Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
MonsterMarketplace.com in Browser

MonsterMarketplace.com in Browser


Plagegeister aller Art und deren Bekämpfung: MonsterMarketplace.com in Browser

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.10.2013, 16:00   #1
Malwarenervt
 
MonsterMarketplace.com in Browser - Standard

MonsterMarketplace.com in Browser


Hallo,

bitte um Anleitung um MonsterMarketplace.com Suche in Browserinhalt zu entfernen.
Danke.

Alt 15.10.2013, 16:45   #2
M-K-D-B
/// TB-Ausbilder
 
MonsterMarketplace.com in Browser - Standard

MonsterMarketplace.com in Browser





Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Alt 15.10.2013, 17:42   #3
Malwarenervt
 
MonsterMarketplace.com in Browser - Standard

MonsterMarketplace.com in Browser



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by PBG (administrator) on PBG-PC on 15-10-2013 18:31:07
Running from C:\Users\PBG\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Windows Net) C:\Users\PBG\AppData\Roaming\Windows Net Data\net.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
(Spotify Ltd) C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-12-12] (TrueCrypt Foundation)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKCU\...\Run: [Spotify] - C:\Users\PBG\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-15] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gajim.lnk
ShortcutTarget: Gajim.lnk -> C:\Program Files\Gajim\bin\gajim.exe (Gajim Development Team)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\PBG\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE69F21F97EC1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {33FBE12B-0BE0-43B9-839C-DDA2D14D25AF} URL = hxxp://www.google.de
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files\Browser Guard\browserguard.dll (Browser Guard)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CB44DBC-6166-496D-B83D-F8183DC7BE4B}: [NameServer]10.74.83.22 193.254.160.1

FireFox:
========
FF ProfilePath: C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF Homepage: https://www.google.de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1%20%26%26%20url.indexOf('.png')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: QuickFox Notes - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\amin.eft_bmnotes@gmail.com
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
FF Extension: pricealarm - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\netvideohunter@netvideohunter.com
FF Extension: Zotero - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\zotero@chnm.gmu.edu
FF Extension: Flashblock - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: DownloadHelper - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Flash and Video Download - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF Extension: Block site - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF Extension: Bitdefender QuickScan - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Evernote Web Clipper - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF Extension: artur.dubovoy - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: bookmarkdeduplicator - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\bookmarkdeduplicator@foxhatdev.xpi
FF Extension: ck - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\ck@everygain.com.xpi
FF Extension: hidecaptionplus-dp - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF Extension: readable - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\readable@evernote.com.xpi
FF Extension: scrapbookplus - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\scrapbookplus@addons.mozilla.org.xpi
FF Extension: sortplaces - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\sortplaces@andyhalford.com.xpi
FF Extension: tab-width - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\tab-width@design-noir.de.xpi
FF Extension: testpilot - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: translator - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files\Browser Guard\browserguard.xpi
FF Extension: No Name - C:\Program Files\Browser Guard\browserguard.xpi

Chrome: 
=======
CHR HomePage: hxxp://home.sweetim.com/?barid={E4E22DDE-2F80-11E3-BC78-C2E8D5860328}
CHR Extension: () - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (FlashControl) - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.3.14_0
CHR Extension: (Plus-HD-3.8) - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx
CHR StartMenuInternet: Google Chrome - C:\Users\PBG\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-07] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)
R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-14] (DT Soft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
R3 samsung_hspa_datacard_cdc_acm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [68608 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_cdc_ecm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [81920 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_dc_enum; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [62464 2010-01-15] (Samsung)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\PBG\AppData\Local\Temp\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-15 18:30 - 2013-10-15 18:30 - 00000000 ____D C:\FRST
2013-10-15 18:29 - 2013-10-15 18:29 - 01087213 _____ (Farbar) C:\Users\PBG\Desktop\FRST.exe
2013-10-15 00:24 - 2013-10-15 00:24 - 00002090 _____ C:\Users\PBG\.recently-used.xbel
2013-10-07 21:25 - 2013-10-07 21:26 - 00000000 ____D C:\Program Files\Tracker Software
2013-10-07 20:50 - 2013-10-07 20:51 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Local\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\ProgramData\PDFEditor
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-10-07 20:50 - 2013-09-02 19:09 - 00082896 _____ (Wondershare Software) C:\windows\system32\WSMonEditor.dll
2013-10-07 20:49 - 2013-10-07 20:49 - 00000000 ____D C:\Program Files\Wondershare
2013-10-07 20:47 - 2013-10-11 15:02 - 00000000 ____D C:\Program Files\SweetIM
2013-10-07 20:47 - 2013-10-07 20:47 - 00000000 ____D C:\ProgramData\SweetIM
2013-10-07 20:43 - 2013-10-07 21:13 - 00000000 ____D C:\Program Files\Pdf Editor
2013-10-07 20:42 - 2013-10-07 21:13 - 00723294 _____ C:\windows\unins000.exe
2013-10-07 20:42 - 2013-10-07 21:13 - 00680608 _____ C:\windows\unins000.dat
2013-10-07 20:41 - 2013-10-07 20:41 - 00000000 ____D C:\Program Files\AVI to MP4 Converter
2013-10-07 20:30 - 2013-10-07 20:30 - 00000000 ____D C:\Users\PBG\AppData\Local\PDF24
2013-10-07 20:21 - 2013-10-07 20:24 - 00000000 ____D C:\Program Files\PDF24
2013-10-07 19:48 - 2013-10-07 19:48 - 00010464 _____ C:\windows\system32\sx_p2d.tlb
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\soft Xpansion
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Covus Freemium
2013-10-07 19:46 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-07 19:46 - 2013-10-07 19:46 - 00000000 ____D C:\Program Files\Browser Guard
2013-10-07 19:44 - 2013-10-11 10:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Windows Net Data
2013-10-07 19:39 - 2013-10-07 19:39 - 00000000 ____D C:\Users\PBG\AppData\Local\DownloadGuide
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Lunascape
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Program Files\Lunascape
2013-09-23 22:14 - 2013-09-23 22:14 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2013-09-23 22:13 - 2013-09-23 22:13 - 00000000 ____D C:\Users\PBG\AppData\Local\MapleStudio
2013-09-19 02:04 - 2013-09-19 02:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 08:35 - 2013-10-11 17:59 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Gajim
2013-09-17 08:34 - 2013-09-17 08:34 - 00001011 _____ C:\Users\PBG\Desktop\Gajim.lnk
2013-09-17 08:34 - 2013-09-17 08:34 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gajim
2013-09-17 08:33 - 2013-09-17 08:34 - 00000000 ____D C:\Program Files\Gajim

==================== One Month Modified Files and Folders =======

2013-10-15 18:30 - 2013-10-15 18:30 - 00000000 ____D C:\FRST
2013-10-15 18:29 - 2013-10-15 18:29 - 01087213 _____ (Farbar) C:\Users\PBG\Desktop\FRST.exe
2013-10-15 18:29 - 2011-12-10 23:01 - 00000000 ____D C:\Users\PBG\Desktop\Ablage
2013-10-15 18:28 - 2010-03-30 01:13 - 02093075 _____ C:\windows\WindowsUpdate.log
2013-10-15 18:08 - 2012-12-17 23:57 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 17:44 - 2011-12-02 18:00 - 00000079 _____ C:\Users\PBG\Documents\Powers.log
2013-10-15 16:59 - 2013-07-24 18:21 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Spotify
2013-10-15 11:42 - 2011-12-21 19:42 - 00000000 ____D C:\Users\PBG\AppData\Roaming\vlc
2013-10-15 10:39 - 2009-07-14 06:39 - 00153880 _____ C:\windows\setupact.log
2013-10-15 00:36 - 2012-02-09 13:40 - 00000000 ____D C:\Users\PBG\.gimp-2.6
2013-10-15 00:24 - 2013-10-15 00:24 - 00002090 _____ C:\Users\PBG\.recently-used.xbel
2013-10-15 00:24 - 2012-02-09 13:45 - 00000000 ____D C:\Users\PBG\AppData\Roaming\gtk-2.0
2013-10-15 00:24 - 2010-07-14 14:01 - 00000000 ____D C:\Users\PBG
2013-10-12 16:09 - 2009-07-26 22:06 - 01514382 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-12 09:39 - 2011-12-21 19:49 - 00000000 ____D C:\Program Files\No23 Recorder
2013-10-11 18:56 - 2012-08-07 15:54 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Orbit
2013-10-11 17:59 - 2013-09-17 08:35 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Gajim
2013-10-11 15:13 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-11 15:13 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-11 15:05 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-11 15:04 - 2010-04-03 07:54 - 00234420 _____ C:\windows\PFRO.log
2013-10-11 15:04 - 2009-07-14 04:37 - 00000000 ____D C:\windows\schemas
2013-10-11 15:02 - 2013-10-07 20:47 - 00000000 ____D C:\Program Files\SweetIM
2013-10-11 10:52 - 2013-10-07 19:44 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Windows Net Data
2013-10-09 23:08 - 2012-04-17 23:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-10-09 23:08 - 2011-05-23 21:03 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 20:39 - 2012-10-28 13:46 - 00000000 ____D C:\Users\PBG\Desktop\Dokumente
2013-10-07 21:26 - 2013-10-07 21:25 - 00000000 ____D C:\Program Files\Tracker Software
2013-10-07 21:22 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-07 21:13 - 2013-10-07 20:43 - 00000000 ____D C:\Program Files\Pdf Editor
2013-10-07 21:13 - 2013-10-07 20:42 - 00723294 _____ C:\windows\unins000.exe
2013-10-07 21:13 - 2013-10-07 20:42 - 00680608 _____ C:\windows\unins000.dat
2013-10-07 20:51 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Local\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\ProgramData\PDFEditor
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-10-07 20:49 - 2013-10-07 20:49 - 00000000 ____D C:\Program Files\Wondershare
2013-10-07 20:47 - 2013-10-07 20:47 - 00000000 ____D C:\ProgramData\SweetIM
2013-10-07 20:41 - 2013-10-07 20:41 - 00000000 ____D C:\Program Files\AVI to MP4 Converter
2013-10-07 20:30 - 2013-10-07 20:30 - 00000000 ____D C:\Users\PBG\AppData\Local\PDF24
2013-10-07 20:24 - 2013-10-07 20:21 - 00000000 ____D C:\Program Files\PDF24
2013-10-07 20:00 - 2013-07-24 18:21 - 00000000 ____D C:\Users\PBG\AppData\Local\Spotify
2013-10-07 19:48 - 2013-10-07 19:48 - 00010464 _____ C:\windows\system32\sx_p2d.tlb
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\soft Xpansion
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Covus Freemium
2013-10-07 19:47 - 2013-10-07 19:46 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-07 19:46 - 2013-10-07 19:46 - 00000000 ____D C:\Program Files\Browser Guard
2013-10-07 19:39 - 2013-10-07 19:39 - 00000000 ____D C:\Users\PBG\AppData\Local\DownloadGuide
2013-10-06 18:33 - 2012-03-03 02:28 - 00008704 _____ C:\Users\PBG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-03 19:49 - 2012-05-06 10:35 - 00000000 ____D C:\Users\PBG\Desktop\House
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Lunascape
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Program Files\Lunascape
2013-10-01 20:28 - 2012-05-01 18:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-26 15:49 - 2012-02-03 20:16 - 00000000 ____D C:\Users\PBG\AppData\Local\Mozilla
2013-09-23 22:14 - 2013-09-23 22:14 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2013-09-23 22:13 - 2013-09-23 22:13 - 00000000 ____D C:\Users\PBG\AppData\Local\MapleStudio
2013-09-19 02:04 - 2013-09-19 02:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 08:34 - 2013-09-17 08:34 - 00001011 _____ C:\Users\PBG\Desktop\Gajim.lnk
2013-09-17 08:34 - 2013-09-17 08:34 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gajim
2013-09-17 08:34 - 2013-09-17 08:33 - 00000000 ____D C:\Program Files\Gajim

Some content of TEMP:
====================
C:\Users\PBG\AppData\Local\temp\k7mzy7um.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 14:21

==================== End Of Log ============================
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by PBG at 2013-10-15 18:35:33
Running from C:\Users\PBG\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9.5.4 - Deutsch (Version: 9.5.4)
Atheros Client Installation Program (Version: 1.0.1.0805)
Audacity 2.0
Aurora 15.0a2 (x86 en-US) (Version: 15.0a2)
Avira Free Antivirus (Version: 12.0.0.1199)
BatteryLifeExtender (Version: 1.0.1)
Browser Guard
Canon MP640 series MP Drivers
ChargeableUSB (Version: 1.0.0.0)
Combined Community Codec Pack 2012-12-30 (Version: 2012.12.30.0)
CoolNovo (HKCU Version: 2.0.9.20)
DAEMON Tools Lite (Version: 4.46.1.0327)
Easy Display Manager (Version: 3.1)
Easy Resolution Manager (Version: 1.0.0)
Easy SpeedUp Manager (Version: 3.0.0.5)
EasyBatteryManager (Version: 4.0.0.3)
Eraser 6.0.10.2620 (Version: 6.0.2620)
ESET Online Scanner v3
Free Pdf Perfect Prereq (Version: 1.0.0.0)
Free Studio version 5.3.5 (Version: 5.3.5)
Free YouTube to MP3 Converter version 3.12.1.320 (Version: 3.12.1.320)
Freemium Free PDF Perfect (Version: 1.0)
FxPro cTrader (HKCU Version: 1.0.187.14853)
Gajim (Version: 0.15.4)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Talk Plugin (Version: 4.0.3.13724)
GoToMeeting 5.4.0.1083 (HKCU Version: 5.4.0.1083)
GSpot Codec Information Appliance
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Matrix Storage Manager
Internet Explorer (Version: 8)
IrfanView (remove only) (Version: 4.27)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 22 (Version: 6.0.220)
JDownloader 0.9 (Version: 0.9)
JDownloader 2 (Version: 2)
Kill-ID 1.2.4.0 für Chrome (Version: 1.2.5.0)
LAME v3.99.3 (for Windows)
Live Usb Helper 0.0.8 (Version: 0.0.8)
Lunascape6 (All Users) (Version: 6.8.8.26908)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Marvell Miniport Driver (Version: 11.22.3.3)
Maxthon 3 (Version: )
MetaTrader - Alpari UK (Version: 4.00)
MetaTrader 5 - Alpari (Version: 5.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MiPony 2.0.5 (Version: 2.0.5)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
Mp3tag v2.51 (Version: v2.51)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
No23 Recorder (Version: 2.1.0.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 12.02 (Version: 12.02.1578)
Orbit Downloader
PC Inspector File Recovery (Version: 4.0)
Pdf Editor
PDF24 Creator 5.7.0
PDF-Viewer (Version: 2.5.211.0)
Personal Backup 5.3 (Version: 5.3)
Photo Notifier and Animation Creator (Version: 1.0.0.1009)
Realtek High Definition Audio Driver (Version: 6.0.1.6003)
REALTEK Wireless LAN Software (Version: 1.01.0088)
Recuva (Version: 1.41)
Samsung HSPA DataCard 4.3.29.7814 (Version: 4.3.29.7814)
Samsung Mobile phone USB driver Drive Software
Samsung PC Studio 3 (Version: 3.0.0.80502)
Samsung PC Studio 3 (Version: 3.2.2.80502)
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center (Version: 1.0.21)
Samsung Update Plus (Version: 2.0)
Security Task Manager 1.8d (Version: 1.8d)
Skype™ 6.3 (Version: 6.3.105)
Smart Data Recovery v4.4 (Version: 4.4)
Software Informer 1.2 RC
Spotify (HKCU Version: 0.9.4.185.g7545a404)
StreamTransport version: 1.0.2.2171
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (Version: v2011.build.49)
SUPERAntiSpyware (Version: 5.0.1148)
SweetIM for Messenger 3.6 (Version: 3.6.0002)
SweetIM Toolbar for Internet Explorer 4.2 (Version: 4.2.0004)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
TreeSize Free V2.6 (Version: 2.6)
TrueCrypt (Version: 7.1)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
VLC media player 2.0.1 (Version: 2.0.1)
Web Stream Recorder (Version: 2012)
WIDCOMM Bluetooth Software (Version: 6.2.1.800)
WinCDEmu (Version: 3.6)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Utils
WinRAR 4.01 (32-Bit) (Version: 4.01.0)
WinZip 15.0 (Version: 15.0.9411)
Wondershare PDF Editor(Build 3.2.1) (Version: 3.2.1.4)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2012-05-07 22:33 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {007CDB13-9A85-4C91-9D9C-46B0323475C5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {07054065-D5E7-43A1-980B-029B5E0A1E6E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {170A8CC5-0D5A-40FA-A939-88987135FB59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23] (Google Inc.)
Task: {2040EE57-16FB-4B7D-BE4C-A52C582B6CFA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {2FB03B01-9A50-432D-B2F6-A6ABF3CE72D6} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {35B53D74-7BD0-415F-8788-228A07E1798D} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {3858A9F6-E3E9-4E1F-A053-4C7247FC5E27} - System32\Tasks\{1F4A8F47-3B7B-4820-974E-10DEFB463717} => C:\Program Files\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {4B135B37-96FB-4315-B22F-E2306D9C2033} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {5867E881-21CB-46DE-8849-D8D46C1F1671} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {61D93823-470D-4A98-ABAF-181F276A233A} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {7A4B8E2C-7DF7-4320-AAFA-CE940C32ABF9} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {B817FC75-95FE-474D-BFD7-40D7C916B103} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23] (Google Inc.)
Task: {C5C921F7-6EA0-46C1-9D95-39C631431BBA} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {D7B15C67-888D-401F-9E30-5841FED2A709} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-12-21] (Samsung Electronics Co., Ltd.)
Task: {DA267BBB-D73E-49E1-8CFC-8D074AADF88E} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\mxup.exe [2013-03-28] (Maxthon International ltd.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core.job => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA.job => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-16 23:46 - 2011-05-28 23:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2010-03-29 09:44 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2012-01-03 23:52 - 2012-01-03 23:52 - 07581696 _____ () c:\program files\adobe\reader 9.0\reader\rdlang32.deu
2009-02-27 17:40 - 2009-02-27 17:40 - 01712128 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
2009-02-27 13:52 - 2009-02-27 13:52 - 00258048 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
2009-10-03 02:45 - 2009-10-03 02:45 - 00012288 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU
2009-10-03 02:48 - 2009-10-03 02:48 - 00106496 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU
2013-09-19 02:04 - 2013-09-19 02:04 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-09 23:08 - 2013-10-09 23:08 - 16233864 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2013 08:16:31 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 24.0.0.5001 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1f60

Startzeit: 01cec851d88b933d

Endzeit: 1078

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: b6a5d9fc-34fc-11e3-85d3-d1f3a87f0337

Error: (10/13/2013 00:48:11 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd29f
Name des fehlerhaften Moduls: xul.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fd1a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b72a8
ID des fehlerhaften Prozesses: 0x1728
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (10/12/2013 05:20:59 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16618 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13e8

Startzeit: 01cec75dba953886

Endzeit: 100

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (10/11/2013 06:56:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: orbitdm.exe, Version: 4.1.1.1, Zeitstempel: 0x4ffd4d51
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059da1
ID des fehlerhaften Prozesses: 0x880
Startzeit der fehlerhaften Anwendung: 0xorbitdm.exe0
Pfad der fehlerhaften Anwendung: orbitdm.exe1
Pfad des fehlerhaften Moduls: orbitdm.exe2
Berichtskennung: orbitdm.exe3

Error: (10/11/2013 06:12:52 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16618 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 554

Startzeit: 01cec69c3402c7a4

Endzeit: 58

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (10/11/2013 02:30:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/11/2013 02:30:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/11/2013 02:28:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/11/2013 02:27:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/11/2013 02:25:46 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (10/13/2013 10:16:07 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.

Error: (10/12/2013 04:05:31 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (10/12/2013 04:05:30 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (10/12/2013 04:05:30 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (10/12/2013 04:05:29 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (10/12/2013 04:05:29 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (10/12/2013 04:04:17 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.

Error: (10/12/2013 04:04:16 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.

Error: (10/12/2013 04:04:16 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.

Error: (10/12/2013 04:04:15 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.


Microsoft Office Sessions:
=========================
Error: (10/14/2013 08:16:31 PM) (Source: Application Hang)(User: )
Description: firefox.exe24.0.0.50011f6001cec851d88b933d1078C:\Program Files\Mozilla Firefox\firefox.exeb6a5d9fc-34fc-11e3-85d3-d1f3a87f0337

Error: (10/13/2013 00:48:11 AM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001522fd29fxul.dll24.0.0.5001522fd1a4c0000005001b72a8172801cec78e2dca40eeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll5e2418f6-3390-11e3-85d3-d1f3a87f0337

Error: (10/12/2013 05:20:59 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1661813e801cec75dba953886100C:\Program Files\Internet Explorer\iexplore.exe

Error: (10/11/2013 06:56:22 PM) (Source: Application Error)(User: )
Description: orbitdm.exe4.1.1.14ffd4d51ntdll.dll6.1.7601.177254ec49b60c000000500059da188001cec6a2caecef38C:\Program Files\Orbitdownloader\orbitdm.exeC:\windows\SYSTEM32\ntdll.dll0e031d8b-3296-11e3-85d3-d1f3a87f0337

Error: (10/11/2013 06:12:52 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1661855401cec69c3402c7a458C:\Program Files\Internet Explorer\iexplore.exe

Error: (10/11/2013 02:30:45 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest

Error: (10/11/2013 02:30:41 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe

Error: (10/11/2013 02:28:22 PM) (Source: SideBySide)(User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files\windows live\messenger\wlcsdk.exe

Error: (10/11/2013 02:27:55 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\WinCDEmu\vmnt64.exe

Error: (10/11/2013 02:25:46 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\metatrader 5 - alpari\metatester64.exe


==================== Memory info =========================== 

Percentage of memory in use: 73%
Total physical RAM: 2037.27 MB
Available physical RAM: 533.59 MB
Total Pagefile: 4074.54 MB
Available Pagefile: 2035.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:1.22 GB) NTFS
Drive d: () (Fixed) (Total:159.19 GB) (Free:11.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: ECF7FF98)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=159 GB) - (Type=07 NTFS)

==================== End Of Log ============================
__________________
Alt 15.10.2013, 18:16   #4
M-K-D-B
/// TB-Ausbilder
 
MonsterMarketplace.com in Browser - Standard

MonsterMarketplace.com in Browser


Servus,



da haste dir ja jede Menge eingefangen.


Dann wollen wir mal beginnen...



Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM.
Alt 16.10.2013, 16:28   #5
Malwarenervt
 
MonsterMarketplace.com in Browser - Standard

MonsterMarketplace.com in Browser


Code:
ATTFilter
ComboFix 13-10-15.02 - PBG 16.10.2013  13:16:39.2.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.2037.1329 [GMT 2:00]
ausgeführt von:: c:\users\PBG\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-16 bis 2013-10-16  ))))))))))))))))))))))))))))))
.
.
2013-10-16 11:33 . 2013-10-16 11:33	--------	d-----w-	c:\users\PBG\AppData\Local\temp
2013-10-16 11:33 . 2013-10-16 11:33	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-10-16 11:33 . 2013-10-16 11:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-15 16:30 . 2013-10-15 16:30	--------	d-----w-	C:\FRST
2013-10-07 19:25 . 2013-10-07 19:26	--------	d-----w-	c:\program files\Tracker Software
2013-10-07 18:50 . 2013-09-02 17:09	82896	----a-w-	c:\windows\system32\WSMonEditor.dll
2013-10-07 18:50 . 2013-10-07 18:50	--------	d-----w-	c:\users\PBG\AppData\Local\Wondershare
2013-10-07 18:50 . 2013-10-07 18:50	--------	d-----w-	c:\program files\Common Files\Wondershare
2013-10-07 18:50 . 2013-10-07 18:50	--------	d-----w-	c:\programdata\PDFEditor
2013-10-07 18:50 . 2013-10-07 18:51	--------	d-----w-	c:\users\PBG\AppData\Roaming\Wondershare
2013-10-07 18:49 . 2013-10-07 18:49	--------	d-----w-	c:\program files\Wondershare
2013-10-07 18:47 . 2013-10-11 13:02	--------	d-----w-	c:\program files\SweetIM
2013-10-07 18:47 . 2013-10-07 18:47	--------	d-----w-	c:\programdata\SweetIM
2013-10-07 18:43 . 2013-10-07 19:13	--------	d-----w-	c:\program files\Pdf Editor
2013-10-07 18:42 . 2013-10-07 19:13	723294	----a-w-	c:\windows\unins000.exe
2013-10-07 18:41 . 2013-10-07 18:41	--------	d-----w-	c:\program files\AVI to MP4 Converter
2013-10-07 18:30 . 2013-10-07 18:30	--------	d-----w-	c:\users\PBG\AppData\Local\PDF24
2013-10-07 18:21 . 2013-10-07 18:24	--------	d-----w-	c:\program files\PDF24
2013-10-07 17:48 . 2013-10-07 17:48	--------	d-----w-	c:\program files\Common Files\soft Xpansion
2013-10-07 17:48 . 2013-10-07 17:48	286568	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\sx_p8_pro7_p.dll
2013-10-07 17:48 . 2013-10-07 17:48	--------	d-----w-	c:\program files\Common Files\Freemium
2013-10-07 17:47 . 2013-10-07 17:47	--------	d-----w-	c:\programdata\Freemium
2013-10-07 17:47 . 2013-10-07 17:47	--------	d-----w-	c:\program files\Freemium
2013-10-07 17:47 . 2013-10-07 17:47	--------	d-----w-	c:\program files\Covus Freemium
2013-10-07 17:46 . 2013-10-07 17:46	--------	d-----w-	c:\program files\Browser Guard
2013-10-07 17:46 . 2013-10-07 17:47	--------	d-----w-	c:\programdata\Package Cache
2013-10-07 17:44 . 2013-10-11 08:52	--------	d-----w-	c:\users\PBG\AppData\Roaming\Windows Net Data
2013-10-07 17:39 . 2013-10-07 17:39	--------	d-----w-	c:\users\PBG\AppData\Local\DownloadGuide
2013-10-01 18:52 . 2013-10-01 18:52	--------	d-----w-	c:\users\PBG\AppData\Roaming\Lunascape
2013-10-01 18:52 . 2013-10-01 18:52	--------	d-----w-	c:\program files\Lunascape
2013-09-23 20:13 . 2013-09-23 20:13	--------	d-----w-	c:\users\PBG\AppData\Local\MapleStudio
2013-09-17 06:35 . 2013-10-11 15:59	--------	d-----w-	c:\users\PBG\AppData\Roaming\Gajim
2013-09-17 06:33 . 2013-09-17 06:34	--------	d-----w-	c:\program files\Gajim
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 21:08 . 2012-04-17 21:18	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-10-09 21:08 . 2011-05-23 19:03	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-01-19 11:34 . 2011-01-19 11:34	3003392	----a-w-	c:\program files\openofficeorg33.msi
2006-05-03 11:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 12:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 14:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
2010-01-06 23:00	107520	--sha-r-	c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{02a0d829-4393-46fc-a37e-126263035883}]
2013-08-27 11:40	196096	----a-w-	c:\program files\Browser Guard\browserguard.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2011-12-12 1517520]
"Spotify"="c:\users\PBG\AppData\Roaming\Spotify\Spotify.exe" [2013-10-15 4752384]
"Spotify Web Helper"="c:\users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-15 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-14 8120864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-07-22 162856]
.
c:\users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Gajim.lnk - c:\program files\Gajim\bin\gajim.exe [2013-7-18 1015808]
net.lnk - c:\users\PBG\AppData\Roaming\Windows Net Data\net.exe [2013-10-7 709120]
Persbackup.lnk - c:\program files\Personal Backup 5\Persbackup.exe /auto [2012-6-4 4068864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-12-14 17:36	8120864	------w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"MobileConnect"=c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
.
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
R4 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-13 242240]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 117584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 samsung_hspa_datacard_cdc_acm;Samsung HSPA DataCard CDC-ACM driver;c:\windows\system32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [2010-01-15 68608]
S3 samsung_hspa_datacard_cdc_ecm;samsung_hspa_datacard_cdc_ecm;c:\windows\system32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [2010-01-15 81920]
S3 samsung_hspa_datacard_dc_enum;Samsung HSPA DataCard DC Enumerator;c:\windows\system32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [2010-01-15 62464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 21:08]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core.job
- c:\users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 09:50]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA.job
- c:\users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 09:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to MP3 Converter - c:\users\PBG\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Mit Mipony herunterladen - file://c:\program files\MiPony\Browser\IEContext.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6CB44DBC-6166-496D-B83D-F8183DC7BE4B}: NameServer = 10.74.83.22 193.254.160.1
FF - ProfilePath - c:\users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-08-27 13:37; {20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}; c:\program files\Browser Guard\browserguard.xpi
FF - ExtSQL: 2013-09-02 23:32; hidecaptionplus-dp@dummy.addons.mozilla.org; c:\users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi
FF - ExtSQL: 2013-09-02 23:41; {D9A7CBEC-DE1A-444f-A092-844461596C4D}; c:\users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF - ExtSQL: 2013-10-07 19:47; EFGLQA@78ETGYN-0W7FN789T87.COM; c:\users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Free Studio_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Samsung Mobile phone USB driver Drive - c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
AddRemove-Software Informer_is1 - c:\program files\Software Informer\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(10540)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
Zeit der Fertigstellung: 2013-10-16  15:48:32
ComboFix-quarantined-files.txt  2013-10-16 13:48
ComboFix2.txt  2012-05-07 20:39
.
Vor Suchlauf: 1.499.840.512 Bytes frei
Nach Suchlauf: 2.319.622.144 Bytes frei
.
- - End Of File - - C4B5E8EA714C9CEA4F34D0EB1AA16A98
DDC4773EEF68EF7FAC87CF9235395CAB
Code:
ATTFilter
# AdwCleaner v3.007 - Bericht erstellt am 16/10/2013 um 16:39:23
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzername : PBG - PBG-PC
# Gestartet von : C:\Users\PBG\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Users\PBG\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\PBG\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\jetpack
Datei Gelöscht : C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gelöscht : C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\searchplugins\SweetIm.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_samsung-kies_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_samsung-kies_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsFan
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16618

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.backgroundjs", "\n\n/*****************************************************************************[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/2a71b3b28494cf1854d333288ccc18ba_DE.value", "%22var%20cat_2a71b3b28494cf1854d3332[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/3518e1eac042730aa1274618984462b3_DE.value", "%22var%20cat_3518e1eac042730aa127461[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_DE.value", "%22var%20cat_d5baae4ef839769f8eb7e9f[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.js", "\n\n  /************************************************************************************\[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_13.name", "CrossriderAppUtils");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_14.name", "CrossriderUtils");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_78.name", "CrossriderInfo");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "141941604b8a5ca4eaf1e15ca012c315");
Zeile gelöscht : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta", 0);
Zeile gelöscht : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta_nomax", 0);
Zeile gelöscht : user_pref("integratedgmail-expanded-inbox", true);
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "SweetIM Search");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "SweetIM Search");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://home.sweetim.com");
Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

-\\ Google Chrome v

[ Datei : C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [17637 octets] - [16/10/2013 16:36:18]
AdwCleaner[S0].txt - [17550 octets] - [16/10/2013 16:39:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17611 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Starter x86
Ran by PBG on 16.10.2013 at 16:56:20,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-67750739-3866145124-1799724527-1003\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322902230}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366906630}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFanUpdater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFanUpdater_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\orbitdownloader"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
Successfully deleted the following from C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\prefs.js

user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/833447eaff04548ccb80787286a7cad9_DE.value", "%22var%20ca
user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta", 0);
user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta_nomax", 0);
Emptied folder: C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\minidumps [29 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.10.2013 at 17:03:01,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.16.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
PBG :: PBG-PC [Administrator]

16.10.2013 17:12:24
mbam-log-2013-10-16 (17-12-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206043
Laufzeit: 15 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alt 16.10.2013, 16:36   #6
M-K-D-B
/// TB-Ausbilder
 
MonsterMarketplace.com in Browser - Standard

MonsterMarketplace.com in Browser


Servus,



sieht gut aus.
Wir spüren die letzten Reste auf, damit wir sie später entfernen können:





Schritt 1
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.





Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
*Crossrider*
*LyricsFan*
*sweetim*
*orbitdownloader*

:folderfind
*Crossrider*
*LyricsFan*
*sweetim*
*orbitdownloader*

:regfind
Crossrider
LyricsFan
sweetim
orbitdownloader
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.








Gibt es noch Probleme mit MonsterMarketplace.com im Browser? Wenn ja, welche und in welchem Browser?
Wie läuft der Rechner derzeit?





Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von FRST,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Fragen.
Alt 16.10.2013, 17:50   #7
Malwarenervt
 
MonsterMarketplace.com in Browser - Standard

MonsterMarketplace.com in Browser



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by PBG (administrator) on PBG-PC on 16-10-2013 18:13:47
Running from C:\Users\PBG\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Spotify Ltd) C:\Users\PBG\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Gajim Development Team) C:\Program Files\Gajim\bin\gajim.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
() C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-12-12] (TrueCrypt Foundation)
HKCU\...\Run: [Spotify] - C:\Users\PBG\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-15] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gajim.lnk
ShortcutTarget: Gajim.lnk -> C:\Program Files\Gajim\bin\gajim.exe (Gajim Development Team)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE69F21F97EC1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {33FBE12B-0BE0-43B9-839C-DDA2D14D25AF} URL = hxxp://www.google.de
BHO: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files\Browser Guard\browserguard.dll (Browser Guard)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CB44DBC-6166-496D-B83D-F8183DC7BE4B}: [NameServer]10.74.83.22 193.254.160.1

FireFox:
========
FF ProfilePath: C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF Homepage: https://www.google.de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1%20%26%26%20url.indexOf('.png')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: QuickFox Notes - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\amin.eft_bmnotes@gmail.com
FF Extension: pricealarm - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\netvideohunter@netvideohunter.com
FF Extension: Zotero - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\zotero@chnm.gmu.edu
FF Extension: Flashblock - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: DownloadHelper - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Flash and Video Download - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF Extension: Block site - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF Extension: Bitdefender QuickScan - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Evernote Web Clipper - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF Extension: artur.dubovoy - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: bookmarkdeduplicator - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\bookmarkdeduplicator@foxhatdev.xpi
FF Extension: ck - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\ck@everygain.com.xpi
FF Extension: hidecaptionplus-dp - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF Extension: readable - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\readable@evernote.com.xpi
FF Extension: scrapbookplus - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\scrapbookplus@addons.mozilla.org.xpi
FF Extension: sortplaces - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\sortplaces@andyhalford.com.xpi
FF Extension: tab-width - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\tab-width@design-noir.de.xpi
FF Extension: testpilot - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: translator - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files\Browser Guard\browserguard.xpi
FF Extension: No Name - C:\Program Files\Browser Guard\browserguard.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: () - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (FlashControl) - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.3.14_0
CHR Extension: (Plus-HD-3.8) - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx
CHR StartMenuInternet: Google Chrome - C:\Users\PBG\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-07] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)
R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-14] (DT Soft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
R3 samsung_hspa_datacard_cdc_acm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [68608 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_cdc_ecm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [81920 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_dc_enum; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [62464 2010-01-15] (Samsung)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\PBG\AppData\Local\Temp\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-16 17:03 - 2013-10-16 17:03 - 00002838 _____ C:\Users\PBG\Desktop\JRT.txt
2013-10-16 16:55 - 2013-10-16 16:55 - 01033335 _____ (Thisisu) C:\Users\PBG\Desktop\JRT.exe
2013-10-16 16:48 - 2013-10-16 16:48 - 00017692 _____ C:\Users\PBG\Desktop\AdwCleaner[S0].txt
2013-10-16 16:36 - 2013-10-16 16:39 - 00000000 ____D C:\AdwCleaner
2013-10-16 16:35 - 2013-10-16 16:35 - 01048960 _____ C:\Users\PBG\Desktop\adwcleaner.exe
2013-10-16 15:48 - 2013-10-16 15:48 - 00015506 _____ C:\ComboFix.txt
2013-10-16 12:56 - 2013-10-16 12:56 - 05133109 ____R (Swearware) C:\Users\PBG\Desktop\ComboFix.exe
2013-10-15 18:35 - 2013-10-15 18:36 - 00022969 _____ C:\Users\PBG\Desktop\Addition.txt
2013-10-15 18:30 - 2013-10-15 18:30 - 00000000 ____D C:\FRST
2013-10-15 18:29 - 2013-10-15 18:29 - 01087213 _____ (Farbar) C:\Users\PBG\Desktop\FRST.exe
2013-10-15 00:24 - 2013-10-15 00:24 - 00002090 _____ C:\Users\PBG\.recently-used.xbel
2013-10-07 21:25 - 2013-10-07 21:26 - 00000000 ____D C:\Program Files\Tracker Software
2013-10-07 20:50 - 2013-10-07 20:51 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Local\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\ProgramData\PDFEditor
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-10-07 20:50 - 2013-09-02 19:09 - 00082896 _____ (Wondershare Software) C:\windows\system32\WSMonEditor.dll
2013-10-07 20:49 - 2013-10-07 20:49 - 00000000 ____D C:\Program Files\Wondershare
2013-10-07 20:43 - 2013-10-07 21:13 - 00000000 ____D C:\Program Files\Pdf Editor
2013-10-07 20:42 - 2013-10-07 21:13 - 00723294 _____ C:\windows\unins000.exe
2013-10-07 20:42 - 2013-10-07 21:13 - 00680608 _____ C:\windows\unins000.dat
2013-10-07 20:41 - 2013-10-07 20:41 - 00000000 ____D C:\Program Files\AVI to MP4 Converter
2013-10-07 20:30 - 2013-10-07 20:30 - 00000000 ____D C:\Users\PBG\AppData\Local\PDF24
2013-10-07 20:21 - 2013-10-07 20:24 - 00000000 ____D C:\Program Files\PDF24
2013-10-07 19:48 - 2013-10-07 19:48 - 00010464 _____ C:\windows\system32\sx_p2d.tlb
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\soft Xpansion
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Covus Freemium
2013-10-07 19:46 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-07 19:46 - 2013-10-07 19:46 - 00000000 ____D C:\Program Files\Browser Guard
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Lunascape
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Program Files\Lunascape
2013-09-23 22:14 - 2013-09-23 22:14 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2013-09-23 22:13 - 2013-09-23 22:13 - 00000000 ____D C:\Users\PBG\AppData\Local\MapleStudio
2013-09-19 02:04 - 2013-09-19 02:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 08:35 - 2013-10-16 17:20 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Gajim
2013-09-17 08:34 - 2013-09-17 08:34 - 00001011 _____ C:\Users\PBG\Desktop\Gajim.lnk
2013-09-17 08:34 - 2013-09-17 08:34 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gajim
2013-09-17 08:33 - 2013-09-17 08:34 - 00000000 ____D C:\Program Files\Gajim

==================== One Month Modified Files and Folders =======

2013-10-16 18:08 - 2012-12-17 23:57 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-16 17:34 - 2013-07-24 18:21 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Spotify
2013-10-16 17:20 - 2013-09-17 08:35 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Gajim
2013-10-16 17:03 - 2013-10-16 17:03 - 00002838 _____ C:\Users\PBG\Desktop\JRT.txt
2013-10-16 16:55 - 2013-10-16 16:55 - 01033335 _____ (Thisisu) C:\Users\PBG\Desktop\JRT.exe
2013-10-16 16:53 - 2010-03-30 01:13 - 01103419 _____ C:\windows\WindowsUpdate.log
2013-10-16 16:52 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-16 16:52 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-16 16:48 - 2013-10-16 16:48 - 00017692 _____ C:\Users\PBG\Desktop\AdwCleaner[S0].txt
2013-10-16 16:48 - 2009-07-26 22:06 - 01514382 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-16 16:46 - 2013-07-24 18:21 - 00000000 ____D C:\Users\PBG\AppData\Local\Spotify
2013-10-16 16:43 - 2010-04-03 07:54 - 00234972 _____ C:\windows\PFRO.log
2013-10-16 16:43 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-16 16:43 - 2009-07-14 06:39 - 00154048 _____ C:\windows\setupact.log
2013-10-16 16:39 - 2013-10-16 16:36 - 00000000 ____D C:\AdwCleaner
2013-10-16 16:35 - 2013-10-16 16:35 - 01048960 _____ C:\Users\PBG\Desktop\adwcleaner.exe
2013-10-16 15:48 - 2013-10-16 15:48 - 00015506 _____ C:\ComboFix.txt
2013-10-16 15:48 - 2012-05-08 23:53 - 00000000 ____D C:\Users\1
2013-10-16 15:48 - 2012-05-07 22:13 - 00000000 ____D C:\Qoobox
2013-10-16 13:33 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-10-16 12:56 - 2013-10-16 12:56 - 05133109 ____R (Swearware) C:\Users\PBG\Desktop\ComboFix.exe
2013-10-16 12:56 - 2011-12-10 23:01 - 00000000 ____D C:\Users\PBG\Desktop\Ablage
2013-10-16 09:51 - 2011-12-21 19:42 - 00000000 ____D C:\Users\PBG\AppData\Roaming\vlc
2013-10-15 18:36 - 2013-10-15 18:35 - 00022969 _____ C:\Users\PBG\Desktop\Addition.txt
2013-10-15 18:30 - 2013-10-15 18:30 - 00000000 ____D C:\FRST
2013-10-15 18:29 - 2013-10-15 18:29 - 01087213 _____ (Farbar) C:\Users\PBG\Desktop\FRST.exe
2013-10-15 17:44 - 2011-12-02 18:00 - 00000079 _____ C:\Users\PBG\Documents\Powers.log
2013-10-15 00:36 - 2012-02-09 13:40 - 00000000 ____D C:\Users\PBG\.gimp-2.6
2013-10-15 00:24 - 2013-10-15 00:24 - 00002090 _____ C:\Users\PBG\.recently-used.xbel
2013-10-15 00:24 - 2012-02-09 13:45 - 00000000 ____D C:\Users\PBG\AppData\Roaming\gtk-2.0
2013-10-15 00:24 - 2010-07-14 14:01 - 00000000 ____D C:\Users\PBG
2013-10-12 09:39 - 2011-12-21 19:49 - 00000000 ____D C:\Program Files\No23 Recorder
2013-10-11 18:56 - 2012-08-07 15:54 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Orbit
2013-10-11 15:04 - 2009-07-14 04:37 - 00000000 ____D C:\windows\schemas
2013-10-09 23:08 - 2012-04-17 23:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-10-09 23:08 - 2011-05-23 21:03 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 20:39 - 2012-10-28 13:46 - 00000000 ____D C:\Users\PBG\Desktop\Dokumente
2013-10-07 21:26 - 2013-10-07 21:25 - 00000000 ____D C:\Program Files\Tracker Software
2013-10-07 21:22 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-07 21:13 - 2013-10-07 20:43 - 00000000 ____D C:\Program Files\Pdf Editor
2013-10-07 21:13 - 2013-10-07 20:42 - 00723294 _____ C:\windows\unins000.exe
2013-10-07 21:13 - 2013-10-07 20:42 - 00680608 _____ C:\windows\unins000.dat
2013-10-07 20:51 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Local\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\ProgramData\PDFEditor
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-10-07 20:49 - 2013-10-07 20:49 - 00000000 ____D C:\Program Files\Wondershare
2013-10-07 20:41 - 2013-10-07 20:41 - 00000000 ____D C:\Program Files\AVI to MP4 Converter
2013-10-07 20:30 - 2013-10-07 20:30 - 00000000 ____D C:\Users\PBG\AppData\Local\PDF24
2013-10-07 20:24 - 2013-10-07 20:21 - 00000000 ____D C:\Program Files\PDF24
2013-10-07 19:48 - 2013-10-07 19:48 - 00010464 _____ C:\windows\system32\sx_p2d.tlb
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\soft Xpansion
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Covus Freemium
2013-10-07 19:47 - 2013-10-07 19:46 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-07 19:46 - 2013-10-07 19:46 - 00000000 ____D C:\Program Files\Browser Guard
2013-10-06 18:33 - 2012-03-03 02:28 - 00008704 _____ C:\Users\PBG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-03 19:49 - 2012-05-06 10:35 - 00000000 ____D C:\Users\PBG\Desktop\House
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Lunascape
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Program Files\Lunascape
2013-10-01 20:28 - 2012-05-01 18:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-26 15:49 - 2012-02-03 20:16 - 00000000 ____D C:\Users\PBG\AppData\Local\Mozilla
2013-09-23 22:14 - 2013-09-23 22:14 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2013-09-23 22:13 - 2013-09-23 22:13 - 00000000 ____D C:\Users\PBG\AppData\Local\MapleStudio
2013-09-19 02:04 - 2013-09-19 02:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 08:34 - 2013-09-17 08:34 - 00001011 _____ C:\Users\PBG\Desktop\Gajim.lnk
2013-09-17 08:34 - 2013-09-17 08:34 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gajim
2013-09-17 08:34 - 2013-09-17 08:33 - 00000000 ____D C:\Program Files\Gajim

Some content of TEMP:
====================
C:\Users\PBG\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 14:21

==================== End Of Log ============================
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by PBG at 2013-10-16 18:15:30
Running from C:\Users\PBG\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9.5.4 - Deutsch (Version: 9.5.4)
Atheros Client Installation Program (Version: 1.0.1.0805)
Audacity 2.0
Aurora 15.0a2 (x86 en-US) (Version: 15.0a2)
Avira Free Antivirus (Version: 12.0.0.1199)
BatteryLifeExtender (Version: 1.0.1)
Browser Guard
Canon MP640 series MP Drivers
ChargeableUSB (Version: 1.0.0.0)
Combined Community Codec Pack 2012-12-30 (Version: 2012.12.30.0)
CoolNovo (HKCU Version: 2.0.9.20)
DAEMON Tools Lite (Version: 4.46.1.0327)
Easy Display Manager (Version: 3.1)
Easy Resolution Manager (Version: 1.0.0)
Easy SpeedUp Manager (Version: 3.0.0.5)
EasyBatteryManager (Version: 4.0.0.3)
Eraser 6.0.10.2620 (Version: 6.0.2620)
ESET Online Scanner v3
Free Pdf Perfect Prereq (Version: 1.0.0.0)
Free YouTube to MP3 Converter version 3.12.1.320 (Version: 3.12.1.320)
Freemium Free PDF Perfect (Version: 1.0)
FxPro cTrader (HKCU Version: 1.0.187.14853)
Gajim (Version: 0.15.4)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Talk Plugin (Version: 4.0.3.13724)
GoToMeeting 5.4.0.1083 (HKCU Version: 5.4.0.1083)
GSpot Codec Information Appliance
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Matrix Storage Manager
Internet Explorer (Version: 8)
IrfanView (remove only) (Version: 4.27)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 22 (Version: 6.0.220)
JDownloader 0.9 (Version: 0.9)
JDownloader 2 (Version: 2)
Kill-ID 1.2.4.0 für Chrome (Version: 1.2.5.0)
LAME v3.99.3 (for Windows)
Live Usb Helper 0.0.8 (Version: 0.0.8)
Lunascape6 (All Users) (Version: 6.8.8.26908)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Marvell Miniport Driver (Version: 11.22.3.3)
Maxthon 3 (Version: )
MetaTrader - Alpari UK (Version: 4.00)
MetaTrader 5 - Alpari (Version: 5.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MiPony 2.0.5 (Version: 2.0.5)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
Mp3tag v2.51 (Version: v2.51)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
No23 Recorder (Version: 2.1.0.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 12.02 (Version: 12.02.1578)
Orbit Downloader
PC Inspector File Recovery (Version: 4.0)
Pdf Editor
PDF24 Creator 5.7.0
PDF-Viewer (Version: 2.5.211.0)
Personal Backup 5.3 (Version: 5.3)
Photo Notifier and Animation Creator (Version: 1.0.0.1009)
Realtek High Definition Audio Driver (Version: 6.0.1.6003)
REALTEK Wireless LAN Software (Version: 1.01.0088)
Recuva (Version: 1.41)
Samsung HSPA DataCard 4.3.29.7814 (Version: 4.3.29.7814)
Samsung PC Studio 3 (Version: 3.0.0.80502)
Samsung PC Studio 3 (Version: 3.2.2.80502)
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center (Version: 1.0.21)
Samsung Update Plus (Version: 2.0)
Security Task Manager 1.8d (Version: 1.8d)
Skype™ 6.3 (Version: 6.3.105)
Smart Data Recovery v4.4 (Version: 4.4)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
StreamTransport version: 1.0.2.2171
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (Version: v2011.build.49)
SUPERAntiSpyware (Version: 5.0.1148)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
TreeSize Free V2.6 (Version: 2.6)
TrueCrypt (Version: 7.1)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
VLC media player 2.0.1 (Version: 2.0.1)
Web Stream Recorder (Version: 2012)
WIDCOMM Bluetooth Software (Version: 6.2.1.800)
WinCDEmu (Version: 3.6)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Utils
WinRAR 4.01 (32-Bit) (Version: 4.01.0)
WinZip 15.0 (Version: 15.0.9411)
Wondershare PDF Editor(Build 3.2.1) (Version: 3.2.1.4)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-10-16 13:33 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {007CDB13-9A85-4C91-9D9C-46B0323475C5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {07054065-D5E7-43A1-980B-029B5E0A1E6E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {170A8CC5-0D5A-40FA-A939-88987135FB59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23] (Google Inc.)
Task: {2040EE57-16FB-4B7D-BE4C-A52C582B6CFA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {2FB03B01-9A50-432D-B2F6-A6ABF3CE72D6} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {35B53D74-7BD0-415F-8788-228A07E1798D} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {3858A9F6-E3E9-4E1F-A053-4C7247FC5E27} - System32\Tasks\{1F4A8F47-3B7B-4820-974E-10DEFB463717} => C:\Program Files\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {4B135B37-96FB-4315-B22F-E2306D9C2033} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {5867E881-21CB-46DE-8849-D8D46C1F1671} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {61D93823-470D-4A98-ABAF-181F276A233A} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {7A4B8E2C-7DF7-4320-AAFA-CE940C32ABF9} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {B817FC75-95FE-474D-BFD7-40D7C916B103} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23] (Google Inc.)
Task: {C5C921F7-6EA0-46C1-9D95-39C631431BBA} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {D7B15C67-888D-401F-9E30-5841FED2A709} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-12-21] (Samsung Electronics Co., Ltd.)
Task: {DA267BBB-D73E-49E1-8CFC-8D074AADF88E} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\mxup.exe [2013-03-28] (Maxthon International ltd.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core.job => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA.job => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-29 09:44 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2013-07-24 18:21 - 2013-10-15 10:46 - 34604032 _____ () C:\Users\PBG\AppData\Roaming\Spotify\Data\libcef.dll
2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Program Files\Gajim\bin\_ctypes.pyd
2011-04-09 08:59 - 2011-04-09 08:59 - 00058368 _____ () C:\Program Files\Gajim\bin\glib._glib.pyd
2011-04-09 08:59 - 2011-04-09 08:59 - 00113152 _____ () C:\Program Files\Gajim\bin\gobject._gobject.pyd
2011-04-09 09:02 - 2011-04-09 09:02 - 01882624 _____ () C:\Program Files\Gajim\bin\gtk._gtk.pyd
2013-07-18 10:19 - 2013-07-18 10:19 - 01294335 _____ () C:\Program Files\Gajim\bin\gtk\bin\libcairo-2.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00279059 _____ () C:\Program Files\Gajim\bin\gtk\bin\libfontconfig-1.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00143096 _____ () C:\Program Files\Gajim\bin\gtk\bin\libexpat-1.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00538324 _____ () C:\Program Files\Gajim\bin\gtk\bin\freetype6.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00230529 _____ () C:\Program Files\Gajim\bin\gtk\bin\libpng14-14.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00100352 _____ () C:\Program Files\Gajim\bin\gtk\bin\zlib1.dll
2010-11-02 20:35 - 2010-11-02 20:35 - 00069632 _____ () C:\Program Files\Gajim\bin\cairo._cairo.pyd
2011-04-09 08:59 - 2011-04-09 08:59 - 00263168 _____ () C:\Program Files\Gajim\bin\gio._gio.pyd
2011-04-09 09:03 - 2011-04-09 09:03 - 00111616 _____ () C:\Program Files\Gajim\bin\pango.pyd
2011-04-09 09:03 - 2011-04-09 09:03 - 00208384 _____ () C:\Program Files\Gajim\bin\atk.pyd
2011-04-09 09:03 - 2011-04-09 09:03 - 00017920 _____ () C:\Program Files\Gajim\bin\pangocairo.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Program Files\Gajim\bin\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Program Files\Gajim\bin\_ssl.pyd
2011-02-26 19:00 - 2011-02-26 19:00 - 00096768 _____ () C:\Program Files\Gajim\bin\win32api.pyd
2011-02-27 17:13 - 2011-02-27 17:13 - 00110080 _____ () C:\Program Files\Gajim\bin\pywintypes27.dll
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Program Files\Gajim\bin\_hashlib.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00057344 _____ () C:\Program Files\Gajim\bin\_sqlite3.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00635392 _____ () C:\Program Files\Gajim\bin\sqlite3.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00994260 _____ () C:\Program Files\Gajim\bin\gtk\lib\gtk-2.0\2.10.0\engines\libclearlooks.dll
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Program Files\Gajim\bin\pyexpat.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Program Files\Gajim\bin\unicodedata.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Program Files\Gajim\bin\select.pyd
2011-09-02 11:58 - 2011-09-02 11:58 - 00043008 _____ () C:\Program Files\Gajim\bin\OpenSSL.SSL.pyd
2011-09-02 11:58 - 2011-09-02 11:58 - 00055808 _____ () C:\Program Files\Gajim\bin\OpenSSL.crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00010752 _____ () C:\Program Files\Gajim\bin\winsound.pyd
2013-09-29 02:44 - 2013-10-15 10:46 - 00747008 _____ () C:\Users\PBG\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-29 02:44 - 2013-10-15 10:46 - 00137216 _____ () C:\Users\PBG\AppData\Roaming\Spotify\Data\libegl.dll
2013-09-19 02:04 - 2013-09-19 02:04 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-09 23:08 - 2013-10-09 23:08 - 16233864 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 64%
Total physical RAM: 2037.27 MB
Available physical RAM: 716.05 MB
Total Pagefile: 4074.54 MB
Available Pagefile: 2037.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:2.07 GB) NTFS
Drive d: () (Fixed) (Total:159.19 GB) (Free:10.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: ECF7FF98)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=159 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Antwort

Themen zu MonsterMarketplace.com in Browser
anleitung, browse, browser, entferne, leitung, monstermarketplace.com, suche


« hohe cpu-auslastung durch systemunterbrechungen sowie virenbefall | Feven wie bekomm ich es weck? »


Ähnliche Themen: MonsterMarketplace.com in Browser


  1. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  2. Monstermarketplace / deltatoolbar
    Log-Analyse und Auswertung - 23.10.2013 (20)
  3. Problem mit Trojaner Monstermarketplace
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (27)
  4. kann Monstermarketplace nicht löschen
    Log-Analyse und Auswertung - 15.10.2013 (9)
  5. habe Probleme mit MonsterMarketplace.com
    Plagegeister aller Art und deren Bekämpfung - 11.10.2013 (9)
  6. MonsterMarketplace.com-Fenster poppt auf!
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (14)
  7. MonsterMarketPlace (und andere ungewollte Links)
    Log-Analyse und Auswertung - 03.10.2013 (3)
  8. Werde MonsterMarketplace nicht los.
    Log-Analyse und Auswertung - 26.09.2013 (18)
  9. Direktlinks auf Internetseiten von Monstermarketplace (Trojaner?)
    Log-Analyse und Auswertung - 25.09.2013 (3)
  10. Win7 : Monstermarketplace-Weiterleitung in websites
    Log-Analyse und Auswertung - 11.09.2013 (9)
  11. Win7 - Monstermarketplace Umleitung
    Log-Analyse und Auswertung - 11.09.2013 (7)
  12. Monstermarketplace.com - Grüne Wörter mit Verlinkungen Monstermarketplace.com - Grüne Wörter mit Verlinkungen
    Log-Analyse und Auswertung - 06.09.2013 (16)
  13. Problem mit MonsterMarketPlace
    Plagegeister aller Art und deren Bekämpfung - 27.08.2013 (3)
  14. Monstermarketplace.com - Grüne Wörter mit Verlinkungen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (3)
  15. Monstermarketplace
    Log-Analyse und Auswertung - 15.08.2013 (9)
  16. Monstermarketplace.com: Google Chrome Problem!
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (19)
  17. Webcake und Monstermarketplace Befall
    Log-Analyse und Auswertung - 04.08.2013 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema MonsterMarketplace.com in Browser - Hallo, bitte um Anleitung um MonsterMarketplace.com Suche in Browserinhalt zu entfernen. Danke. - MonsterMarketplace.com in Browser...
Archiv
Du betrachtest: MonsterMarketplace.com in Browser auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131