orbitdownloader\orbitnet.exe /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v C:\Program Files\Orbitdownloader\orbitdm.exe /f
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

M-K-D-B · 16.10.2013, 18:17

Servus,

habe meinen letzten Post soeben geändert (MBAM durch ESET ersetzt), bitte beachten.

Malwarenervt · 16.10.2013, 18:17

Bei Schritt zwei ist nicht ESET. Stimmt das?

M-K-D-B · 16.10.2013, 18:24

Zitat:

Zitat von Malwarenervt

Bei Schritt zwei ist nicht ESET. Stimmt das?

Hab meinen Post nochmal geändert, bitte nochmal lesen.

Schritt 2 ist jetzt ESET, nicht MBAM.

Vielen dank!

Malwarenervt · 17.10.2013, 09:02

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by PBG at 2013-10-16 21:37:29 Run:1
Running from C:\Users\PBG\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CHR Extension: (Plus-HD-3.8) - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0
Reg: reg delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes" /v DoNotAskAgain /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{2BDB5D05-9A0B-4256-80AF-A920F8C01AE1}}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Orbit" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v TCP Query User{2E106A86-D30F-4FB7-A840-C65BAAAA5913}C:\program files\orbitdownloader\orbitnet.exe /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v UDP Query User{E770D10A-A8E6-482D-93B6-3D3B63646B0B}C:\program files\orbitdownloader\orbitnet.exe /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v C:\Program Files\Orbitdownloader\orbitdm.exe /f
end
         
*****************

C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh directory not found.

========= reg delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HD-3.8" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes" /v DoNotAskAgain /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{2BDB5D05-9A0B-4256-80AF-A920F8C01AE1}}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Orbit" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v TCP Query User{2E106A86-D30F-4FB7-A840-C65BAAAA5913}C:\program files\orbitdownloader\orbitnet.exe /f =========

FEHLER: Ungltige Syntax.
Geben Sie "REG DELETE /?" ein, um die Syntax anzuzeigen.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v UDP Query User{E770D10A-A8E6-482D-93B6-3D3B63646B0B}C:\program files\orbitdownloader\orbitnet.exe /f =========

FEHLER: Ungltige Syntax.
Geben Sie "REG DELETE /?" ein, um die Syntax anzuzeigen.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v C:\Program Files\Orbitdownloader\orbitdm.exe /f =========

FEHLER: Ungltige Syntax.
Geben Sie "REG DELETE /?" ein, um die Syntax anzuzeigen.


========= End of Reg: =========


==== End of Fixlog ====

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4373c10867364a4dadc15f32413cd5d8
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-01 10:16:29
# local_time=2012-04-02 12:16:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 10470333 10470333 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 18167429 84943564 0 0
# compatibility_mode=8192 67108863 100 0 210 210 0 0
# scanned=219768
# found=3
# cleaned=0
# scan_time=6217
C:\Program Files\FoxTabAudioConverter\AudioConverter.exe	a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\PBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98A6KPH0\Testbundle23w_1254[1].exe	Win32/InstallMonetizer application (unable to clean)	00000000000000000000000000000000	I
C:\Users\PBG\Documents\SoftonicDownloader_fuer_samsung-kies.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4373c10867364a4dadc15f32413cd5d8
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-07 06:51:09
# local_time=2012-05-07 08:51:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 13574629 13574629 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 21271725 88047860 0 0
# compatibility_mode=8192 67108863 100 0 3104506 3104506 0 0
# scanned=8
# found=0
# cleaned=0
# scan_time=1
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4373c10867364a4dadc15f32413cd5d8
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-18 10:31:02
# local_time=2012-09-19 12:31:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 25151682 25151682 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 32848778 99624913 0 0
# compatibility_mode=8192 67108863 100 0 14681559 14681559 0 0
# scanned=233437
# found=8
# cleaned=0
# scan_time=13741
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll	Variante von Win32/Toolbar.Babylon Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll	Win32/Toolbar.Babylon Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe	möglicherweise Variante von Win32/Toolbar.Babylon Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll	Win32/Toolbar.Babylon Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll	Win32/Toolbar.Babylon Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Program Files\FoxTabAudioConverter\AudioConverter.exe	Variante von Win32/InstallCore.A Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Users\PBG\AppData\Local\temp\jar_cache776864069531572654.tmp	Java/Exploit.CVE-2012-4681.D Trojaner (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Users\PBG\AppData\Local\temp\jar_cache8619334840189593533.tmp	Java/Exploit.CVE-2012-4681.D Trojaner (Säubern nicht möglich)	00000000000000000000000000000000	I
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4373c10867364a4dadc15f32413cd5d8
# engine=14163
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-26 08:36:26
# local_time=2013-06-26 10:36:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 83 1 49433516 49433516 0 0
# compatibility_mode=1799 16775165 100 100 21910971 237698676 21894286 0
# compatibility_mode=5893 16776574 100 94 57134042 123910177 0 0
# scanned=189215
# found=0
# cleaned=0
# scan_time=17686
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4373c10867364a4dadc15f32413cd5d8
# engine=14206
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-30 07:02:32
# local_time=2013-06-30 09:02:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 83 1 49730282 49730282 0 0
# compatibility_mode=1799 16775165 100 100 22207737 237995442 22191052 0
# compatibility_mode=5893 16776574 100 94 57430808 124206943 0 0
# scanned=289344
# found=3
# cleaned=0
# scan_time=34496
sh=B0E4BC410F863D3B90071E5A9767F0E5353B0367 ft=1 fh=5ea18946fb786f82 vn="Win32/Toolbar.Conduit application" ac=I fn="C:\jdownloader\JDownloader 2\toolbar.exe"
sh=B2269FA0B647CD6BF8D8DB7F77164B650538C64E ft=1 fh=77b1fec83281cfec vn="a variant of Win32/InstallCore.A application" ac=I fn="C:\Program Files\FoxTabAudioConverter\AudioConverter.exe"
sh=A93B38CBB96D58B5CB992087EF19170D3DE63F26 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\PBG-PC\Backup Set 2011-12-12 171044\Backup Files 2011-12-12 171044\Backup files 1.zip"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4373c10867364a4dadc15f32413cd5d8
# engine=15512
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-17 04:12:33
# local_time=2013-10-17 06:12:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 83 1 59141283 59141283 0 0
# compatibility_mode=1799 16775165 100 100 31615138 247402843 31598453 0
# compatibility_mode=5893 16776574 100 94 66838209 133614344 0 0
# scanned=502143
# found=5
# cleaned=0
# scan_time=29900
sh=A3FDBF4198515647A1BAB27E61A97B2F93E6CF74 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\PBG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\39643396-12fa00ec"
sh=FB2B64D4A80369F4F2A7BEB7C08F1EEEEA3B328D ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\PBG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\156b685b-2531a227-temp"
sh=61821F6EA3C876A5CF49C526C802144B16AE6267 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\PBG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\156b685b-40299156"
sh=3BA67DF6BFF810ADC57BE9B09E4BCDB83BFD0304 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\PBG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d2e1b-21e8af24"
sh=3BA67DF6BFF810ADC57BE9B09E4BCDB83BFD0304 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\PBG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d2e1b-54ddc310"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 22  
 Java 7 Update 25  
 Java version out of Date! 
 Adobe Flash Player 	11.9.900.117  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (24.0) 
 Mozilla Thunderbird (17.0.8) 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Avira ist schon ewig nicht mehr aktualisiert. Wollte es mal deinstallieren, ging nicht. Bin eher für Avast, was meinst du?

M-K-D-B · 17.10.2013, 16:38

Servus,

Zitat:

Zitat von Malwarenervt

Avira ist schon ewig nicht mehr aktualisiert. Wollte es mal deinstallieren, ging nicht. Bin eher für Avast, was meinst du?

Avast ist ok, ich empfehle Avira wegen der Ask Toolbar sowieso nicht mehr

Lesestoff:
Warum wir Avira nicht mehr empfehlen
Avira liefert seit einiger Zeit mit der Standardinstallation die Ask Toolbar mit aus. Diese Toolbar ist Voraussetzung dafür, dass der Webguard zuverlässig funktioniert. Die Ask Toolbar ist dafür bekannt, dass sie das Surfverhalten des Benutzers ausspioniert, um damit in letzter Konsequenz Geld zu verdienen. Daher wird von uns auf diesem Board als "schädlich" eingestuft. Mehr Informationen.

Eine Sicherheitsfirma, die dem Benutzer praktisch ungefragt schädliche Software "unterjubelt", scheidet für uns daher aus. Wir empfehlen daher allen Nutzern von Avira aufgrund dieser Geschäftspraktik, der teilweise äußerst schlechten Erkennungsrate und der überaus nervtötenden Werbung Avira zu deinstallieren und auf ein alternatives Produkt auszuweichen.

Solltest du dich zu einem Wechsel entscheiden, empfehlen wir dir nach der Deinstallation mit dem Avira-Cleaner alle Reste zu entfernen.

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier:
Java Download (32 bit)
Java Download (64 bit)
Speichere die Datei auf deinem Desktop.
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die Datei. Diese wird die neueste Java Version ( Java 7 Update 40 ) installieren.
Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

schneller Plugin-Test: PluginCheck

Schritt 2
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.

Schritt 3

Klicke auf > Hilfe > Über Firefox
Warte bis das Update geladen ist, klicke auf Update installieren und lasse Firefox neu starten.
Prüfe bitte, ob weitere Updates vorliegen oder ob Firefox aktuell ist.
Klicke nun auf > Add-ons > > Auf Updates überprüfen
Nach einem weiteren Neustart von Firefox sollte alles aktuell sein.

Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen:

Schritt 4
Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 5
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
WOT (Web of trust)
Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Malwarenervt · 17.10.2013, 20:36

Suchte gerade etwas auf google, als gleich ein Werbebanner da war, "ausgerüstet von web1Enhance", was nun?

16.10.2013, 18:17	#10
M-K-D-B /// TB-Ausbilder	MonsterMarketplace.com in Browser Servus, habe meinen letzten Post soeben geändert (MBAM durch ESET ersetzt), bitte beachten.

MonsterMarketplace.com in Browser

Plagegeister aller Art und deren Bekämpfung: MonsterMarketplace.com in Browser