Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   MonsterMarketplace.com in Browser (https://www.trojaner-board.de/143088-monstermarketplace-com-browser.html)

M-K-D-B 18.10.2013 16:45
Zitat:
Zitat von Malwarenervt (Beitrag 1177178)
Suchte gerade etwas auf google, als gleich ein Werbebanner da war, "ausgerüstet von web1Enhance", was nun?
Hast du dir schon wieder was "eingefangen" (wobei eingefangen nicht ganz richtig ist... denn meistens bekommt man diese Werbesoftware mit anderer Software verpackt) ? :rolleyes:

Malwarenervt 18.10.2013 21:08
Keine neue Software installiert.

M-K-D-B 19.10.2013 09:41
Servus,


dann also nochmal alles von vorne:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Malwarenervt 19.10.2013 16:10

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by PBG (administrator) on PBG-PC on 19-10-2013 17:00:44
Running from C:\Users\PBG\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Spotify Ltd) C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Gajim Development Team) C:\Program Files\Gajim\bin\gajim.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-12-12] (TrueCrypt Foundation)
HKCU\...\Run: [Spotify] - C:\Users\PBG\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-15] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gajim.lnk
ShortcutTarget: Gajim.lnk -> C:\Program Files\Gajim\bin\gajim.exe (Gajim Development Team)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE69F21F97EC1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {33FBE12B-0BE0-43B9-839C-DDA2D14D25AF} URL = hxxp://www.google.de
BHO: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files\Browser Guard\browserguard.dll (Browser Guard)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CB44DBC-6166-496D-B83D-F8183DC7BE4B}: [NameServer]10.74.83.22 193.254.160.1

FireFox:
========
FF ProfilePath: C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF Homepage: https://www.google.de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1%20%26%26%20url.indexOf('.png')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: QuickFox Notes - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\amin.eft_bmnotes@gmail.com
FF Extension: pricealarm - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\netvideohunter@netvideohunter.com
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\staged
FF Extension: Zotero - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\zotero@chnm.gmu.edu
FF Extension: Flashblock - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: DownloadHelper - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Flash and Video Download - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF Extension: Block site - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF Extension: Bitdefender QuickScan - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Evernote Web Clipper - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF Extension: artur.dubovoy - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: bookmarkdeduplicator - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\bookmarkdeduplicator@foxhatdev.xpi
FF Extension: ck - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\ck@everygain.com.xpi
FF Extension: hidecaptionplus-dp - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF Extension: readable - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\readable@evernote.com.xpi
FF Extension: scrapbookplus - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\scrapbookplus@addons.mozilla.org.xpi
FF Extension: sortplaces - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\sortplaces@andyhalford.com.xpi
FF Extension: tab-width - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\tab-width@design-noir.de.xpi
FF Extension: testpilot - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: translator - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files\Browser Guard\browserguard.xpi
FF Extension: No Name - C:\Program Files\Browser Guard\browserguard.xpi

Chrome:
=======
CHR DefaultSearchURL: (SweetIM Search) - hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={E4E22DDE-2F80-11E3-BC78-C2E8D5860328}
CHR DefaultSuggestURL: (SweetIM Search) -      "suggest_url": ""
CHR Extension: (Browser Guard) - C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfepagcelbegkpkcjgfeecmlnmkedjin\0.1_0
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx
CHR StartMenuInternet: Google Chrome - C:\Users\PBG\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-07] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)
R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-14] (DT Soft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
R3 samsung_hspa_datacard_cdc_acm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [68608 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_cdc_ecm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [81920 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_dc_enum; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [62464 2010-01-15] (Samsung)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\PBG\AppData\Local\Temp\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-19 16:56 - 2013-10-19 16:56 - 01087515 _____ (Farbar) C:\Users\PBG\Desktop\FRST.exe
2013-10-17 09:47 - 2013-10-17 09:47 - 00891167 _____ C:\Users\PBG\Desktop\SecurityCheck.exe
2013-10-16 18:21 - 2013-10-16 18:32 - 00173550 _____ C:\Users\PBG\Desktop\SystemLook.txt
2013-10-16 18:20 - 2013-10-16 18:20 - 00139264 _____ C:\Users\PBG\Desktop\SystemLook.exe
2013-10-16 17:03 - 2013-10-16 17:03 - 00002838 _____ C:\Users\PBG\Desktop\JRT.txt
2013-10-16 16:55 - 2013-10-16 16:55 - 01033335 _____ (Thisisu) C:\Users\PBG\Desktop\JRT.exe
2013-10-16 16:48 - 2013-10-16 16:48 - 00017692 _____ C:\Users\PBG\Desktop\AdwCleaner[S0].txt
2013-10-16 16:36 - 2013-10-16 16:39 - 00000000 ____D C:\AdwCleaner
2013-10-16 16:35 - 2013-10-16 16:35 - 01048960 _____ C:\Users\PBG\Desktop\adwcleaner.exe
2013-10-16 15:48 - 2013-10-16 15:48 - 00015506 _____ C:\ComboFix.txt
2013-10-16 12:56 - 2013-10-16 12:56 - 05133109 ____R (Swearware) C:\Users\PBG\Desktop\ComboFix.exe
2013-10-15 18:30 - 2013-10-15 18:30 - 00000000 ____D C:\FRST
2013-10-15 00:24 - 2013-10-15 00:24 - 00002090 _____ C:\Users\PBG\.recently-used.xbel
2013-10-07 21:25 - 2013-10-07 21:26 - 00000000 ____D C:\Program Files\Tracker Software
2013-10-07 20:50 - 2013-10-07 20:51 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Local\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\ProgramData\PDFEditor
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-10-07 20:50 - 2013-09-02 19:09 - 00082896 _____ (Wondershare Software) C:\windows\system32\WSMonEditor.dll
2013-10-07 20:49 - 2013-10-07 20:49 - 00000000 ____D C:\Program Files\Wondershare
2013-10-07 20:43 - 2013-10-07 21:13 - 00000000 ____D C:\Program Files\Pdf Editor
2013-10-07 20:42 - 2013-10-07 21:13 - 00723294 _____ C:\windows\unins000.exe
2013-10-07 20:42 - 2013-10-07 21:13 - 00680608 _____ C:\windows\unins000.dat
2013-10-07 20:41 - 2013-10-07 20:41 - 00000000 ____D C:\Program Files\AVI to MP4 Converter
2013-10-07 20:30 - 2013-10-07 20:30 - 00000000 ____D C:\Users\PBG\AppData\Local\PDF24
2013-10-07 20:21 - 2013-10-07 20:24 - 00000000 ____D C:\Program Files\PDF24
2013-10-07 19:48 - 2013-10-07 19:48 - 00010464 _____ C:\windows\system32\sx_p2d.tlb
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\soft Xpansion
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Covus Freemium
2013-10-07 19:46 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-07 19:46 - 2013-10-07 19:46 - 00000000 ____D C:\Program Files\Browser Guard
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Lunascape
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Program Files\Lunascape
2013-09-23 22:14 - 2013-09-23 22:14 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2013-09-23 22:13 - 2013-09-23 22:13 - 00000000 ____D C:\Users\PBG\AppData\Local\MapleStudio
2013-09-19 02:04 - 2013-09-19 02:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-19 17:00 - 2011-12-10 23:01 - 00000000 ____D C:\Users\PBG\Desktop\Ablage
2013-10-19 16:56 - 2013-10-19 16:56 - 01087515 _____ (Farbar) C:\Users\PBG\Desktop\FRST.exe
2013-10-19 16:54 - 2011-12-21 19:42 - 00000000 ____D C:\Users\PBG\AppData\Roaming\vlc
2013-10-19 16:25 - 2010-03-30 01:13 - 01158800 _____ C:\windows\WindowsUpdate.log
2013-10-19 16:24 - 2012-12-17 23:57 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-19 09:47 - 2013-08-06 22:32 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-19 09:12 - 2009-07-14 06:39 - 00154104 _____ C:\windows\setupact.log
2013-10-19 08:52 - 2012-05-07 17:05 - 00000000 ____D C:\Users\PBG\AppData\Local\Apps\2.0
2013-10-18 16:56 - 2013-09-17 08:35 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Gajim
2013-10-18 07:10 - 2009-07-26 22:06 - 01514382 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-17 09:47 - 2013-10-17 09:47 - 00891167 _____ C:\Users\PBG\Desktop\SecurityCheck.exe
2013-10-17 06:36 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-17 06:36 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-16 20:27 - 2013-07-24 18:21 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Spotify
2013-10-16 18:32 - 2013-10-16 18:21 - 00173550 _____ C:\Users\PBG\Desktop\SystemLook.txt
2013-10-16 18:20 - 2013-10-16 18:20 - 00139264 _____ C:\Users\PBG\Desktop\SystemLook.exe
2013-10-16 17:03 - 2013-10-16 17:03 - 00002838 _____ C:\Users\PBG\Desktop\JRT.txt
2013-10-16 16:55 - 2013-10-16 16:55 - 01033335 _____ (Thisisu) C:\Users\PBG\Desktop\JRT.exe
2013-10-16 16:48 - 2013-10-16 16:48 - 00017692 _____ C:\Users\PBG\Desktop\AdwCleaner[S0].txt
2013-10-16 16:46 - 2013-07-24 18:21 - 00000000 ____D C:\Users\PBG\AppData\Local\Spotify
2013-10-16 16:43 - 2010-04-03 07:54 - 00234972 _____ C:\windows\PFRO.log
2013-10-16 16:43 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-16 16:39 - 2013-10-16 16:36 - 00000000 ____D C:\AdwCleaner
2013-10-16 16:35 - 2013-10-16 16:35 - 01048960 _____ C:\Users\PBG\Desktop\adwcleaner.exe
2013-10-16 15:48 - 2013-10-16 15:48 - 00015506 _____ C:\ComboFix.txt
2013-10-16 15:48 - 2012-05-08 23:53 - 00000000 ____D C:\Users\1
2013-10-16 15:48 - 2012-05-07 22:13 - 00000000 ____D C:\Qoobox
2013-10-16 13:33 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-10-16 12:56 - 2013-10-16 12:56 - 05133109 ____R (Swearware) C:\Users\PBG\Desktop\ComboFix.exe
2013-10-15 18:30 - 2013-10-15 18:30 - 00000000 ____D C:\FRST
2013-10-15 17:44 - 2011-12-02 18:00 - 00000079 _____ C:\Users\PBG\Documents\Powers.log
2013-10-15 00:36 - 2012-02-09 13:40 - 00000000 ____D C:\Users\PBG\.gimp-2.6
2013-10-15 00:24 - 2013-10-15 00:24 - 00002090 _____ C:\Users\PBG\.recently-used.xbel
2013-10-15 00:24 - 2012-02-09 13:45 - 00000000 ____D C:\Users\PBG\AppData\Roaming\gtk-2.0
2013-10-15 00:24 - 2010-07-14 14:01 - 00000000 ____D C:\Users\PBG
2013-10-12 09:39 - 2011-12-21 19:49 - 00000000 ____D C:\Program Files\No23 Recorder
2013-10-11 18:56 - 2012-08-07 15:54 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Orbit
2013-10-11 15:04 - 2009-07-14 04:37 - 00000000 ____D C:\windows\schemas
2013-10-09 23:08 - 2012-04-17 23:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-10-09 23:08 - 2011-05-23 21:03 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 20:39 - 2012-10-28 13:46 - 00000000 ____D C:\Users\PBG\Desktop\Dokumente
2013-10-07 21:26 - 2013-10-07 21:25 - 00000000 ____D C:\Program Files\Tracker Software
2013-10-07 21:22 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-07 21:13 - 2013-10-07 20:43 - 00000000 ____D C:\Program Files\Pdf Editor
2013-10-07 21:13 - 2013-10-07 20:42 - 00723294 _____ C:\windows\unins000.exe
2013-10-07 21:13 - 2013-10-07 20:42 - 00680608 _____ C:\windows\unins000.dat
2013-10-07 20:51 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Users\PBG\AppData\Local\Wondershare
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\ProgramData\PDFEditor
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-10-07 20:49 - 2013-10-07 20:49 - 00000000 ____D C:\Program Files\Wondershare
2013-10-07 20:41 - 2013-10-07 20:41 - 00000000 ____D C:\Program Files\AVI to MP4 Converter
2013-10-07 20:30 - 2013-10-07 20:30 - 00000000 ____D C:\Users\PBG\AppData\Local\PDF24
2013-10-07 20:24 - 2013-10-07 20:21 - 00000000 ____D C:\Program Files\PDF24
2013-10-07 19:48 - 2013-10-07 19:48 - 00010464 _____ C:\windows\system32\sx_p2d.tlb
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\soft Xpansion
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Covus Freemium
2013-10-07 19:47 - 2013-10-07 19:46 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-07 19:46 - 2013-10-07 19:46 - 00000000 ____D C:\Program Files\Browser Guard
2013-10-06 18:33 - 2012-03-03 02:28 - 00008704 _____ C:\Users\PBG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-03 19:49 - 2012-05-06 10:35 - 00000000 ____D C:\Users\PBG\Desktop\House
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Lunascape
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Program Files\Lunascape
2013-10-01 20:28 - 2012-05-01 18:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-26 15:49 - 2012-02-03 20:16 - 00000000 ____D C:\Users\PBG\AppData\Local\Mozilla
2013-09-23 22:14 - 2013-09-23 22:14 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2013-09-23 22:13 - 2013-09-23 22:13 - 00000000 ____D C:\Users\PBG\AppData\Local\MapleStudio
2013-09-19 02:04 - 2013-09-19 02:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\PBG\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 14:21

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2013
Ran by PBG at 2013-10-19 17:02:41
Running from C:\Users\PBG\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9.5.4 - Deutsch (Version: 9.5.4)
Atheros Client Installation Program (Version: 1.0.1.0805)
Audacity 2.0
Aurora 15.0a2 (x86 en-US) (Version: 15.0a2)
Avira Free Antivirus (Version: 12.0.0.1199)
BatteryLifeExtender (Version: 1.0.1)
Browser Guard
Canon MP640 series MP Drivers
ChargeableUSB (Version: 1.0.0.0)
Combined Community Codec Pack 2012-12-30 (Version: 2012.12.30.0)
CoolNovo (HKCU Version: 2.0.9.20)
DAEMON Tools Lite (Version: 4.46.1.0327)
Easy Display Manager (Version: 3.1)
Easy Resolution Manager (Version: 1.0.0)
Easy SpeedUp Manager (Version: 3.0.0.5)
EasyBatteryManager (Version: 4.0.0.3)
Eraser 6.0.10.2620 (Version: 6.0.2620)
ESET Online Scanner v3
Free Pdf Perfect Prereq (Version: 1.0.0.0)
Free YouTube to MP3 Converter version 3.12.1.320 (Version: 3.12.1.320)
Freemium Free PDF Perfect (Version: 1.0)
FxPro cTrader (HKCU Version: 1.0.187.14853)
Gajim (Version: 0.15.4)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Talk Plugin (Version: 4.0.3.13724)
GoToMeeting 5.4.0.1083 (HKCU Version: 5.4.0.1083)
GSpot Codec Information Appliance
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Matrix Storage Manager
Internet Explorer (Version: 8)
IrfanView (remove only) (Version: 4.27)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 22 (Version: 6.0.220)
JDownloader 0.9 (Version: 0.9)
JDownloader 2 (Version: 2)
Kill-ID 1.2.4.0 für Chrome (Version: 1.2.5.0)
LAME v3.99.3 (for Windows)
Live Usb Helper 0.0.8 (Version: 0.0.8)
Lunascape6 (All Users) (Version: 6.8.8.26908)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Marvell Miniport Driver (Version: 11.22.3.3)
Maxthon 3 (Version: )
MetaTrader - Alpari UK (Version: 4.00)
MetaTrader 5 - Alpari (Version: 5.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MiPony 2.0.5 (Version: 2.0.5)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
Mp3tag v2.51 (Version: v2.51)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
No23 Recorder (Version: 2.1.0.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 12.02 (Version: 12.02.1578)
PC Inspector File Recovery (Version: 4.0)
Pdf Editor
PDF24 Creator 5.7.0
PDF-Viewer (Version: 2.5.211.0)
Personal Backup 5.3 (Version: 5.3)
Photo Notifier and Animation Creator (Version: 1.0.0.1009)
Realtek High Definition Audio Driver (Version: 6.0.1.6003)
REALTEK Wireless LAN Software (Version: 1.01.0088)
Recuva (Version: 1.41)
Samsung HSPA DataCard 4.3.29.7814 (Version: 4.3.29.7814)
Samsung PC Studio 3 (Version: 3.0.0.80502)
Samsung PC Studio 3 (Version: 3.2.2.80502)
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center (Version: 1.0.21)
Samsung Update Plus (Version: 2.0)
Security Task Manager 1.8d (Version: 1.8d)
Skype™ 6.3 (Version: 6.3.105)
Smart Data Recovery v4.4 (Version: 4.4)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
StreamTransport version: 1.0.2.2171
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (Version: v2011.build.49)
SUPERAntiSpyware (Version: 5.0.1148)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
TreeSize Free V2.6 (Version: 2.6)
TrueCrypt (Version: 7.1)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
VLC media player 2.0.1 (Version: 2.0.1)
Web Stream Recorder (Version: 2012)
WIDCOMM Bluetooth Software (Version: 6.2.1.800)
WinCDEmu (Version: 3.6)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Utils
WinRAR 4.01 (32-Bit) (Version: 4.01.0)
WinZip 15.0 (Version: 15.0.9411)
Wondershare PDF Editor(Build 3.2.1) (Version: 3.2.1.4)

==================== Restore Points  =========================

17-10-2013 04:39:32 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-10-16 13:33 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {007CDB13-9A85-4C91-9D9C-46B0323475C5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {07054065-D5E7-43A1-980B-029B5E0A1E6E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {170A8CC5-0D5A-40FA-A939-88987135FB59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23] (Google Inc.)
Task: {2040EE57-16FB-4B7D-BE4C-A52C582B6CFA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {2FB03B01-9A50-432D-B2F6-A6ABF3CE72D6} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {35B53D74-7BD0-415F-8788-228A07E1798D} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {3858A9F6-E3E9-4E1F-A053-4C7247FC5E27} - System32\Tasks\{1F4A8F47-3B7B-4820-974E-10DEFB463717} => C:\Program Files\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {4B135B37-96FB-4315-B22F-E2306D9C2033} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {5867E881-21CB-46DE-8849-D8D46C1F1671} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {61D93823-470D-4A98-ABAF-181F276A233A} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {7A4B8E2C-7DF7-4320-AAFA-CE940C32ABF9} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {B817FC75-95FE-474D-BFD7-40D7C916B103} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23] (Google Inc.)
Task: {C5C921F7-6EA0-46C1-9D95-39C631431BBA} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {D7B15C67-888D-401F-9E30-5841FED2A709} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-12-21] (Samsung Electronics Co., Ltd.)
Task: {DA267BBB-D73E-49E1-8CFC-8D074AADF88E} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\mxup.exe [2013-03-28] (Maxthon International ltd.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core.job => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA.job => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-02 19:07 - 2012-05-08 23:52 - 00398288 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2010-03-29 09:44 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Program Files\Gajim\bin\_ctypes.pyd
2011-04-09 08:59 - 2011-04-09 08:59 - 00058368 _____ () C:\Program Files\Gajim\bin\glib._glib.pyd
2011-04-09 08:59 - 2011-04-09 08:59 - 00113152 _____ () C:\Program Files\Gajim\bin\gobject._gobject.pyd
2011-04-09 09:02 - 2011-04-09 09:02 - 01882624 _____ () C:\Program Files\Gajim\bin\gtk._gtk.pyd
2013-07-18 10:19 - 2013-07-18 10:19 - 01294335 _____ () C:\Program Files\Gajim\bin\gtk\bin\libcairo-2.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00279059 _____ () C:\Program Files\Gajim\bin\gtk\bin\libfontconfig-1.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00143096 _____ () C:\Program Files\Gajim\bin\gtk\bin\libexpat-1.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00538324 _____ () C:\Program Files\Gajim\bin\gtk\bin\freetype6.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00230529 _____ () C:\Program Files\Gajim\bin\gtk\bin\libpng14-14.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00100352 _____ () C:\Program Files\Gajim\bin\gtk\bin\zlib1.dll
2010-11-02 20:35 - 2010-11-02 20:35 - 00069632 _____ () C:\Program Files\Gajim\bin\cairo._cairo.pyd
2011-04-09 08:59 - 2011-04-09 08:59 - 00263168 _____ () C:\Program Files\Gajim\bin\gio._gio.pyd
2011-04-09 09:03 - 2011-04-09 09:03 - 00111616 _____ () C:\Program Files\Gajim\bin\pango.pyd
2011-04-09 09:03 - 2011-04-09 09:03 - 00208384 _____ () C:\Program Files\Gajim\bin\atk.pyd
2011-04-09 09:03 - 2011-04-09 09:03 - 00017920 _____ () C:\Program Files\Gajim\bin\pangocairo.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Program Files\Gajim\bin\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Program Files\Gajim\bin\_ssl.pyd
2011-02-26 19:00 - 2011-02-26 19:00 - 00096768 _____ () C:\Program Files\Gajim\bin\win32api.pyd
2011-02-27 17:13 - 2011-02-27 17:13 - 00110080 _____ () C:\Program Files\Gajim\bin\pywintypes27.dll
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Program Files\Gajim\bin\_hashlib.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00057344 _____ () C:\Program Files\Gajim\bin\_sqlite3.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00635392 _____ () C:\Program Files\Gajim\bin\sqlite3.dll
2013-07-18 10:19 - 2013-07-18 10:19 - 00994260 _____ () C:\Program Files\Gajim\bin\gtk\lib\gtk-2.0\2.10.0\engines\libclearlooks.dll
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Program Files\Gajim\bin\pyexpat.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Program Files\Gajim\bin\unicodedata.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Program Files\Gajim\bin\select.pyd
2011-09-02 11:58 - 2011-09-02 11:58 - 00043008 _____ () C:\Program Files\Gajim\bin\OpenSSL.SSL.pyd
2011-09-02 11:58 - 2011-09-02 11:58 - 00055808 _____ () C:\Program Files\Gajim\bin\OpenSSL.crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00010752 _____ () C:\Program Files\Gajim\bin\winsound.pyd
2011-12-16 23:46 - 2011-05-28 23:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-19 02:04 - 2013-09-19 02:04 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-09 23:08 - 2013-10-09 23:08 - 16233864 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2013 06:44:18 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 06:44:08 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 06:41:17 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 06:40:36 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 06:38:50 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 06:36:06 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 06:34:54 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 00:16:35 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059bef
ID des fehlerhaften Prozesses: 0x758
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3


System errors:
=============
Error: (10/19/2013 04:24:02 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (10/19/2013 08:38:16 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.

Error: (10/18/2013 08:46:25 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/18/2013 07:20:42 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR12 gefunden.

Error: (10/18/2013 07:20:42 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR12 gefunden.

Error: (10/18/2013 07:20:41 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR12 gefunden.

Error: (10/18/2013 07:08:42 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR10 gefunden.

Error: (10/18/2013 07:08:41 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR10 gefunden.

Error: (10/18/2013 07:05:26 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR9 gefunden.

Error: (10/18/2013 07:05:25 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR9 gefunden.


Microsoft Office Sessions:
=========================
Error: (10/17/2013 06:44:18 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest

Error: (10/17/2013 06:44:08 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe

Error: (10/17/2013 06:41:17 AM) (Source: SideBySide)(User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files\windows live\messenger\wlcsdk.exe

Error: (10/17/2013 06:40:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\WinCDEmu\vmnt64.exe

Error: (10/17/2013 06:38:50 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\metatrader 5 - alpari\metatester64.exe

Error: (10/17/2013 06:36:06 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (10/17/2013 06:34:54 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest

Error: (10/17/2013 00:16:35 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d6727a7ntdll.dll6.1.7601.177254ec49b60c000000500059bef75801ceca8023dee94eC:\windows\explorer.exeC:\windows\SYSTEM32\ntdll.dll9dd904a9-36b0-11e3-bbd8-d3d1729e5d24


==================== Memory info ===========================

Percentage of memory in use: 71%
Total physical RAM: 2037.27 MB
Available physical RAM: 571.71 MB
Total Pagefile: 4074.54 MB
Available Pagefile: 1572.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:0.29 GB) NTFS
Drive d: () (Fixed) (Total:159.19 GB) (Free:10.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: ECF7FF98)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=159 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 19.10.2013 16:20
Servus,






in welchem Browser trat das Problem auf?




Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Schritt 2
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)




Schritt 3
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.





Bitte poste mit deiner nächsten Antwort
  • die Beantwortung der gestellten Frage,
  • die Logdatei von ComboFix,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.

Malwarenervt 19.10.2013 16:52
In Firefox, in Internet Explorer auch.

M-K-D-B 19.10.2013 18:02
Zitat:
Zitat von Malwarenervt (Beitrag 1178132)
In Firefox, in Internet Explorer auch.
Ok, dann kannst du die drei Schritte ausführen. Wäre doch gelacht, wenn wir das nicht wieder in den Griff bekommen würden. :)

Malwarenervt 19.10.2013 20:13
Code:
ComboFix 13-10-19.02 - PBG 19.10.2013  20:02:39.3.2 - x86
Microsoft Windows 7 Starter  6.1.7601.1.1252.49.1031.18.2037.1374 [GMT 2:00]
ausgeführt von:: c:\users\PBG\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-09-19 bis 2013-10-19  ))))))))))))))))))))))))))))))
.
.
2013-10-19 18:21 . 2013-10-19 18:21        --------        d-----w-        c:\users\Public\AppData\Local\temp
2013-10-19 18:21 . 2013-10-19 18:21        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-10-16 14:36 . 2013-10-16 14:39        --------        d-----w-        C:\AdwCleaner
2013-10-16 11:33 . 2013-10-19 18:21        --------        d-----w-        c:\users\PBG\AppData\Local\temp
2013-10-15 16:30 . 2013-10-15 16:30        --------        d-----w-        C:\FRST
2013-10-07 19:25 . 2013-10-07 19:26        --------        d-----w-        c:\program files\Tracker Software
2013-10-07 18:50 . 2013-09-02 17:09        82896        ----a-w-        c:\windows\system32\WSMonEditor.dll
2013-10-07 18:50 . 2013-10-07 18:50        --------        d-----w-        c:\users\PBG\AppData\Local\Wondershare
2013-10-07 18:50 . 2013-10-07 18:50        --------        d-----w-        c:\program files\Common Files\Wondershare
2013-10-07 18:50 . 2013-10-07 18:50        --------        d-----w-        c:\programdata\PDFEditor
2013-10-07 18:50 . 2013-10-07 18:51        --------        d-----w-        c:\users\PBG\AppData\Roaming\Wondershare
2013-10-07 18:49 . 2013-10-07 18:49        --------        d-----w-        c:\program files\Wondershare
2013-10-07 18:43 . 2013-10-07 19:13        --------        d-----w-        c:\program files\Pdf Editor
2013-10-07 18:42 . 2013-10-07 19:13        723294        ----a-w-        c:\windows\unins000.exe
2013-10-07 18:41 . 2013-10-07 18:41        --------        d-----w-        c:\program files\AVI to MP4 Converter
2013-10-07 18:30 . 2013-10-07 18:30        --------        d-----w-        c:\users\PBG\AppData\Local\PDF24
2013-10-07 18:21 . 2013-10-07 18:24        --------        d-----w-        c:\program files\PDF24
2013-10-07 17:48 . 2013-10-07 17:48        --------        d-----w-        c:\program files\Common Files\soft Xpansion
2013-10-07 17:48 . 2013-10-07 17:48        286568        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\sx_p8_pro7_p.dll
2013-10-07 17:48 . 2013-10-07 17:48        --------        d-----w-        c:\program files\Common Files\Freemium
2013-10-07 17:47 . 2013-10-07 17:47        --------        d-----w-        c:\programdata\Freemium
2013-10-07 17:47 . 2013-10-07 17:47        --------        d-----w-        c:\program files\Freemium
2013-10-07 17:47 . 2013-10-07 17:47        --------        d-----w-        c:\program files\Covus Freemium
2013-10-07 17:46 . 2013-10-07 17:46        --------        d-----w-        c:\program files\Browser Guard
2013-10-07 17:46 . 2013-10-07 17:47        --------        d-----w-        c:\programdata\Package Cache
2013-10-01 18:52 . 2013-10-01 18:52        --------        d-----w-        c:\users\PBG\AppData\Roaming\Lunascape
2013-10-01 18:52 . 2013-10-01 18:52        --------        d-----w-        c:\program files\Lunascape
2013-09-23 20:13 . 2013-09-23 20:13        --------        d-----w-        c:\users\PBG\AppData\Local\MapleStudio
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 21:08 . 2012-04-17 21:18        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-10-09 21:08 . 2011-05-23 19:03        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-01-19 11:34 . 2011-01-19 11:34        3003392        ----a-w-        c:\program files\openofficeorg33.msi
2006-05-03 11:06        163328        --sha-r-        c:\windows\System32\flvDX.dll
2007-02-21 12:47        31232        --sha-r-        c:\windows\System32\msfDX.dll
2008-03-16 14:30        216064        --sha-r-        c:\windows\System32\nbDX.dll
2010-01-06 23:00        107520        --sha-r-        c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{02a0d829-4393-46fc-a37e-126263035883}]
2013-08-27 11:40        196096        ----a-w-        c:\program files\Browser Guard\browserguard.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2011-12-12 1517520]
"Spotify"="c:\users\PBG\AppData\Roaming\Spotify\Spotify.exe" [2013-10-15 4752384]
"Spotify Web Helper"="c:\users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-15 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-14 8120864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-07-22 162856]
.
c:\users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Gajim.lnk - c:\program files\Gajim\bin\gajim.exe [2013-7-18 1015808]
Persbackup.lnk - c:\program files\Personal Backup 5\Persbackup.exe /auto [2012-6-4 4068864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54        551296        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-12-14 17:36        8120864        ------w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"MobileConnect"=c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
.
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
R4 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-13 242240]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 117584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 samsung_hspa_datacard_cdc_acm;Samsung HSPA DataCard CDC-ACM driver;c:\windows\system32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [2010-01-15 68608]
S3 samsung_hspa_datacard_cdc_ecm;samsung_hspa_datacard_cdc_ecm;c:\windows\system32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [2010-01-15 81920]
S3 samsung_hspa_datacard_dc_enum;Samsung HSPA DataCard DC Enumerator;c:\windows\system32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [2010-01-15 62464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 21:08]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core.job
- c:\users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 09:50]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA.job
- c:\users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 09:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\PBG\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Mit Mipony herunterladen - file://c:\program files\MiPony\Browser\IEContext.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6CB44DBC-6166-496D-B83D-F8183DC7BE4B}: NameServer = 10.74.83.22 193.254.160.1
FF - ProfilePath - c:\users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-08-27 13:37; {20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}; c:\program files\Browser Guard\browserguard.xpi
FF - ExtSQL: 2013-09-02 23:32; hidecaptionplus-dp@dummy.addons.mozilla.org; c:\users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi
FF - ExtSQL: 2013-09-02 23:41; {D9A7CBEC-DE1A-444f-A092-844461596C4D}; c:\users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF - ExtSQL: 2013-10-07 19:47; EFGLQA@78ETGYN-0W7FN789T87.COM; c:\users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Windows Utils - c:\users\PBG\AppData\Roaming\Windows Net Data\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(972)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Zeit der Fertigstellung: 2013-10-19  21:04:28
ComboFix-quarantined-files.txt  2013-10-19 19:04
ComboFix2.txt  2013-10-16 13:48
ComboFix3.txt  2012-05-07 20:39
.
Vor Suchlauf: 290.070.528 Bytes frei
Nach Suchlauf: 1.914.769.408 Bytes frei
.
- - End Of File - - 4A87C3744A0D8053DF9680D13C0F4405
DDC4773EEF68EF7FAC87CF9235395CAB

M-K-D-B 19.10.2013 20:47
Servus,


ok, fehlen noch die anderen Schritte. :)

Malwarenervt 19.10.2013 21:02
Hatte nach einer halben Stunde das Programm abgebrochen, dann erschien die Meldung des Programms, dass es einen Systemneustart macht, und dann war das Log da.
Hat im Firefox nun eine Einstellungen geändert bei Tabmix.


Code:
Zoek.exe Version 4.0.0.5 Updated 17-October-2013
Tool run by PBG on 19.10.2013 at 21:19:17,42.
Microsoft Windows 7 Starter  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PBG\Desktop\zoek.scr [Script inserted]

==== System Restore Info ======================

19.10.2013 21:24:28 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311901130} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.de/");
user_pref("browser.search.defaulturl", "");
user_pref("browser.search.defaultengine", "");
user_pref("browser.search.order.1", "");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\prefs.js:

ProfilePath: C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default

user.js not found
---- Lines CT2269050 removed from prefs.js ----


---- Lines CT2269050 modified from prefs.js ----


---- Lines delta removed from prefs.js ----


---- Lines delta modified from prefs.js ----


---- Lines Lyric removed from prefs.js ----


---- Lines Lyric modified from prefs.js ----


---- Lines Customized removed from prefs.js ----


---- Lines Customized modified from prefs.js ----


---- Lines browser.startup.page removed from prefs.js ----


---- Lines browser.startup.page modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs__2144_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\Covus Freemium deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Program Files\Wondershare deleted
C:\Program Files\Common Files\Wondershare deleted
C:\Users\PBG\AppData\Roaming\Wondershare deleted
C:\ProgramData\Package Cache deleted
C:\Users\PBG\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\jetpack deleted
C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\CT2269050 deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}"="C:\Program Files\Browser Guard\browserguard.xpi" [27.08.2013 13:37]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}"="C:\Program Files\Browser Guard\browserguard.xpi" [27.08.2013 13:37]

==== Firefox Extensions ======================

ProfilePath: C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default
- QuickFox Notes - %ProfilePath%\extensions\amin.eft_bmnotes@gmail.com
- pricealarm - %ProfilePath%\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- NetVideoHunter - %ProfilePath%\extensions\netvideohunter@netvideohunter.com
- Zotero - %ProfilePath%\extensions\zotero@chnm.gmu.edu
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
- Default Full Zoom Level - %ProfilePath%\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
- <--Block site--> - %ProfilePath%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
- Bitdefender QuickScan - %ProfilePath%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
- Evernote Web Clipper - %ProfilePath%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
- Flash Video Downloader - %ProfilePath%\extensions\artur.dubovoy@gmail.com.xpi
- Bookmark Deduplicator - %ProfilePath%\extensions\bookmarkdeduplicator@foxhatdev.xpi
- everygain Translator - %ProfilePath%\extensions\ck@everygain.com.xpi
- Hide Caption Titlebar Plus. No mostrar la barra de titulo de FF - %ProfilePath%\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi
- ProxMate - Proxy on steroids - %ProfilePath%\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
- Clearly - %ProfilePath%\extensions\readable@evernote.com.xpi
- ScrapBook Plus - %ProfilePath%\extensions\scrapbookplus@addons.mozilla.org.xpi
- SortPlaces - %ProfilePath%\extensions\sortplaces@andyhalford.com.xpi
- Custom Tab Width - %ProfilePath%\extensions\tab-width@design-noir.de.xpi
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
- Integrated Inbox for Gmail amp; Google Apps - %ProfilePath%\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
- Gmail Manager - %ProfilePath%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
- Speed Dial - %ProfilePath%\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Flash Block - %ProfilePath%\extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default
4BF70B35B943BD73BD6E13EB7C1BA4B3        - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll -        Shockwave Flash
ABCB4A6EAB701C629378255ABCB308E5        - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -        Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9        - C:\windows\system32\npdeployJava1.dll -        Java Deployment Toolkit 7.0.250.17
7C2D69812B4292940FA908899D8EC5C0        - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll -        Google Talk Plugin Video Accelerator
FAD9BAB5134ABDAFFD3527F184145C63        - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npo1d.dll -        Google Talk Plugin Video Renderer
96CA51D6171DB07A50A39FEE896795A4        - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll -        Google Talk Plugin
3D928B3FE97C403A33F803B3D1A260C9        - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll -        Google Update
ECD88CDFC178E6A84DB1346EABF9F03F        - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll -        Adobe Acrobat
A5C14075B571AF1C9592595BE724D9D2        - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll -        Silverlight Plug-In
1F8FFDE82C52353906244AFDC6BAF2AB        - C:\Program Files\VideoLAN\VLC\npvlc.dll -        VLC Web Plugin
3509063A268A4197CF8E713BD22B0978        - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -        Windows Live® Photo Gallery
2AA3703D87E1327A2290C9D416D89A28        - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll -        Microsoft® Silverlight
15E298B5EC5B89C5994A59863969D9FF        - C:\windows\system32\npmproxy.dll -        Microsoft® Windows® Operating System


==== Deleting Files \ Folders ======================

"C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
kfepagcelbegkpkcjgfeecmlnmkedjin - C:\Program Files\Browser Guard\browserguard.crx[27.08.2013 13:34]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[]

Browser Guard - PBG - Default\Extensions\kfepagcelbegkpkcjgfeecmlnmkedjin

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.de/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.de/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{33FBE12B-0BE0-43B9-839C-DDA2D14D25AF} Google  Url="hxxp://www.google.de"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully

==== Empty IE Cache ======================

C:\Users\PBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PBG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\PBG\AppData\Local\Mozilla\Firefox\Profiles\moc6o292.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\PBG\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\PBG\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\34MFN3QL\ph-static.phncdn.com"  not found
"C:\Users\PBG\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\34MFN3QL\static.8-d.com"  not found
"C:\Users\PBG\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\34MFN3QL\www.redvak.com"  not found

==== EOF on 19.10.2013 at 21:54:45,20 ======================

M-K-D-B 19.10.2013 21:08
Servus,



ok, FRST wie beschrieben ausführen.

Malwarenervt 19.10.2013 21:18
Im Firefox hat es einiges verändert, ein Script ist anders.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by PBG (administrator) on PBG-PC on 19-10-2013 22:12:11
Running from C:\Users\PBG\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-12-12] (TrueCrypt Foundation)
HKCU\...\Run: [Spotify] - C:\Users\PBG\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-15] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\PBG\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gajim.lnk
ShortcutTarget: Gajim.lnk -> C:\Program Files\Gajim\bin\gajim.exe (Gajim Development Team)
Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE69F21F97EC1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {33FBE12B-0BE0-43B9-839C-DDA2D14D25AF} URL = hxxp://www.google.de
BHO: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files\Browser Guard\browserguard.dll (Browser Guard)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CB44DBC-6166-496D-B83D-F8183DC7BE4B}: [NameServer]10.74.83.22 193.254.160.1

FireFox:
========
FF ProfilePath: C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1%20%26%26%20url.indexOf('.png')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: QuickFox Notes - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\amin.eft_bmnotes@gmail.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\netvideohunter@netvideohunter.com
FF Extension: Zotero - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\zotero@chnm.gmu.edu
FF Extension: Flashblock - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: DownloadHelper - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Flash and Video Download - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF Extension: Block site - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF Extension: Bitdefender QuickScan - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Evernote Web Clipper - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF Extension: artur.dubovoy - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: bookmarkdeduplicator - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\bookmarkdeduplicator@foxhatdev.xpi
FF Extension: ck - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\ck@everygain.com.xpi
FF Extension: hidecaptionplus-dp - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF Extension: readable - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\readable@evernote.com.xpi
FF Extension: scrapbookplus - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\scrapbookplus@addons.mozilla.org.xpi
FF Extension: sortplaces - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\sortplaces@andyhalford.com.xpi
FF Extension: tab-width - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\tab-width@design-noir.de.xpi
FF Extension: testpilot - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: translator - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files\Browser Guard\browserguard.xpi
FF Extension: No Name - C:\Program Files\Browser Guard\browserguard.xpi

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-07] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)
R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-14] (DT Soft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
R3 samsung_hspa_datacard_cdc_acm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [68608 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_cdc_ecm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [81920 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_dc_enum; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [62464 2010-01-15] (Samsung)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\PBG\AppData\Local\Temp\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-19 21:51 - 2013-10-18 01:11 - 00024064 _____ C:\windows\zoek-delete.exe
2013-10-19 21:24 - 2013-10-19 21:54 - 00013104 _____ C:\zoek-results.log
2013-10-19 21:21 - 2013-10-19 21:21 - 04028526 _____ C:\Users\PBG\Desktop\zoek.zip
2013-10-19 21:21 - 2013-10-18 16:19 - 01267712 _____ C:\Users\PBG\Desktop\zoek.exe
2013-10-19 21:21 - 2013-10-18 01:26 - 01390123 _____ C:\Users\PBG\Desktop\zoek.scr
2013-10-19 21:21 - 2013-10-18 01:26 - 01390123 _____ C:\Users\PBG\Desktop\zoek.com
2013-10-19 21:18 - 2013-10-19 21:18 - 04161486 _____ C:\Users\PBG\Desktop\zoek.rar
2013-10-19 21:04 - 2013-10-19 21:04 - 00014278 _____ C:\ComboFix.txt
2013-10-19 19:55 - 2013-10-19 19:55 - 00187075 _____ C:\Users\PBG\Desktop\_b -.htm
2013-10-19 16:56 - 2013-10-19 16:56 - 01087515 _____ (Farbar) C:\Users\PBG\Desktop\FRST.exe
2013-10-17 09:47 - 2013-10-17 09:47 - 00891167 _____ C:\Users\PBG\Desktop\SecurityCheck.exe
2013-10-16 18:21 - 2013-10-16 18:32 - 00173550 _____ C:\Users\PBG\Desktop\SystemLook.txt
2013-10-16 18:20 - 2013-10-16 18:20 - 00139264 _____ C:\Users\PBG\Desktop\SystemLook.exe
2013-10-16 17:03 - 2013-10-16 17:03 - 00002838 _____ C:\Users\PBG\Desktop\JRT.txt
2013-10-16 16:55 - 2013-10-16 16:55 - 01033335 _____ (Thisisu) C:\Users\PBG\Desktop\JRT.exe
2013-10-16 16:48 - 2013-10-16 16:48 - 00017692 _____ C:\Users\PBG\Desktop\AdwCleaner[S0].txt
2013-10-16 16:36 - 2013-10-16 16:39 - 00000000 ____D C:\AdwCleaner
2013-10-16 16:35 - 2013-10-16 16:35 - 01048960 _____ C:\Users\PBG\Desktop\adwcleaner.exe
2013-10-16 12:56 - 2013-10-19 19:57 - 05135479 ____R (Swearware) C:\Users\PBG\Desktop\ComboFix.exe
2013-10-15 18:30 - 2013-10-15 18:30 - 00000000 ____D C:\FRST
2013-10-15 00:24 - 2013-10-15 00:24 - 00002090 _____ C:\Users\PBG\.recently-used.xbel
2013-10-07 21:25 - 2013-10-07 21:26 - 00000000 ____D C:\Program Files\Tracker Software
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\ProgramData\PDFEditor
2013-10-07 20:50 - 2013-09-02 19:09 - 00082896 _____ (Wondershare Software) C:\windows\system32\WSMonEditor.dll
2013-10-07 20:43 - 2013-10-07 21:13 - 00000000 ____D C:\Program Files\Pdf Editor
2013-10-07 20:42 - 2013-10-07 21:13 - 00723294 _____ C:\windows\unins000.exe
2013-10-07 20:42 - 2013-10-07 21:13 - 00680608 _____ C:\windows\unins000.dat
2013-10-07 20:41 - 2013-10-07 20:41 - 00000000 ____D C:\Program Files\AVI to MP4 Converter
2013-10-07 20:30 - 2013-10-07 20:30 - 00000000 ____D C:\Users\PBG\AppData\Local\PDF24
2013-10-07 20:21 - 2013-10-07 20:24 - 00000000 ____D C:\Program Files\PDF24
2013-10-07 19:48 - 2013-10-07 19:48 - 00010464 _____ C:\windows\system32\sx_p2d.tlb
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\soft Xpansion
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Freemium
2013-10-07 19:46 - 2013-10-07 19:46 - 00000000 ____D C:\Program Files\Browser Guard
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Lunascape
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Program Files\Lunascape
2013-09-23 22:14 - 2013-09-23 22:14 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2013-09-23 22:13 - 2013-09-23 22:13 - 00000000 ____D C:\Users\PBG\AppData\Local\MapleStudio
2013-09-19 02:04 - 2013-09-19 02:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-19 22:10 - 2010-03-30 01:13 - 01177228 _____ C:\windows\WindowsUpdate.log
2013-10-19 22:08 - 2012-12-17 23:57 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-19 22:02 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-19 22:02 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-19 21:58 - 2013-09-17 08:35 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Gajim
2013-10-19 21:57 - 2013-07-24 18:21 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Spotify
2013-10-19 21:54 - 2013-10-19 21:24 - 00013104 _____ C:\zoek-results.log
2013-10-19 21:53 - 2010-04-03 07:54 - 00235754 _____ C:\windows\PFRO.log
2013-10-19 21:53 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-19 21:53 - 2009-07-14 06:39 - 00154160 _____ C:\windows\setupact.log
2013-10-19 21:44 - 2013-03-27 21:55 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-10-19 21:21 - 2013-10-19 21:21 - 04028526 _____ C:\Users\PBG\Desktop\zoek.zip
2013-10-19 21:18 - 2013-10-19 21:18 - 04161486 _____ C:\Users\PBG\Desktop\zoek.rar
2013-10-19 21:04 - 2013-10-19 21:04 - 00014278 _____ C:\ComboFix.txt
2013-10-19 21:04 - 2012-05-07 22:13 - 00000000 ____D C:\Qoobox
2013-10-19 20:21 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-10-19 19:57 - 2013-10-16 12:56 - 05135479 ____R (Swearware) C:\Users\PBG\Desktop\ComboFix.exe
2013-10-19 19:55 - 2013-10-19 19:55 - 00187075 _____ C:\Users\PBG\Desktop\_b -.htm
2013-10-19 17:00 - 2011-12-10 23:01 - 00000000 ____D C:\Users\PBG\Desktop\Ablage
2013-10-19 16:56 - 2013-10-19 16:56 - 01087515 _____ (Farbar) C:\Users\PBG\Desktop\FRST.exe
2013-10-19 16:54 - 2011-12-21 19:42 - 00000000 ____D C:\Users\PBG\AppData\Roaming\vlc
2013-10-19 09:47 - 2013-08-06 22:32 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-19 08:52 - 2012-05-07 17:05 - 00000000 ____D C:\Users\PBG\AppData\Local\Apps\2.0
2013-10-18 16:19 - 2013-10-19 21:21 - 01267712 _____ C:\Users\PBG\Desktop\zoek.exe
2013-10-18 07:10 - 2009-07-26 22:06 - 01514382 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-18 01:26 - 2013-10-19 21:21 - 01390123 _____ C:\Users\PBG\Desktop\zoek.scr
2013-10-18 01:26 - 2013-10-19 21:21 - 01390123 _____ C:\Users\PBG\Desktop\zoek.com
2013-10-18 01:11 - 2013-10-19 21:51 - 00024064 _____ C:\windows\zoek-delete.exe
2013-10-17 09:47 - 2013-10-17 09:47 - 00891167 _____ C:\Users\PBG\Desktop\SecurityCheck.exe
2013-10-16 18:32 - 2013-10-16 18:21 - 00173550 _____ C:\Users\PBG\Desktop\SystemLook.txt
2013-10-16 18:20 - 2013-10-16 18:20 - 00139264 _____ C:\Users\PBG\Desktop\SystemLook.exe
2013-10-16 17:03 - 2013-10-16 17:03 - 00002838 _____ C:\Users\PBG\Desktop\JRT.txt
2013-10-16 16:55 - 2013-10-16 16:55 - 01033335 _____ (Thisisu) C:\Users\PBG\Desktop\JRT.exe
2013-10-16 16:48 - 2013-10-16 16:48 - 00017692 _____ C:\Users\PBG\Desktop\AdwCleaner[S0].txt
2013-10-16 16:46 - 2013-07-24 18:21 - 00000000 ____D C:\Users\PBG\AppData\Local\Spotify
2013-10-16 16:39 - 2013-10-16 16:36 - 00000000 ____D C:\AdwCleaner
2013-10-16 16:35 - 2013-10-16 16:35 - 01048960 _____ C:\Users\PBG\Desktop\adwcleaner.exe
2013-10-16 15:48 - 2012-05-08 23:53 - 00000000 ____D C:\Users\1
2013-10-15 18:30 - 2013-10-15 18:30 - 00000000 ____D C:\FRST
2013-10-15 17:44 - 2011-12-02 18:00 - 00000079 _____ C:\Users\PBG\Documents\Powers.log
2013-10-15 00:36 - 2012-02-09 13:40 - 00000000 ____D C:\Users\PBG\.gimp-2.6
2013-10-15 00:24 - 2013-10-15 00:24 - 00002090 _____ C:\Users\PBG\.recently-used.xbel
2013-10-15 00:24 - 2012-02-09 13:45 - 00000000 ____D C:\Users\PBG\AppData\Roaming\gtk-2.0
2013-10-15 00:24 - 2010-07-14 14:01 - 00000000 ____D C:\Users\PBG
2013-10-12 09:39 - 2011-12-21 19:49 - 00000000 ____D C:\Program Files\No23 Recorder
2013-10-11 18:56 - 2012-08-07 15:54 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Orbit
2013-10-11 15:04 - 2009-07-14 04:37 - 00000000 ____D C:\windows\schemas
2013-10-09 23:08 - 2012-04-17 23:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-10-09 23:08 - 2011-05-23 21:03 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 20:39 - 2012-10-28 13:46 - 00000000 ____D C:\Users\PBG\Desktop\Dokumente
2013-10-07 21:26 - 2013-10-07 21:25 - 00000000 ____D C:\Program Files\Tracker Software
2013-10-07 21:22 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-07 21:13 - 2013-10-07 20:43 - 00000000 ____D C:\Program Files\Pdf Editor
2013-10-07 21:13 - 2013-10-07 20:42 - 00723294 _____ C:\windows\unins000.exe
2013-10-07 21:13 - 2013-10-07 20:42 - 00680608 _____ C:\windows\unins000.dat
2013-10-07 20:50 - 2013-10-07 20:50 - 00000000 ____D C:\ProgramData\PDFEditor
2013-10-07 20:41 - 2013-10-07 20:41 - 00000000 ____D C:\Program Files\AVI to MP4 Converter
2013-10-07 20:30 - 2013-10-07 20:30 - 00000000 ____D C:\Users\PBG\AppData\Local\PDF24
2013-10-07 20:24 - 2013-10-07 20:21 - 00000000 ____D C:\Program Files\PDF24
2013-10-07 19:48 - 2013-10-07 19:48 - 00010464 _____ C:\windows\system32\sx_p2d.tlb
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\soft Xpansion
2013-10-07 19:48 - 2013-10-07 19:48 - 00000000 ____D C:\Program Files\Common Files\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\ProgramData\Freemium
2013-10-07 19:47 - 2013-10-07 19:47 - 00000000 ____D C:\Program Files\Freemium
2013-10-07 19:46 - 2013-10-07 19:46 - 00000000 ____D C:\Program Files\Browser Guard
2013-10-06 18:33 - 2012-03-03 02:28 - 00008704 _____ C:\Users\PBG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-03 19:49 - 2012-05-06 10:35 - 00000000 ____D C:\Users\PBG\Desktop\House
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Lunascape
2013-10-01 20:52 - 2013-10-01 20:52 - 00000000 ____D C:\Program Files\Lunascape
2013-10-01 20:28 - 2012-05-01 18:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-26 15:49 - 2012-02-03 20:16 - 00000000 ____D C:\Users\PBG\AppData\Local\Mozilla
2013-09-23 22:14 - 2013-09-23 22:14 - 00000000 ____D C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2013-09-23 22:13 - 2013-09-23 22:13 - 00000000 ____D C:\Users\PBG\AppData\Local\MapleStudio
2013-09-19 02:04 - 2013-09-19 02:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 14:21

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2013
Ran by PBG at 2013-10-19 22:14:35
Running from C:\Users\PBG\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9.5.4 - Deutsch (Version: 9.5.4)
Atheros Client Installation Program (Version: 1.0.1.0805)
Audacity 2.0
Aurora 15.0a2 (x86 en-US) (Version: 15.0a2)
Avira Free Antivirus (Version: 12.0.0.1199)
BatteryLifeExtender (Version: 1.0.1)
Browser Guard
Canon MP640 series MP Drivers
ChargeableUSB (Version: 1.0.0.0)
Combined Community Codec Pack 2012-12-30 (Version: 2012.12.30.0)
CoolNovo (HKCU Version: 2.0.9.20)
DAEMON Tools Lite (Version: 4.46.1.0327)
Easy Display Manager (Version: 3.1)
Easy Resolution Manager (Version: 1.0.0)
Easy SpeedUp Manager (Version: 3.0.0.5)
EasyBatteryManager (Version: 4.0.0.3)
Eraser 6.0.10.2620 (Version: 6.0.2620)
ESET Online Scanner v3
Free Pdf Perfect Prereq (Version: 1.0.0.0)
Free YouTube to MP3 Converter version 3.12.1.320 (Version: 3.12.1.320)
Freemium Free PDF Perfect (Version: 1.0)
FxPro cTrader (HKCU Version: 1.0.187.14853)
Gajim (Version: 0.15.4)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Talk Plugin (Version: 4.0.3.13724)
GoToMeeting 5.4.0.1083 (HKCU Version: 5.4.0.1083)
GSpot Codec Information Appliance
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Matrix Storage Manager
Internet Explorer (Version: 8)
IrfanView (remove only) (Version: 4.27)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 22 (Version: 6.0.220)
JDownloader 0.9 (Version: 0.9)
JDownloader 2 (Version: 2)
Kill-ID 1.2.4.0 für Chrome (Version: 1.2.5.0)
LAME v3.99.3 (for Windows)
Live Usb Helper 0.0.8 (Version: 0.0.8)
Lunascape6 (All Users) (Version: 6.8.8.26908)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Marvell Miniport Driver (Version: 11.22.3.3)
Maxthon 3 (Version: )
MetaTrader - Alpari UK (Version: 4.00)
MetaTrader 5 - Alpari (Version: 5.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MiPony 2.0.5 (Version: 2.0.5)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
Mp3tag v2.51 (Version: v2.51)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
No23 Recorder (Version: 2.1.0.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 12.02 (Version: 12.02.1578)
PC Inspector File Recovery (Version: 4.0)
Pdf Editor
PDF24 Creator 5.7.0
PDF-Viewer (Version: 2.5.211.0)
Personal Backup 5.3 (Version: 5.3)
Photo Notifier and Animation Creator (Version: 1.0.0.1009)
Realtek High Definition Audio Driver (Version: 6.0.1.6003)
REALTEK Wireless LAN Software (Version: 1.01.0088)
Recuva (Version: 1.41)
Samsung HSPA DataCard 4.3.29.7814 (Version: 4.3.29.7814)
Samsung PC Studio 3 (Version: 3.0.0.80502)
Samsung PC Studio 3 (Version: 3.2.2.80502)
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center (Version: 1.0.21)
Samsung Update Plus (Version: 2.0)
Security Task Manager 1.8d (Version: 1.8d)
Skype™ 6.3 (Version: 6.3.105)
Smart Data Recovery v4.4 (Version: 4.4)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
StreamTransport version: 1.0.2.2171
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (Version: v2011.build.49)
SUPERAntiSpyware (Version: 5.0.1148)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
TreeSize Free V2.6 (Version: 2.6)
TrueCrypt (Version: 7.1)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
VLC media player 2.0.1 (Version: 2.0.1)
Web Stream Recorder (Version: 2012)
WIDCOMM Bluetooth Software (Version: 6.2.1.800)
WinCDEmu (Version: 3.6)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WinRAR 4.01 (32-Bit) (Version: 4.01.0)
WinZip 15.0 (Version: 15.0.9411)
Wondershare PDF Editor(Build 3.2.1) (Version: 3.2.1.4)

==================== Restore Points  =========================

19-10-2013 19:24:09 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-10-16 13:33 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {007CDB13-9A85-4C91-9D9C-46B0323475C5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {07054065-D5E7-43A1-980B-029B5E0A1E6E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {170A8CC5-0D5A-40FA-A939-88987135FB59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23] (Google Inc.)
Task: {2040EE57-16FB-4B7D-BE4C-A52C582B6CFA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {2FB03B01-9A50-432D-B2F6-A6ABF3CE72D6} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {35B53D74-7BD0-415F-8788-228A07E1798D} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {3858A9F6-E3E9-4E1F-A053-4C7247FC5E27} - System32\Tasks\{1F4A8F47-3B7B-4820-974E-10DEFB463717} => C:\Program Files\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {4B135B37-96FB-4315-B22F-E2306D9C2033} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {5867E881-21CB-46DE-8849-D8D46C1F1671} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {61D93823-470D-4A98-ABAF-181F276A233A} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {7A4B8E2C-7DF7-4320-AAFA-CE940C32ABF9} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {B817FC75-95FE-474D-BFD7-40D7C916B103} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23] (Google Inc.)
Task: {C5C921F7-6EA0-46C1-9D95-39C631431BBA} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {D7B15C67-888D-401F-9E30-5841FED2A709} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-12-21] (Samsung Electronics Co., Ltd.)
Task: {DA267BBB-D73E-49E1-8CFC-8D074AADF88E} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\mxup.exe [2013-03-28] (Maxthon International ltd.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core.job => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA.job => C:\Users\PBG\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-29 09:44 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2013-09-19 02:04 - 2013-09-19 02:04 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-09 23:08 - 2013-10-09 23:08 - 16233864 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2013 08:00:42 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x800706be).

Error: (10/17/2013 06:44:18 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 06:44:08 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 06:41:17 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 06:40:36 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 06:38:50 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 06:36:06 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 06:34:54 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/17/2013 00:16:35 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059bef
ID des fehlerhaften Prozesses: 0x758
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3


System errors:
=============
Error: (10/19/2013 09:54:24 PM) (Source: Service Control Manager) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/19/2013 09:44:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (10/19/2013 09:44:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (10/19/2013 09:44:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (10/19/2013 09:44:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (10/19/2013 09:44:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (10/19/2013 09:03:52 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/19/2013 08:21:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (10/19/2013 08:13:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (10/19/2013 08:02:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (10/19/2013 08:00:42 PM) (Source: System Restore)(User: )
Description: C:\windows\system32\wbem\wmiprvse.exeComboFix created restore point0x800706be

Error: (10/17/2013 06:44:18 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest

Error: (10/17/2013 06:44:08 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe

Error: (10/17/2013 06:41:17 AM) (Source: SideBySide)(User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files\windows live\messenger\wlcsdk.exe

Error: (10/17/2013 06:40:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\WinCDEmu\vmnt64.exe

Error: (10/17/2013 06:38:50 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\metatrader 5 - alpari\metatester64.exe

Error: (10/17/2013 06:36:06 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (10/17/2013 06:34:54 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest

Error: (10/17/2013 00:16:35 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d6727a7ntdll.dll6.1.7601.177254ec49b60c000000500059bef75801ceca8023dee94eC:\windows\explorer.exeC:\windows\SYSTEM32\ntdll.dll9dd904a9-36b0-11e3-bbd8-d3d1729e5d24


==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 2037.27 MB
Available physical RAM: 841.7 MB
Total Pagefile: 4074.54 MB
Available Pagefile: 2637.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:2.63 GB) NTFS
Drive d: () (Fixed) (Total:159.19 GB) (Free:10.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: ECF7FF98)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=159 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 20.10.2013 10:11
Servus,


Zitat:
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'h ttp%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F% 2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunc hyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C %7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(ur l%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2F www.iheart.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1%20%26%26%20url.indexOf('.png')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fww w.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20% 7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20(url.inde xOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2 C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
Hast du diesen Proxy-Server gesetzt?



Zitat:
C:\Users\PBG\AppData\Roaming\Mozilla\Firefox\Profiles\moc6o292.default\prefs__2144_.backup
Diese Datei in prefs.js umbenennen und alles ist wieder wie vorher.



Wie läuft der Rechner momentan? Noch Probleme?

Malwarenervt 20.10.2013 12:05
Ich bin mir nicht sicher, aber ich glaube diesen Proxy habe ich nicht eingestellt, wüsste nicht wieso.

Werbebanner ist weg bei Google :abklatsch:

Finde aber den Ordner Benutzer nicht mehr, nachdem ich versteckte Dateien anzeigen lassen wollte, weil zuerst der Ordner AppDate nicht da war. Aber das müsste bei mir glaube ich der Ordner Programm Data sein. Aber da ist auch kein Roaming/Mozilla.
Was nun?

M-K-D-B 20.10.2013 12:15
Servus,



Unter Start > Computer > Laufwerk C > Benutzer sollte sich "PBG" finden.



Dann entfernen wir noch den Proxy und kontrollieren ganz kurz:

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1%20%26%26%20url.indexOf('.png')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von SecurityCheck.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:50 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131