Trojaner-Board - Windows 7 Sicherheitszentrum

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Windows 7 Sicherheitszentrum (https://www.trojaner-board.de/143271-windows-7-sicherheitszentrum.html)

Hallo,
habe combofix geladen und auf dem Desktop installiert, W-Lan Zugang deaktiviert, Avira abgeschaltet, Combofix gestarten, (hat kurz gemeckert) aber gearbeitet. Es gab keinen Neustart bisher. LogDatei füge ich bei.
Danke, Gruß funckmax

Code:

ComboFix 13-10-23.02 - Max Funcke 23.10.2013  17:38:19.1.2 - x86

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3071.2053 [GMT 2:00]

ausgeführt von:: c:\users\Max Funcke\Documents\Downloads\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Max Funcke\AppData\Local\assembly\tmp

C:\VDM28D4.tmp

C:\VDM28F4.tmp

C:\VDM9BE5.tmp

C:\VDM9BF6.tmp

C:\VDMAE9C.tmp

C:\VDMAE9D.tmp

c:\windows\Installer\{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe

c:\windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe

c:\windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe

c:\windows\IsUn0407.exe

c:\windows\system32\~GLH0250.TMP

c:\windows\system32\~GLH0254.TMP

c:\windows\system32\~GLH0255.TMP

c:\windows\system32\~GLH025a.TMP

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\roboot.exe

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-09-23 bis 2013-10-23  ))))))))))))))))))))))))))))))

.

.

2013-10-23 15:43 . 2013-10-23 15:43        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-10-22 17:13 . 2013-10-22 17:13        --------        d-----w-        C:\FRST

2013-10-22 09:12 . 2013-10-22 09:27        --------        d-----w-        c:\users\Max Funcke\AppData\Local\Mobogenie

2013-10-22 09:12 . 2013-10-22 09:12        --------        d-----w-        c:\users\Max Funcke\AppData\Local\cache

2013-10-21 14:41 . 2013-10-21 14:48        --------        d-----w-        c:\program files\Optimizer Pro

2013-10-21 14:32 . 2013-10-21 14:47        --------        d-----w-        c:\program files\PC Speed Maximizer

2013-10-21 14:23 . 2013-10-22 17:32        --------        d-----w-        c:\program files\MyPC Backup

2013-10-21 14:21 . 2013-10-21 14:21        --------        d-----w-        c:\users\Max Funcke\AppData\Local\BonanzaDealsLive

2013-10-21 14:21 . 2013-10-21 14:21        --------        d-----w-        c:\programdata\BonanzaDealsLive

2013-10-21 14:21 . 2013-10-22 08:59        --------        d-----w-        c:\program files\BonanzaDeals

2013-10-21 14:21 . 2013-10-22 17:32        --------        d-----w-        c:\users\Max Funcke\AppData\Roaming\Systweak

2013-10-21 14:20 . 2013-10-21 14:20        --------        d-----w-        c:\users\Max Funcke\AppData\Roaming\DigitalSite

2013-10-21 14:20 . 2013-10-21 14:20        --------        d-----w-        c:\programdata\Babylon

2013-09-25 14:07 . 2013-09-25 14:07        263680        --sha-r-        c:\windows\system32\taskengg.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-10 11:51 . 2013-02-14 11:53        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-10-10 11:51 . 2011-09-13 08:26        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-10 11:51 . 2013-05-29 14:51        17813896        ----a-w-        c:\windows\system32\FlashPlayerInstaller.exe

2013-10-01 14:15 . 2013-05-06 10:01        67680        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2013-10-01 14:15 . 2012-10-09 16:02        89376        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2013-10-01 14:15 . 2012-10-09 16:02        37352        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2013-10-01 14:15 . 2012-10-09 16:02        137208        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-09-07 11:58 . 2011-04-03 16:44        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-01 681032]

"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2009 Zahlungserinnerung.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2009 Zahlungserinnerung.lnk

backup=c:\windows\pss\Quicken 2009 Zahlungserinnerung.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2012 Zahlungserinnerung.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2012 Zahlungserinnerung.lnk

backup=c:\windows\pss\Quicken 2012 Zahlungserinnerung.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk

backup=c:\windows\pss\t@x aktuell.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2009-11-06 15:09        377712        ----a-w-        c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

2009-11-06 15:09        962688        ----a-w-        c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-09-05 14:03        958576        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]

2010-04-02 08:18        1185112        ----a-w-        c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CDAServer]

2010-12-17 16:12        332288        ----a-w-        c:\program files\Common Files\Common Desktop Agent\CDASrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]

2010-03-04 03:16        284696        ----a-w-        c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]

2011-07-31 12:07        189808        ----a-w-        c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2012-02-17 16:41        8555040        ----a-w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2010-05-27 19:34        98304        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2012-04-05 17:50        1242448        ----a-w-        c:\program files\Steam\steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2009-11-06 15:06        4389592        ----a-w-        c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2012-02-17 28144]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 16472]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 11104]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]

R4 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2012-02-17 20992]

R4 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2012-02-17 20992]

R4 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2012-02-17 20992]

R4 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]

R4 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]

S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2012-02-19 902432]

S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2012-02-17 29208]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-01 37352]

S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2012-02-17 55888]

S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-17 176128]

S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2013-10-01 948296]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-10-01 440392]

S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-10-01 1164360]

S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2012-03-19 514128]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-17 13336]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-14 5120]

S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2012-02-17 318488]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

BullGuard_Main        REG_MULTI_SZ           BsMain

BullGuard        REG_MULTI_SZ           BsFileScan BsMailProxy

.

Inhalt des "geplante Tasks" Ordners

.

2013-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-14 11:51]

.

2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-04 16:41]

.

2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-04 16:41]

.

2013-10-23 c:\windows\Tasks\WFSRUCH.job

- c:\windows\system32\taskengg.dll [2013-09-25 14:07]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

mStart Page = about:blank

mWindow Title = Microsoft Internet Explorer

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4

LSP: c:\windows\system32\BGLsp.dll

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

Trusted Zone: samsungsetup.com\www

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)

HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2012 Zahlungserinnerung.lnk - c:\windows\Installer\{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk - c:\windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk - c:\windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-CLMLServer - c:\program files\CyberLink\Power2Go\CLMLSvc.exe

MSConfigStartUp-cryptMate Manager - c:\program files\REINER SCT\mateSuite\mscmmgr.exe

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-mateSuite Suspend Manager - c:\program files\REINER SCT\mateSuite\mssm.exe

MSConfigStartUp-OmniPage - c:\program files\Caere\OmniPagePro90\opware32.exe

MSConfigStartUp-passMate Manager - c:\program files\REINER SCT\mateSuite\mspmmgr.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-10-23  17:45:03

ComboFix-quarantined-files.txt  2013-10-23 15:45

.

Vor Suchlauf: 13 Verzeichnis(se), 871.448.469.504 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 872.265.265.152 Bytes frei

.

- - End Of File - - AA4EE6C09CA2E0D31BA8A14E7761E626

AF61BB4FAA057B87DC31CA5DF0B39CB7

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hi, anbei die erste Logdatei

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.10.25.03
 

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.7600.16385

Max Funcke :: ALDIPC [Administrator]
 

Schutz: Aktiviert
 

25.10.2013 11:59:33

mbam-log-2013-10-25 (11-59-33).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 289450

Laufzeit: 8 Minute(n), 21 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 4

HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 1

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0H1L1J1L1S1R1N -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 11

C:\Documents and Settings\Max Funcke\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Max Funcke\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Documents and Settings\Max Funcke\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Documents and Settings\Max Funcke\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Max Funcke\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Max Funcke\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 19

C:\Documents and Settings\Max Funcke\Documents\Downloads\ZipExtractorSetup(1).exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Documents and Settings\Max Funcke\Documents\Downloads\ZipExtractorSetup(2).exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Documents and Settings\Max Funcke\Documents\Downloads\ZipExtractorSetup(3).exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Documents and Settings\Max Funcke\Documents\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Max Funcke\Documents\Downloads\ZipExtractorSetup(1).exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Max Funcke\Documents\Downloads\ZipExtractorSetup(2).exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Max Funcke\Documents\Downloads\ZipExtractorSetup(3).exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Max Funcke\Documents\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Documents and Settings\Max Funcke\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Max Funcke\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Documents and Settings\Max Funcke\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Documents and Settings\Max Funcke\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Documents and Settings\Max Funcke\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Documents and Settings\Max Funcke\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Max Funcke\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Max Funcke\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Max Funcke\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Max Funcke\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Hallo, anbei die 2. Logdatei

Code:

# AdwCleaner v3.010 - Bericht erstellt am 25/10/2013 um 12:21:53

# Updated 20/10/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium  (32 bits)

# Benutzername : Max Funcke - ALDIPC

# Gestartet von : C:\Users\Max Funcke\Downloads\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\Program Files\BonanzaDeals

Ordner Gelöscht : C:\Program Files\MyPC Backup 

Ordner Gelöscht : C:\Program Files\optimizer pro

Ordner Gelöscht : C:\Program Files\PC Speed Maximizer

Ordner Gelöscht : C:\Users\Max Funcke\AppData\LocalLow\softonic-de3

Ordner Gelöscht : C:\Users\Max Funcke\AppData\Roaming\digitalsite

Ordner Gelöscht : C:\Users\Max Funcke\AppData\Roaming\Systweak

Datei Gelöscht : C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\searchplugins\Conduit.xml

Datei Gelöscht : C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\user.js

Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\digitalsite

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98CEC02C-99F0-47DE-B089-80FE9C14B0AD}

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98CEC02C-99F0-47DE-B089-80FE9C14B0AD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-photoshop-elements_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-photoshop-elements_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_netskat_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_netskat_RASMANCS

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gelöscht : HKCU\Software\dsiteproducts

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\Software\systweak
 

***** [ Browser ] *****
 

-\\ Internet Explorer v8.0.7600.17267
 
 

-\\ Mozilla Firefox v24.0 (de)
 

[ Datei : C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "softonic-de3 Customized Web Search");

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}");
 

*************************
 

AdwCleaner[R0].txt - [3860 octets] - [25/10/2013 12:20:07]

AdwCleaner[S0].txt - [3817 octets] - [25/10/2013 12:21:53]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3877 octets] ##########

Hi, anbei junkwarelog:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows 7 Home Premium x86

Ran by Max Funcke on 25.10.2013 at 12:28:22,56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasmancs
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Max Funcke\AppData\Roaming\mozilla\firefox\profiles\rkxjz51e.default\minidumps [89 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 25.10.2013 at 12:30:51,28

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hallo, jetzt noch das FRST Log:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01

Ran by Max Funcke (administrator) on ALDIPC on 25-10-2013 12:38:48

Running from C:\Users\Max Funcke\Downloads

Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(REINER SCT) C:\Windows\system32\cjpcsc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Mozilla Corporation) C:\Users\Max Funcke\AppData\Local\Mozilla Firefox\firefox.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()

HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()

HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()

HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {4B485EF4-889E-4A2D-98F9-ED6CEDE22D33} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

SearchScopes: HKCU - {4B485EF4-889E-4A2D-98F9-ED6CEDE22D33} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - No Name - {8C3887BA-3367-4297-B288-13472BD407E4} -  No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Winsock: Catalog9 01 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 02 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 03 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 04 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 05 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 06 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 07 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 08 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 10 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 11 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 13 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 15 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 18 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 19 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 29 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 30 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 000000000100 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000101 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000102 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000103 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000104 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000105 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000106 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000107 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000108 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000109 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000110 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default

FF DefaultSearchEngine: Startpage HTTPS - Deutsch

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\searchplugins\ixquick-https---deutsch.xml

FF SearchPlugin: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\searchplugins\startpage-https---deutsch.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

FF Extension: No Name - C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF StartMenuInternet: FIREFOX.EXE - C:\Users\Max Funcke\AppData\Local\Mozilla Firefox\firefox.exe
 

========================== Services (Whitelisted) =================
 

S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2012-02-17] ()

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [619408 2009-11-06] (Acronis)

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [948296 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S4 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [x]

S4 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [x]

S4 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [x]

S4 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]

S4 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [29208 2012-02-17] (Agnitum Ltd.)

R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [318488 2012-02-17] (Agnitum Ltd.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [55888 2012-02-17] (BullGuard Ltd.)

R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)

S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2012-02-17] (REINER SCT)

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2012-02-17] (Microsoft Corporation)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2012-02-17] (Samsung Electronics Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-08-16] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-08-16] ()

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-10-09] (Avira GmbH)

R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2011-03-14] (Samsung Electronics)

R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2012-02-19] (Acronis)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2012-02-17] (Microsoft Corporation)

S3 catchme; \??\C:\Users\MAXFUN~1\AppData\Local\Temp\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-25 12:38 - 2013-10-25 12:38 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST.exe

2013-10-25 12:30 - 2013-10-25 12:30 - 00001401 _____ C:\Users\Max Funcke\Desktop\JRT.txt

2013-10-25 12:28 - 2013-10-25 12:28 - 01033335 _____ (Thisisu) C:\Users\Max Funcke\Downloads\JRT.exe

2013-10-25 12:28 - 2013-10-25 12:28 - 00000000 ____D C:\Windows\ERUNT

2013-10-25 12:18 - 2013-10-25 12:21 - 00000000 ____D C:\AdwCleaner

2013-10-25 12:18 - 2013-10-25 12:18 - 01060070 _____ C:\Users\Max Funcke\Downloads\adwcleaner.exe

2013-10-25 11:56 - 2013-10-25 11:56 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-25 11:56 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-23 17:45 - 2013-10-23 17:45 - 00014235 _____ C:\ComboFix.txt

2013-10-23 17:36 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-23 17:36 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-23 17:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-23 17:33 - 2013-10-23 17:45 - 00000000 ____D C:\Qoobox

2013-10-23 17:33 - 2013-10-23 17:44 - 00000000 ____D C:\Windows\erdnt

2013-10-23 17:29 - 2013-10-23 17:32 - 00001373 _____ C:\Users\Max Funcke\Desktop\ComboFix.exe.lnk

2013-10-22 19:13 - 2013-10-22 19:13 - 00000000 ____D C:\FRST

2013-10-22 19:10 - 2013-10-22 19:10 - 00000094 _____ C:\Users\Max Funcke\AppData\Roaming\WB.CFG

2013-10-22 11:12 - 2013-10-22 19:09 - 00000890 _____ C:\Users\Max Funcke\daemonprocess.txt

2013-10-22 11:12 - 2013-10-22 11:27 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\Documents\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\cache

2013-10-21 16:59 - 2013-10-21 16:59 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup(1).exe

2013-10-21 16:58 - 2013-10-21 16:58 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup.exe

2013-10-18 15:37 - 2013-10-18 15:40 - 00005006 _____ C:\Users\Max Funcke\Desktop\Windows Compatibility Report.htm

2013-10-10 14:48 - 2013-10-10 14:48 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-10-02 14:38 - 2013-10-02 14:38 - 00281896 _____ (Mozilla) C:\Users\Max Funcke\Downloads\Firefox Setup Stub 24.0.exe

2013-10-01 14:03 - 2013-03-02 07:06 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-01 14:03 - 2013-03-02 07:05 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-01 14:03 - 2013-03-02 07:05 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 06032384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 11019776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 02077184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-01 14:03 - 2013-03-02 06:03 - 00386048 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-10-01 14:03 - 2013-03-02 05:30 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-10-01 14:03 - 2013-03-02 05:29 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-01 14:03 - 2013-03-02 05:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-10-01 13:34 - 2013-10-01 13:34 - 237088386 _____ C:\Windows\MEMORY.DMP

2013-10-01 13:34 - 2013-10-01 13:34 - 00143840 _____ C:\Windows\Minidump\100113-20420-01.dmp

2013-09-26 10:52 - 2013-09-26 10:52 - 97892804 _____ C:\Windows\system32\虖ꟁᬌd

2013-09-25 16:07 - 2013-10-25 12:28 - 00000326 _____ C:\Windows\Tasks\WFSRUCH.job

2013-09-25 16:07 - 2013-09-25 16:07 - 00263680 __RSH C:\Windows\system32\taskengg.dll
 

==================== One Month Modified Files and Folders =======
 

2013-10-25 12:38 - 2013-10-25 12:38 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST.exe

2013-10-25 12:31 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-25 12:31 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-25 12:30 - 2013-10-25 12:30 - 00001401 _____ C:\Users\Max Funcke\Desktop\JRT.txt

2013-10-25 12:28 - 2013-10-25 12:28 - 01033335 _____ (Thisisu) C:\Users\Max Funcke\Downloads\JRT.exe

2013-10-25 12:28 - 2013-10-25 12:28 - 00000000 ____D C:\Windows\ERUNT

2013-10-25 12:28 - 2013-09-25 16:07 - 00000326 _____ C:\Windows\Tasks\WFSRUCH.job

2013-10-25 12:24 - 2010-11-04 15:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-25 12:23 - 2010-11-04 15:19 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-25 12:23 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-25 12:23 - 2009-07-14 06:39 - 00008004 _____ C:\Windows\setupact.log

2013-10-25 12:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing

2013-10-25 12:22 - 2010-09-30 13:01 - 01085813 _____ C:\Windows\WindowsUpdate.log

2013-10-25 12:21 - 2013-10-25 12:18 - 00000000 ____D C:\AdwCleaner

2013-10-25 12:18 - 2013-10-25 12:18 - 01060070 _____ C:\Users\Max Funcke\Downloads\adwcleaner.exe

2013-10-25 12:14 - 2010-10-23 18:00 - 00000000 ____D C:\Windows\pss

2013-10-25 12:14 - 2010-09-30 18:17 - 00557048 _____ C:\Windows\PFRO.log

2013-10-25 11:56 - 2013-10-25 11:56 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-25 11:49 - 2013-05-29 16:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-23 17:48 - 2010-06-29 15:26 - 01621294 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-23 17:45 - 2013-10-23 17:45 - 00014235 _____ C:\ComboFix.txt

2013-10-23 17:45 - 2013-10-23 17:33 - 00000000 ____D C:\Qoobox

2013-10-23 17:45 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public

2013-10-23 17:44 - 2013-10-23 17:33 - 00000000 ____D C:\Windows\erdnt

2013-10-23 17:43 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini

2013-10-23 17:32 - 2013-10-23 17:29 - 00001373 _____ C:\Users\Max Funcke\Desktop\ComboFix.exe.lnk

2013-10-22 19:13 - 2013-10-22 19:13 - 00000000 ____D C:\FRST

2013-10-22 19:10 - 2013-10-22 19:10 - 00000094 _____ C:\Users\Max Funcke\AppData\Roaming\WB.CFG

2013-10-22 19:09 - 2013-10-22 11:12 - 00000890 _____ C:\Users\Max Funcke\daemonprocess.txt

2013-10-22 11:27 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\Documents\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\cache

2013-10-22 11:12 - 2010-09-30 13:08 - 00000000 ____D C:\Users\Max Funcke

2013-10-21 16:59 - 2013-10-21 16:59 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup(1).exe

2013-10-21 16:58 - 2013-10-21 16:58 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup.exe

2013-10-21 16:21 - 2010-10-15 11:50 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Google

2013-10-18 16:55 - 2012-02-17 18:07 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-18 15:41 - 2012-02-04 08:35 - 00013668 _____ C:\Windows\diagwrn.xml

2013-10-18 15:41 - 2012-02-04 08:35 - 00001908 _____ C:\Windows\diagerr.xml

2013-10-18 15:40 - 2013-10-18 15:37 - 00005006 _____ C:\Users\Max Funcke\Desktop\Windows Compatibility Report.htm

2013-10-18 15:31 - 2009-07-14 06:39 - 00000000 _____ C:\Windows\setuperr.log

2013-10-15 11:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF

2013-10-14 17:38 - 2010-10-08 11:56 - 00000000 ____D C:\Users\Max Funcke\Documents\ChessBase

2013-10-14 17:21 - 2010-06-30 11:55 - 00000000 ____D C:\ProgramData\Adobe

2013-10-12 12:34 - 2010-06-30 10:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-10 14:49 - 2010-09-30 15:29 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Adobe

2013-10-10 14:48 - 2013-10-10 14:48 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-10-10 14:48 - 2010-10-06 16:36 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Adobe

2013-10-10 14:47 - 2010-06-30 11:55 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-10-10 14:47 - 2010-06-30 11:55 - 00000000 ____D C:\Program Files\Adobe

2013-10-10 13:51 - 2013-05-29 16:51 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

2013-10-10 13:51 - 2013-02-14 13:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-10 13:51 - 2011-09-13 10:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-10 12:06 - 2010-06-30 10:36 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-10 12:06 - 2009-07-14 04:04 - 00000687 _____ C:\Windows\win.ini

2013-10-10 11:33 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-10-06 14:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help

2013-10-03 15:54 - 2012-08-30 12:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-02 14:43 - 2013-08-17 11:40 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mozilla Firefox

2013-10-02 14:43 - 2013-02-28 19:04 - 00001233 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-10-02 14:43 - 2010-09-30 18:38 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mozilla

2013-10-02 14:38 - 2013-10-02 14:38 - 00281896 _____ (Mozilla) C:\Users\Max Funcke\Downloads\Firefox Setup Stub 24.0.exe

2013-10-01 16:15 - 2013-05-06 12:01 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-10-01 16:15 - 2012-10-09 18:02 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-10-01 16:15 - 2012-10-09 18:02 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-10-01 16:15 - 2012-10-09 18:02 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-10-01 13:35 - 2010-09-30 13:01 - 00000000 ____D C:\Recovery

2013-10-01 13:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Recovery

2013-10-01 13:34 - 2013-10-01 13:34 - 237088386 _____ C:\Windows\MEMORY.DMP

2013-10-01 13:34 - 2013-10-01 13:34 - 00143840 _____ C:\Windows\Minidump\100113-20420-01.dmp

2013-10-01 13:34 - 2010-10-09 18:40 - 00000000 ____D C:\Windows\Minidump

2013-09-26 10:52 - 2013-09-26 10:52 - 97892804 _____ C:\Windows\system32\虖ꟁᬌd

2013-09-25 16:07 - 2013-09-25 16:07 - 00263680 __RSH C:\Windows\system32\taskengg.dll
 

Some content of TEMP:

====================

C:\Users\Max Funcke\AppData\Local\Temp\avgnt.exe

C:\Users\Max Funcke\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-03 17:37
 

==================== End Of Log ============================

--- --- ---

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo , Der eset hat nix gefunden, anbei der securitychek wollte nicht, der frst:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01

Ran by Max Funcke (administrator) on ALDIPC on 25-10-2013 20:16:46

Running from C:\Users\Max Funcke\Downloads

Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(REINER SCT) C:\Windows\system32\cjpcsc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Mozilla Corporation) C:\Users\Max Funcke\AppData\Local\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Users\Max Funcke\AppData\Local\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

() G:\SecurityCheck.exe

(Microsoft Corporation) C:\Windows\system32\cmd.exe

(Farbar) C:\Users\Max Funcke\Downloads\FRST(1).exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()

HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {4B485EF4-889E-4A2D-98F9-ED6CEDE22D33} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

SearchScopes: HKCU - {4B485EF4-889E-4A2D-98F9-ED6CEDE22D33} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - No Name - {8C3887BA-3367-4297-B288-13472BD407E4} -  No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Winsock: Catalog9 01 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 02 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 03 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 04 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 05 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 06 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 07 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 08 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 10 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 11 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 13 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 15 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 18 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 19 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 29 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 30 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 000000000100 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000101 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000102 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000103 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000104 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000105 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000106 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000107 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000108 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000109 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000110 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default

FF DefaultSearchEngine: Startpage HTTPS - Deutsch

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\searchplugins\ixquick-https---deutsch.xml

FF SearchPlugin: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\searchplugins\startpage-https---deutsch.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

FF Extension: No Name - C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF StartMenuInternet: FIREFOX.EXE - C:\Users\Max Funcke\AppData\Local\Mozilla Firefox\firefox.exe
 

========================== Services (Whitelisted) =================
 

S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2012-02-17] ()

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [619408 2009-11-06] (Acronis)

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [948296 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S4 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [x]

S4 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [x]

S4 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [x]

S4 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]

S4 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [29208 2012-02-17] (Agnitum Ltd.)

R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [318488 2012-02-17] (Agnitum Ltd.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [55888 2012-02-17] (BullGuard Ltd.)

R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)

S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2012-02-17] (REINER SCT)

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2012-02-17] (Microsoft Corporation)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2012-02-17] (Samsung Electronics Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-08-16] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-08-16] ()

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-10-09] (Avira GmbH)

R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2011-03-14] (Samsung Electronics)

R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2012-02-19] (Acronis)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2012-02-17] (Microsoft Corporation)

S3 catchme; \??\C:\Users\MAXFUN~1\AppData\Local\Temp\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-25 20:16 - 2013-10-25 20:15 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(1).exe

2013-10-25 20:11 - 2013-10-25 20:12 - 00000448 _____ C:\Users\Max Funcke\Desktop\SecurityCheck.exe.lnk

2013-10-25 20:04 - 2013-10-25 20:04 - 00891167 _____ C:\Users\Max Funcke\Downloads\SecurityCheck.exe

2013-10-25 16:39 - 2013-10-25 16:39 - 02347384 _____ (ESET) C:\Users\Max Funcke\Downloads\esetsmartinstaller_enu.exe

2013-10-25 12:38 - 2013-10-25 12:38 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST.exe

2013-10-25 12:30 - 2013-10-25 12:30 - 00001401 _____ C:\Users\Max Funcke\Desktop\JRT.txt

2013-10-25 12:28 - 2013-10-25 12:28 - 01033335 _____ (Thisisu) C:\Users\Max Funcke\Downloads\JRT.exe

2013-10-25 12:28 - 2013-10-25 12:28 - 00000000 ____D C:\Windows\ERUNT

2013-10-25 12:18 - 2013-10-25 12:21 - 00000000 ____D C:\AdwCleaner

2013-10-25 12:18 - 2013-10-25 12:18 - 01060070 _____ C:\Users\Max Funcke\Downloads\adwcleaner.exe

2013-10-25 11:56 - 2013-10-25 11:56 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-25 11:56 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-23 17:45 - 2013-10-23 17:45 - 00014235 _____ C:\ComboFix.txt

2013-10-23 17:36 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-23 17:36 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-23 17:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-23 17:33 - 2013-10-23 17:45 - 00000000 ____D C:\Qoobox

2013-10-23 17:33 - 2013-10-23 17:44 - 00000000 ____D C:\Windows\erdnt

2013-10-23 17:29 - 2013-10-23 17:32 - 00001373 _____ C:\Users\Max Funcke\Desktop\ComboFix.exe.lnk

2013-10-22 19:13 - 2013-10-22 19:13 - 00000000 ____D C:\FRST

2013-10-22 19:10 - 2013-10-22 19:10 - 00000094 _____ C:\Users\Max Funcke\AppData\Roaming\WB.CFG

2013-10-22 11:12 - 2013-10-22 19:09 - 00000890 _____ C:\Users\Max Funcke\daemonprocess.txt

2013-10-22 11:12 - 2013-10-22 11:27 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\Documents\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\cache

2013-10-21 16:59 - 2013-10-21 16:59 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup(1).exe

2013-10-21 16:58 - 2013-10-21 16:58 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup.exe

2013-10-18 15:37 - 2013-10-18 15:40 - 00005006 _____ C:\Users\Max Funcke\Desktop\Windows Compatibility Report.htm

2013-10-10 14:48 - 2013-10-10 14:48 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-10-02 14:38 - 2013-10-02 14:38 - 00281896 _____ (Mozilla) C:\Users\Max Funcke\Downloads\Firefox Setup Stub 24.0.exe

2013-10-01 14:03 - 2013-03-02 07:06 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-01 14:03 - 2013-03-02 07:05 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-01 14:03 - 2013-03-02 07:05 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 06032384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 11019776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 02077184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-01 14:03 - 2013-03-02 06:03 - 00386048 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-10-01 14:03 - 2013-03-02 05:30 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-10-01 14:03 - 2013-03-02 05:29 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-01 14:03 - 2013-03-02 05:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-10-01 13:34 - 2013-10-01 13:34 - 237088386 _____ C:\Windows\MEMORY.DMP

2013-10-01 13:34 - 2013-10-01 13:34 - 00143840 _____ C:\Windows\Minidump\100113-20420-01.dmp

2013-09-26 10:52 - 2013-09-26 10:52 - 97892804 _____ C:\Windows\system32\虖ꟁᬌd

2013-09-25 16:07 - 2013-10-25 12:28 - 00000326 _____ C:\Windows\Tasks\WFSRUCH.job

2013-09-25 16:07 - 2013-09-25 16:07 - 00263680 __RSH C:\Windows\system32\taskengg.dll
 

==================== One Month Modified Files and Folders =======
 

2013-10-25 20:15 - 2013-10-25 20:16 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(1).exe

2013-10-25 20:12 - 2013-10-25 20:11 - 00000448 _____ C:\Users\Max Funcke\Desktop\SecurityCheck.exe.lnk

2013-10-25 20:04 - 2013-10-25 20:04 - 00891167 _____ C:\Users\Max Funcke\Downloads\SecurityCheck.exe

2013-10-25 19:49 - 2013-05-29 16:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-25 19:33 - 2010-09-30 13:01 - 01087095 _____ C:\Windows\WindowsUpdate.log

2013-10-25 19:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing

2013-10-25 19:24 - 2010-11-04 15:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-25 16:39 - 2013-10-25 16:39 - 02347384 _____ (ESET) C:\Users\Max Funcke\Downloads\esetsmartinstaller_enu.exe

2013-10-25 16:37 - 2010-06-29 15:26 - 01621294 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-25 16:35 - 2010-11-04 15:19 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-25 12:38 - 2013-10-25 12:38 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST.exe

2013-10-25 12:31 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-25 12:31 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-25 12:30 - 2013-10-25 12:30 - 00001401 _____ C:\Users\Max Funcke\Desktop\JRT.txt

2013-10-25 12:28 - 2013-10-25 12:28 - 01033335 _____ (Thisisu) C:\Users\Max Funcke\Downloads\JRT.exe

2013-10-25 12:28 - 2013-10-25 12:28 - 00000000 ____D C:\Windows\ERUNT

2013-10-25 12:28 - 2013-09-25 16:07 - 00000326 _____ C:\Windows\Tasks\WFSRUCH.job

2013-10-25 12:23 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-25 12:23 - 2009-07-14 06:39 - 00008004 _____ C:\Windows\setupact.log

2013-10-25 12:21 - 2013-10-25 12:18 - 00000000 ____D C:\AdwCleaner

2013-10-25 12:18 - 2013-10-25 12:18 - 01060070 _____ C:\Users\Max Funcke\Downloads\adwcleaner.exe

2013-10-25 12:14 - 2010-10-23 18:00 - 00000000 ____D C:\Windows\pss

2013-10-25 12:14 - 2010-09-30 18:17 - 00557048 _____ C:\Windows\PFRO.log

2013-10-25 11:56 - 2013-10-25 11:56 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-23 17:45 - 2013-10-23 17:45 - 00014235 _____ C:\ComboFix.txt

2013-10-23 17:45 - 2013-10-23 17:33 - 00000000 ____D C:\Qoobox

2013-10-23 17:45 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public

2013-10-23 17:44 - 2013-10-23 17:33 - 00000000 ____D C:\Windows\erdnt

2013-10-23 17:43 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini

2013-10-23 17:32 - 2013-10-23 17:29 - 00001373 _____ C:\Users\Max Funcke\Desktop\ComboFix.exe.lnk

2013-10-22 19:13 - 2013-10-22 19:13 - 00000000 ____D C:\FRST

2013-10-22 19:10 - 2013-10-22 19:10 - 00000094 _____ C:\Users\Max Funcke\AppData\Roaming\WB.CFG

2013-10-22 19:09 - 2013-10-22 11:12 - 00000890 _____ C:\Users\Max Funcke\daemonprocess.txt

2013-10-22 11:27 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\Documents\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\cache

2013-10-22 11:12 - 2010-09-30 13:08 - 00000000 ____D C:\Users\Max Funcke

2013-10-21 16:59 - 2013-10-21 16:59 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup(1).exe

2013-10-21 16:58 - 2013-10-21 16:58 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup.exe

2013-10-21 16:21 - 2010-10-15 11:50 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Google

2013-10-18 16:55 - 2012-02-17 18:07 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-18 15:41 - 2012-02-04 08:35 - 00013668 _____ C:\Windows\diagwrn.xml

2013-10-18 15:41 - 2012-02-04 08:35 - 00001908 _____ C:\Windows\diagerr.xml

2013-10-18 15:40 - 2013-10-18 15:37 - 00005006 _____ C:\Users\Max Funcke\Desktop\Windows Compatibility Report.htm

2013-10-18 15:31 - 2009-07-14 06:39 - 00000000 _____ C:\Windows\setuperr.log

2013-10-15 11:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF

2013-10-14 17:38 - 2010-10-08 11:56 - 00000000 ____D C:\Users\Max Funcke\Documents\ChessBase

2013-10-14 17:21 - 2010-06-30 11:55 - 00000000 ____D C:\ProgramData\Adobe

2013-10-12 12:34 - 2010-06-30 10:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-10 14:49 - 2010-09-30 15:29 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Adobe

2013-10-10 14:48 - 2013-10-10 14:48 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-10-10 14:48 - 2010-10-06 16:36 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Adobe

2013-10-10 14:47 - 2010-06-30 11:55 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-10-10 14:47 - 2010-06-30 11:55 - 00000000 ____D C:\Program Files\Adobe

2013-10-10 13:51 - 2013-05-29 16:51 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

2013-10-10 13:51 - 2013-02-14 13:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-10 13:51 - 2011-09-13 10:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-10 12:06 - 2010-06-30 10:36 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-10 12:06 - 2009-07-14 04:04 - 00000687 _____ C:\Windows\win.ini

2013-10-10 11:33 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-10-06 14:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help

2013-10-03 15:54 - 2012-08-30 12:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-02 14:43 - 2013-08-17 11:40 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mozilla Firefox

2013-10-02 14:43 - 2013-02-28 19:04 - 00001233 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-10-02 14:43 - 2010-09-30 18:38 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mozilla

2013-10-02 14:38 - 2013-10-02 14:38 - 00281896 _____ (Mozilla) C:\Users\Max Funcke\Downloads\Firefox Setup Stub 24.0.exe

2013-10-01 16:15 - 2013-05-06 12:01 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-10-01 16:15 - 2012-10-09 18:02 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-10-01 16:15 - 2012-10-09 18:02 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-10-01 16:15 - 2012-10-09 18:02 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-10-01 13:35 - 2010-09-30 13:01 - 00000000 ____D C:\Recovery

2013-10-01 13:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Recovery

2013-10-01 13:34 - 2013-10-01 13:34 - 237088386 _____ C:\Windows\MEMORY.DMP

2013-10-01 13:34 - 2013-10-01 13:34 - 00143840 _____ C:\Windows\Minidump\100113-20420-01.dmp

2013-10-01 13:34 - 2010-10-09 18:40 - 00000000 ____D C:\Windows\Minidump

2013-09-26 10:52 - 2013-09-26 10:52 - 97892804 _____ C:\Windows\system32\虖ꟁᬌd

2013-09-25 16:07 - 2013-09-25 16:07 - 00263680 __RSH C:\Windows\system32\taskengg.dll
 

Some content of TEMP:

====================

C:\Users\Max Funcke\AppData\Local\Temp\avgnt.exe

C:\Users\Max Funcke\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-25 19:51
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Brauchst Du noch was?

Gruß Max

Hallo Schrauber, es gab ein Problem, jetzt hab ich, glaube ich doch geschafft.(Der Eset Testlog ist verschütt gegangen, war aber komplett negativ (nach 2,5 Stunden)
Du meldest Dichsicher wieder, fehlt noch etwas?
Schönes Wochenende xamecknuf

Security Log

Code:

 Results of screen317's Security Check version 0.99.74  

 Windows 7  x86 (UAC is disabled!)  

 Out of date service pack!! 
 ``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

Avira Desktop   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Java(TM) 6 Update 21  

 Java version out of Date! 

 Adobe Flash Player         11.9.900.117  

 Adobe Reader 9  

 Adobe Reader XI  

 Mozilla Firefox (24.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Frst Test:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-10-2013

Ran by Max Funcke (administrator) on ALDIPC on 25-10-2013 22:06:44

Running from C:\Users\Max Funcke\Downloads

Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(REINER SCT) C:\Windows\system32\cjpcsc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

() G:\SecurityCheck.exe

(Microsoft Corporation) C:\Windows\system32\cmd.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Mozilla Corporation) C:\Users\Max Funcke\AppData\Local\Mozilla Firefox\firefox.exe

(Farbar) C:\Users\Max Funcke\Downloads\FRST(2).exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()

HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()

HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()

HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {4B485EF4-889E-4A2D-98F9-ED6CEDE22D33} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

SearchScopes: HKCU - {4B485EF4-889E-4A2D-98F9-ED6CEDE22D33} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - No Name - {8C3887BA-3367-4297-B288-13472BD407E4} -  No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Winsock: Catalog9 01 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 02 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 03 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 04 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 05 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 06 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 07 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 08 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 10 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 11 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 13 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 15 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 18 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 19 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 29 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 30 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 000000000100 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000101 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000102 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000103 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000104 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000105 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000106 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000107 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000108 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000109 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000110 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default

FF DefaultSearchEngine: Startpage HTTPS - Deutsch

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\searchplugins\ixquick-https---deutsch.xml

FF SearchPlugin: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\searchplugins\startpage-https---deutsch.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

FF Extension: adblockplus - C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF StartMenuInternet: FIREFOX.EXE - C:\Users\Max Funcke\AppData\Local\Mozilla Firefox\firefox.exe
 

========================== Services (Whitelisted) =================
 

S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2012-02-17] ()

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [619408 2009-11-06] (Acronis)

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [948296 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S4 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [x]

S4 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [x]

S4 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [x]

S4 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]

S4 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [29208 2012-02-17] (Agnitum Ltd.)

R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [318488 2012-02-17] (Agnitum Ltd.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [55888 2012-02-17] (BullGuard Ltd.)

R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)

S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2012-02-17] (REINER SCT)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2012-02-17] (Samsung Electronics Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-08-16] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-08-16] ()

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-10-09] (Avira GmbH)

R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2011-03-14] (Samsung Electronics)

R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2012-02-19] (Acronis)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2012-02-17] (Microsoft Corporation)

S3 catchme; \??\C:\Users\MAXFUN~1\AppData\Local\Temp\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-25 22:06 - 2013-10-25 22:06 - 01088465 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(2).exe

2013-10-25 20:16 - 2013-10-25 20:15 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(1).exe

2013-10-25 20:11 - 2013-10-25 20:12 - 00000448 _____ C:\Users\Max Funcke\Desktop\SecurityCheck.exe.lnk

2013-10-25 20:04 - 2013-10-25 20:04 - 00891167 _____ C:\Users\Max Funcke\Downloads\SecurityCheck.exe

2013-10-25 16:39 - 2013-10-25 16:39 - 02347384 _____ (ESET) C:\Users\Max Funcke\Downloads\esetsmartinstaller_enu.exe

2013-10-25 12:38 - 2013-10-25 12:38 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST.exe

2013-10-25 12:30 - 2013-10-25 12:30 - 00001401 _____ C:\Users\Max Funcke\Desktop\JRT.txt

2013-10-25 12:28 - 2013-10-25 12:28 - 01033335 _____ (Thisisu) C:\Users\Max Funcke\Downloads\JRT.exe

2013-10-25 12:28 - 2013-10-25 12:28 - 00000000 ____D C:\Windows\ERUNT

2013-10-25 12:18 - 2013-10-25 12:21 - 00000000 ____D C:\AdwCleaner

2013-10-25 12:18 - 2013-10-25 12:18 - 01060070 _____ C:\Users\Max Funcke\Downloads\adwcleaner.exe

2013-10-25 11:56 - 2013-10-25 11:56 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-25 11:56 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-23 17:45 - 2013-10-23 17:45 - 00014235 _____ C:\ComboFix.txt

2013-10-23 17:36 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-23 17:36 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-23 17:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-23 17:33 - 2013-10-23 17:45 - 00000000 ____D C:\Qoobox

2013-10-23 17:33 - 2013-10-23 17:44 - 00000000 ____D C:\Windows\erdnt

2013-10-23 17:29 - 2013-10-23 17:32 - 00001373 _____ C:\Users\Max Funcke\Desktop\ComboFix.exe.lnk

2013-10-22 19:13 - 2013-10-22 19:13 - 00000000 ____D C:\FRST

2013-10-22 19:10 - 2013-10-22 19:10 - 00000094 _____ C:\Users\Max Funcke\AppData\Roaming\WB.CFG

2013-10-22 11:12 - 2013-10-22 19:09 - 00000890 _____ C:\Users\Max Funcke\daemonprocess.txt

2013-10-22 11:12 - 2013-10-22 11:27 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\Documents\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\cache

2013-10-21 16:59 - 2013-10-21 16:59 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup(1).exe

2013-10-21 16:58 - 2013-10-21 16:58 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup.exe

2013-10-18 15:37 - 2013-10-18 15:40 - 00005006 _____ C:\Users\Max Funcke\Desktop\Windows Compatibility Report.htm

2013-10-10 14:48 - 2013-10-10 14:48 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-10-02 14:38 - 2013-10-02 14:38 - 00281896 _____ (Mozilla) C:\Users\Max Funcke\Downloads\Firefox Setup Stub 24.0.exe

2013-10-01 14:03 - 2013-03-02 07:06 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-01 14:03 - 2013-03-02 07:05 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-01 14:03 - 2013-03-02 07:05 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 06032384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 11019776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 02077184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-01 14:03 - 2013-03-02 06:03 - 00386048 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-10-01 14:03 - 2013-03-02 05:30 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-10-01 14:03 - 2013-03-02 05:29 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-01 14:03 - 2013-03-02 05:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-10-01 13:34 - 2013-10-01 13:34 - 237088386 _____ C:\Windows\MEMORY.DMP

2013-10-01 13:34 - 2013-10-01 13:34 - 00143840 _____ C:\Windows\Minidump\100113-20420-01.dmp

2013-09-26 10:52 - 2013-09-26 10:52 - 97892804 _____ C:\Windows\system32\虖ꟁᬌd

2013-09-25 16:07 - 2013-10-25 21:47 - 00000326 _____ C:\Windows\Tasks\WFSRUCH.job

2013-09-25 16:07 - 2013-09-25 16:07 - 00263680 __RSH C:\Windows\system32\taskengg.dll
 

==================== One Month Modified Files and Folders =======
 

2013-10-25 22:06 - 2013-10-25 22:06 - 01088465 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(2).exe

2013-10-25 21:55 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-25 21:55 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-25 21:52 - 2010-09-30 13:01 - 01094249 _____ C:\Windows\WindowsUpdate.log

2013-10-25 21:49 - 2013-05-29 16:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-25 21:48 - 2010-11-04 15:19 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-25 21:47 - 2013-09-25 16:07 - 00000326 _____ C:\Windows\Tasks\WFSRUCH.job

2013-10-25 21:47 - 2010-09-30 18:17 - 00557854 _____ C:\Windows\PFRO.log

2013-10-25 21:47 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-25 21:47 - 2009-07-14 06:39 - 00008060 _____ C:\Windows\setupact.log

2013-10-25 20:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing

2013-10-25 20:15 - 2013-10-25 20:16 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(1).exe

2013-10-25 20:12 - 2013-10-25 20:11 - 00000448 _____ C:\Users\Max Funcke\Desktop\SecurityCheck.exe.lnk

2013-10-25 20:04 - 2013-10-25 20:04 - 00891167 _____ C:\Users\Max Funcke\Downloads\SecurityCheck.exe

2013-10-25 19:24 - 2010-11-04 15:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-25 16:39 - 2013-10-25 16:39 - 02347384 _____ (ESET) C:\Users\Max Funcke\Downloads\esetsmartinstaller_enu.exe

2013-10-25 16:37 - 2010-06-29 15:26 - 01621294 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-25 12:38 - 2013-10-25 12:38 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST.exe

2013-10-25 12:30 - 2013-10-25 12:30 - 00001401 _____ C:\Users\Max Funcke\Desktop\JRT.txt

2013-10-25 12:28 - 2013-10-25 12:28 - 01033335 _____ (Thisisu) C:\Users\Max Funcke\Downloads\JRT.exe

2013-10-25 12:28 - 2013-10-25 12:28 - 00000000 ____D C:\Windows\ERUNT

2013-10-25 12:21 - 2013-10-25 12:18 - 00000000 ____D C:\AdwCleaner

2013-10-25 12:18 - 2013-10-25 12:18 - 01060070 _____ C:\Users\Max Funcke\Downloads\adwcleaner.exe

2013-10-25 12:14 - 2010-10-23 18:00 - 00000000 ____D C:\Windows\pss

2013-10-25 11:56 - 2013-10-25 11:56 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-23 17:45 - 2013-10-23 17:45 - 00014235 _____ C:\ComboFix.txt

2013-10-23 17:45 - 2013-10-23 17:33 - 00000000 ____D C:\Qoobox

2013-10-23 17:45 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public

2013-10-23 17:44 - 2013-10-23 17:33 - 00000000 ____D C:\Windows\erdnt

2013-10-23 17:43 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini

2013-10-23 17:32 - 2013-10-23 17:29 - 00001373 _____ C:\Users\Max Funcke\Desktop\ComboFix.exe.lnk

2013-10-22 19:13 - 2013-10-22 19:13 - 00000000 ____D C:\FRST

2013-10-22 19:10 - 2013-10-22 19:10 - 00000094 _____ C:\Users\Max Funcke\AppData\Roaming\WB.CFG

2013-10-22 19:09 - 2013-10-22 11:12 - 00000890 _____ C:\Users\Max Funcke\daemonprocess.txt

2013-10-22 11:27 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\Documents\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\cache

2013-10-22 11:12 - 2010-09-30 13:08 - 00000000 ____D C:\Users\Max Funcke

2013-10-21 16:59 - 2013-10-21 16:59 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup(1).exe

2013-10-21 16:58 - 2013-10-21 16:58 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup.exe

2013-10-21 16:21 - 2010-10-15 11:50 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Google

2013-10-18 16:55 - 2012-02-17 18:07 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-18 15:41 - 2012-02-04 08:35 - 00013668 _____ C:\Windows\diagwrn.xml

2013-10-18 15:41 - 2012-02-04 08:35 - 00001908 _____ C:\Windows\diagerr.xml

2013-10-18 15:40 - 2013-10-18 15:37 - 00005006 _____ C:\Users\Max Funcke\Desktop\Windows Compatibility Report.htm

2013-10-18 15:31 - 2009-07-14 06:39 - 00000000 _____ C:\Windows\setuperr.log

2013-10-15 11:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF

2013-10-14 17:38 - 2010-10-08 11:56 - 00000000 ____D C:\Users\Max Funcke\Documents\ChessBase

2013-10-14 17:21 - 2010-06-30 11:55 - 00000000 ____D C:\ProgramData\Adobe

2013-10-12 12:34 - 2010-06-30 10:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-10 14:49 - 2010-09-30 15:29 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Adobe

2013-10-10 14:48 - 2013-10-10 14:48 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-10-10 14:48 - 2010-10-06 16:36 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Adobe

2013-10-10 14:47 - 2010-06-30 11:55 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-10-10 14:47 - 2010-06-30 11:55 - 00000000 ____D C:\Program Files\Adobe

2013-10-10 13:51 - 2013-05-29 16:51 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

2013-10-10 13:51 - 2013-02-14 13:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-10 13:51 - 2011-09-13 10:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-10 12:06 - 2010-06-30 10:36 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-10 12:06 - 2009-07-14 04:04 - 00000687 _____ C:\Windows\win.ini

2013-10-10 11:33 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-10-06 14:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help

2013-10-03 15:54 - 2012-08-30 12:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-02 14:43 - 2013-08-17 11:40 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mozilla Firefox

2013-10-02 14:43 - 2013-02-28 19:04 - 00001233 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-10-02 14:43 - 2010-09-30 18:38 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mozilla

2013-10-02 14:38 - 2013-10-02 14:38 - 00281896 _____ (Mozilla) C:\Users\Max Funcke\Downloads\Firefox Setup Stub 24.0.exe

2013-10-01 16:15 - 2013-05-06 12:01 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-10-01 16:15 - 2012-10-09 18:02 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-10-01 16:15 - 2012-10-09 18:02 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-10-01 16:15 - 2012-10-09 18:02 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-10-01 13:35 - 2010-09-30 13:01 - 00000000 ____D C:\Recovery

2013-10-01 13:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Recovery

2013-10-01 13:34 - 2013-10-01 13:34 - 237088386 _____ C:\Windows\MEMORY.DMP

2013-10-01 13:34 - 2013-10-01 13:34 - 00143840 _____ C:\Windows\Minidump\100113-20420-01.dmp

2013-10-01 13:34 - 2010-10-09 18:40 - 00000000 ____D C:\Windows\Minidump

2013-09-26 10:52 - 2013-09-26 10:52 - 97892804 _____ C:\Windows\system32\虖ꟁᬌd

2013-09-25 16:07 - 2013-09-25 16:07 - 00263680 __RSH C:\Windows\system32\taskengg.dll
 

Some content of TEMP:

====================

C:\Users\Max Funcke\AppData\Local\Temp\avgnt.exe

C:\Users\Max Funcke\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-25 19:51
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

HI, Schrauber, nach frst update neuen Log:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-10-2013

Ran by Max Funcke (administrator) on ALDIPC on 25-10-2013 22:21:48

Running from C:\Users\Max Funcke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SJWFKMY

Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(REINER SCT) C:\Windows\system32\cjpcsc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

() G:\SecurityCheck.exe

(Microsoft Corporation) C:\Windows\system32\cmd.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Farbar) C:\Users\Max Funcke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SJWFKMY\FRST[1].exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()

HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {4B485EF4-889E-4A2D-98F9-ED6CEDE22D33} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

SearchScopes: HKCU - {4B485EF4-889E-4A2D-98F9-ED6CEDE22D33} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - No Name - {8C3887BA-3367-4297-B288-13472BD407E4} -  No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Winsock: Catalog9 01 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 02 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 03 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 04 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 05 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 06 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 07 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 08 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 10 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 11 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 13 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 15 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 18 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 19 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 29 C:\Windows\system32\BGLsp.dll [148816] (BullGuard Ltd.)

Winsock: Catalog9 30 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 000000000100 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000101 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000102 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000103 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000104 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000105 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000106 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000107 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000108 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000109 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000110 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default

FF DefaultSearchEngine: Startpage HTTPS - Deutsch

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\searchplugins\ixquick-https---deutsch.xml

FF SearchPlugin: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\searchplugins\startpage-https---deutsch.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

FF Extension: adblockplus - C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF StartMenuInternet: FIREFOX.EXE - C:\Users\Max Funcke\AppData\Local\Mozilla Firefox\firefox.exe
 

========================== Services (Whitelisted) =================
 

S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2012-02-17] ()

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [619408 2009-11-06] (Acronis)

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [948296 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S4 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [x]

S4 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [x]

S4 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [x]

S4 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]

S4 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [29208 2012-02-17] (Agnitum Ltd.)

R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [318488 2012-02-17] (Agnitum Ltd.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [55888 2012-02-17] (BullGuard Ltd.)

R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)

S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2012-02-17] (REINER SCT)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2012-02-17] (Samsung Electronics Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-08-16] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-08-16] ()

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-10-09] (Avira GmbH)

R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2011-03-14] (Samsung Electronics)

R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2012-02-19] (Acronis)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2012-02-17] (Microsoft Corporation)

S3 catchme; \??\C:\Users\MAXFUN~1\AppData\Local\Temp\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-25 22:07 - 2013-10-25 22:07 - 00027879 _____ C:\Users\Max Funcke\Downloads\FRST.txt

2013-10-25 22:06 - 2013-10-25 22:06 - 01088465 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(2).exe

2013-10-25 20:16 - 2013-10-25 20:15 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(1).exe

2013-10-25 20:11 - 2013-10-25 20:12 - 00000448 _____ C:\Users\Max Funcke\Desktop\SecurityCheck.exe.lnk

2013-10-25 20:04 - 2013-10-25 20:04 - 00891167 _____ C:\Users\Max Funcke\Downloads\SecurityCheck.exe

2013-10-25 16:39 - 2013-10-25 16:39 - 02347384 _____ (ESET) C:\Users\Max Funcke\Downloads\esetsmartinstaller_enu.exe

2013-10-25 12:30 - 2013-10-25 12:30 - 00001401 _____ C:\Users\Max Funcke\Desktop\JRT.txt

2013-10-25 12:28 - 2013-10-25 12:28 - 01033335 _____ (Thisisu) C:\Users\Max Funcke\Downloads\JRT.exe

2013-10-25 12:28 - 2013-10-25 12:28 - 00000000 ____D C:\Windows\ERUNT

2013-10-25 12:18 - 2013-10-25 12:21 - 00000000 ____D C:\AdwCleaner

2013-10-25 12:18 - 2013-10-25 12:18 - 01060070 _____ C:\Users\Max Funcke\Downloads\adwcleaner.exe

2013-10-25 11:56 - 2013-10-25 11:56 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-25 11:56 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-23 17:45 - 2013-10-23 17:45 - 00014235 _____ C:\ComboFix.txt

2013-10-23 17:36 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-23 17:36 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-23 17:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-23 17:36 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-23 17:33 - 2013-10-23 17:45 - 00000000 ____D C:\Qoobox

2013-10-23 17:33 - 2013-10-23 17:44 - 00000000 ____D C:\Windows\erdnt

2013-10-23 17:29 - 2013-10-23 17:32 - 00001373 _____ C:\Users\Max Funcke\Desktop\ComboFix.exe.lnk

2013-10-22 19:13 - 2013-10-22 19:13 - 00000000 ____D C:\FRST

2013-10-22 19:10 - 2013-10-22 19:10 - 00000094 _____ C:\Users\Max Funcke\AppData\Roaming\WB.CFG

2013-10-22 11:12 - 2013-10-22 19:09 - 00000890 _____ C:\Users\Max Funcke\daemonprocess.txt

2013-10-22 11:12 - 2013-10-22 11:27 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\Documents\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\cache

2013-10-21 16:59 - 2013-10-21 16:59 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup(1).exe

2013-10-21 16:58 - 2013-10-21 16:58 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup.exe

2013-10-18 15:37 - 2013-10-18 15:40 - 00005006 _____ C:\Users\Max Funcke\Desktop\Windows Compatibility Report.htm

2013-10-10 14:48 - 2013-10-10 14:48 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-10-02 14:38 - 2013-10-02 14:38 - 00281896 _____ (Mozilla) C:\Users\Max Funcke\Downloads\Firefox Setup Stub 24.0.exe

2013-10-01 14:03 - 2013-03-02 07:06 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-01 14:03 - 2013-03-02 07:05 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-01 14:03 - 2013-03-02 07:05 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 06032384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-10-01 14:03 - 2013-03-02 07:02 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 11019776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 02077184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-01 14:03 - 2013-03-02 07:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-01 14:03 - 2013-03-02 06:03 - 00386048 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-10-01 14:03 - 2013-03-02 05:30 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-10-01 14:03 - 2013-03-02 05:29 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-01 14:03 - 2013-03-02 05:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-10-01 13:34 - 2013-10-01 13:34 - 237088386 _____ C:\Windows\MEMORY.DMP

2013-10-01 13:34 - 2013-10-01 13:34 - 00143840 _____ C:\Windows\Minidump\100113-20420-01.dmp

2013-09-26 10:52 - 2013-09-26 10:52 - 97892804 _____ C:\Windows\system32\虖ꟁᬌd

2013-09-25 16:07 - 2013-10-25 21:47 - 00000326 _____ C:\Windows\Tasks\WFSRUCH.job

2013-09-25 16:07 - 2013-09-25 16:07 - 00263680 __RSH C:\Windows\system32\taskengg.dll
 

==================== One Month Modified Files and Folders =======
 

2013-10-25 22:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing

2013-10-25 22:07 - 2013-10-25 22:07 - 00027879 _____ C:\Users\Max Funcke\Downloads\FRST.txt

2013-10-25 22:06 - 2013-10-25 22:06 - 01088465 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(2).exe

2013-10-25 21:55 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-25 21:55 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-25 21:52 - 2010-09-30 13:01 - 01094249 _____ C:\Windows\WindowsUpdate.log

2013-10-25 21:49 - 2013-05-29 16:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-25 21:48 - 2010-11-04 15:19 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-25 21:47 - 2013-09-25 16:07 - 00000326 _____ C:\Windows\Tasks\WFSRUCH.job

2013-10-25 21:47 - 2010-09-30 18:17 - 00557854 _____ C:\Windows\PFRO.log

2013-10-25 21:47 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-25 21:47 - 2009-07-14 06:39 - 00008060 _____ C:\Windows\setupact.log

2013-10-25 20:15 - 2013-10-25 20:16 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(1).exe

2013-10-25 20:12 - 2013-10-25 20:11 - 00000448 _____ C:\Users\Max Funcke\Desktop\SecurityCheck.exe.lnk

2013-10-25 20:04 - 2013-10-25 20:04 - 00891167 _____ C:\Users\Max Funcke\Downloads\SecurityCheck.exe

2013-10-25 19:24 - 2010-11-04 15:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-25 16:39 - 2013-10-25 16:39 - 02347384 _____ (ESET) C:\Users\Max Funcke\Downloads\esetsmartinstaller_enu.exe

2013-10-25 16:37 - 2010-06-29 15:26 - 01621294 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-25 12:30 - 2013-10-25 12:30 - 00001401 _____ C:\Users\Max Funcke\Desktop\JRT.txt

2013-10-25 12:28 - 2013-10-25 12:28 - 01033335 _____ (Thisisu) C:\Users\Max Funcke\Downloads\JRT.exe

2013-10-25 12:28 - 2013-10-25 12:28 - 00000000 ____D C:\Windows\ERUNT

2013-10-25 12:21 - 2013-10-25 12:18 - 00000000 ____D C:\AdwCleaner

2013-10-25 12:18 - 2013-10-25 12:18 - 01060070 _____ C:\Users\Max Funcke\Downloads\adwcleaner.exe

2013-10-25 12:14 - 2010-10-23 18:00 - 00000000 ____D C:\Windows\pss

2013-10-25 11:56 - 2013-10-25 11:56 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-23 17:45 - 2013-10-23 17:45 - 00014235 _____ C:\ComboFix.txt

2013-10-23 17:45 - 2013-10-23 17:33 - 00000000 ____D C:\Qoobox

2013-10-23 17:45 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public

2013-10-23 17:44 - 2013-10-23 17:33 - 00000000 ____D C:\Windows\erdnt

2013-10-23 17:43 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini

2013-10-23 17:32 - 2013-10-23 17:29 - 00001373 _____ C:\Users\Max Funcke\Desktop\ComboFix.exe.lnk

2013-10-22 19:13 - 2013-10-22 19:13 - 00000000 ____D C:\FRST

2013-10-22 19:10 - 2013-10-22 19:10 - 00000094 _____ C:\Users\Max Funcke\AppData\Roaming\WB.CFG

2013-10-22 19:09 - 2013-10-22 11:12 - 00000890 _____ C:\Users\Max Funcke\daemonprocess.txt

2013-10-22 11:27 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\Documents\Mobogenie

2013-10-22 11:12 - 2013-10-22 11:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\cache

2013-10-22 11:12 - 2010-09-30 13:08 - 00000000 ____D C:\Users\Max Funcke

2013-10-21 16:59 - 2013-10-21 16:59 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup(1).exe

2013-10-21 16:58 - 2013-10-21 16:58 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup.exe

2013-10-21 16:21 - 2010-10-15 11:50 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Google

2013-10-18 16:55 - 2012-02-17 18:07 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-18 15:41 - 2012-02-04 08:35 - 00013668 _____ C:\Windows\diagwrn.xml

2013-10-18 15:41 - 2012-02-04 08:35 - 00001908 _____ C:\Windows\diagerr.xml

2013-10-18 15:40 - 2013-10-18 15:37 - 00005006 _____ C:\Users\Max Funcke\Desktop\Windows Compatibility Report.htm

2013-10-18 15:31 - 2009-07-14 06:39 - 00000000 _____ C:\Windows\setuperr.log

2013-10-15 11:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF

2013-10-14 17:38 - 2010-10-08 11:56 - 00000000 ____D C:\Users\Max Funcke\Documents\ChessBase

2013-10-14 17:21 - 2010-06-30 11:55 - 00000000 ____D C:\ProgramData\Adobe

2013-10-12 12:34 - 2010-06-30 10:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-10 14:49 - 2010-09-30 15:29 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Adobe

2013-10-10 14:48 - 2013-10-10 14:48 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-10-10 14:48 - 2010-10-06 16:36 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Adobe

2013-10-10 14:47 - 2010-06-30 11:55 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-10-10 14:47 - 2010-06-30 11:55 - 00000000 ____D C:\Program Files\Adobe

2013-10-10 13:51 - 2013-05-29 16:51 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

2013-10-10 13:51 - 2013-02-14 13:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-10 13:51 - 2011-09-13 10:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-10 12:06 - 2010-06-30 10:36 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-10 12:06 - 2009-07-14 04:04 - 00000687 _____ C:\Windows\win.ini

2013-10-10 11:33 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-10-06 14:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help

2013-10-03 15:54 - 2012-08-30 12:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-02 14:43 - 2013-08-17 11:40 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mozilla Firefox

2013-10-02 14:43 - 2013-02-28 19:04 - 00001233 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-10-02 14:43 - 2010-09-30 18:38 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mozilla

2013-10-02 14:38 - 2013-10-02 14:38 - 00281896 _____ (Mozilla) C:\Users\Max Funcke\Downloads\Firefox Setup Stub 24.0.exe

2013-10-01 16:15 - 2013-05-06 12:01 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-10-01 16:15 - 2012-10-09 18:02 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-10-01 16:15 - 2012-10-09 18:02 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-10-01 16:15 - 2012-10-09 18:02 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-10-01 13:35 - 2010-09-30 13:01 - 00000000 ____D C:\Recovery

2013-10-01 13:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Recovery

2013-10-01 13:34 - 2013-10-01 13:34 - 237088386 _____ C:\Windows\MEMORY.DMP

2013-10-01 13:34 - 2013-10-01 13:34 - 00143840 _____ C:\Windows\Minidump\100113-20420-01.dmp

2013-10-01 13:34 - 2010-10-09 18:40 - 00000000 ____D C:\Windows\Minidump

2013-09-26 10:52 - 2013-09-26 10:52 - 97892804 _____ C:\Windows\system32\虖ꟁᬌd

2013-09-25 16:07 - 2013-09-25 16:07 - 00263680 __RSH C:\Windows\system32\taskengg.dll
 

Some content of TEMP:

====================

C:\Users\Max Funcke\AppData\Local\Temp\avgnt.exe

C:\Users\Max Funcke\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-25 19:51
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Gruß xamecknuf

Hi,

Windows updaten, da fehlt ein Servicepack.

Java updaten.

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Hallo Schrauber,
der Servicepack lässt sich nicht installieren, hab'ich schon zusammen mit Microsoft probiert, ging nicht, jetzt auch wieder nicht.

Gruß und schönen Sonntag, xamecknuf

Code:

Farbar Service Scanner Version: 24-10-2013

Ran by Max Funcke (administrator) on 26-10-2013 at 23:56:20

Running from "C:\Users\Max Funcke\Downloads"

Microsoft Windows 7 Home Premium   (X86)

Boot Mode: Normal

****************************************************************
 

Internet Services:

============
 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.
 
 

Windows Firewall:

=============
 

Firewall Disabled Policy: 

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0
 
 

System Restore:

============
 

System Restore Disabled Policy: 

========================
 
 

Action Center:

============
 

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is set to Disabled. The default start type is Auto.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.
 
 

Windows Update:

============
 

Windows Autoupdate Disabled Policy: 

============================
 
 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Disabled. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.
 
 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1
 
 

Other Services:

==============
 
 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2013-02-13 11:47] - [2013-01-04 06:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD
 

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll

[2012-02-17 18:07] - [2012-02-17 18:07] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F
 

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll

[2012-10-11 12:20] - [2012-06-02 06:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED
 

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\ipnathlp.dll => MD5 is legit

C:\Windows\system32\iphlpsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit
 
 

**** End of log ****

Zitat:

hab'ich schon zusammen mit Microsoft probiert,

wie genau?

Downloade dir bitte Windows Repair (All In One) von hier.

Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
Klicke auf Step 2 und drücke unter Check Disk auf Do It.

http://i1224.photobucket.com/albums/...3/Capture3.gif
Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

http://i1224.photobucket.com/albums/...y3/Capture.gif
Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

http://i1224.photobucket.com/albums/...3/Capture1.gif
Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
Hake Restart System when Finished an.
Drücke Start.

http://i1238.photobucket.com/albums/...eakingtool.jpg

Hallo Schrauber, der Microsoftmann hatte sich bei mir eingloggt, chkdsk, auch im abges.Modus eine installation versucht, eigentl. alles.

Jetzt hänge ich den Log vonTweaking an. hoffentl. klappt es.
Das sind aber ca. 20 Dateien, hier erst mal eine, oder brauchst Du eine besondere?
Gruß xamecknuf

Code:

Starting Repairs...

   Start (27.10.2013 11:31:37)
 

01 - Reset Registry Permissions 01/03

   HKEY_CURRENT_USER & Sub Keys

   Start (27.10.2013 11:31:37)

   Running Repair Under Current User Account

   Done (27.10.2013 11:31:42)
 

01 - Reset Registry Permissions 02/03

   HKEY_LOCAL_MACHINE & Sub Keys

   Start (27.10.2013 11:31:42)

   Running Repair Under System Account

   Done (27.10.2013 11:32:58)
 

01 - Reset Registry Permissions 03/03

   HKEY_CLASSES_ROOT & Sub Keys

   Start (27.10.2013 11:32:58)

   Running Repair Under System Account

   Done (27.10.2013 11:33:23)
 

02 - Reset File Permissions 01/18

   C:\5aa05d6bc9f6d0366867a7 & Sub Folders

   Start (27.10.2013 11:33:24)

   Running Repair Under System Account

   Done (27.10.2013 11:33:26)
 

02 - Reset File Permissions 02/18

   C:\5d97cfa9bc1d4d2c4fe47f24097b & Sub Folders

   Start (27.10.2013 11:33:26)

   Running Repair Under System Account

   Done (27.10.2013 11:33:28)
 

02 - Reset File Permissions 03/18

   C:\AdwCleaner & Sub Folders

   Start (27.10.2013 11:33:29)

   Running Repair Under System Account

   Done (27.10.2013 11:33:33)
 

02 - Reset File Permissions 04/18

   C:\Alter PC, Part. E & Sub Folders

   Start (27.10.2013 11:33:33)

   Running Repair Under System Account

   Done (27.10.2013 11:34:10)
 

02 - Reset File Permissions 05/18

   C:\ATI & Sub Folders

   Start (27.10.2013 11:34:10)

   Running Repair Under System Account

   Done (27.10.2013 11:34:24)
 

02 - Reset File Permissions 06/18

   C:\bootwiz & Sub Folders

   Start (27.10.2013 11:34:24)

   Running Repair Under System Account

   Done (27.10.2013 11:34:26)
 

02 - Reset File Permissions 07/18

   C:\found.000 & Sub Folders

   Start (27.10.2013 11:34:26)

   Running Repair Under System Account

   Done (27.10.2013 11:34:28)
 

02 - Reset File Permissions 08/18

   C:\FRST & Sub Folders

   Start (27.10.2013 11:34:29)

   Running Repair Under System Account

   Done (27.10.2013 11:34:31)
 

02 - Reset File Permissions 09/18

   C:\Intel & Sub Folders

   Start (27.10.2013 11:34:31)

   Running Repair Under System Account

   Done (27.10.2013 11:34:33)
 

02 - Reset File Permissions 10/18

   C:\MSOCache & Sub Folders

   Start (27.10.2013 11:34:33)

   Running Repair Under System Account

   Done (27.10.2013 11:34:40)
 

02 - Reset File Permissions 11/18

   C:\Program Files & Sub Folders

   Start (27.10.2013 11:34:40)

   Running Repair Under System Account

   Done (27.10.2013 11:36:46)
 

02 - Reset File Permissions 12/18

   C:\ProgramData & Sub Folders

   Start (27.10.2013 11:36:46)

   Running Repair Under System Account

   Done (27.10.2013 11:37:16)
 

02 - Reset File Permissions 13/18

   C:\Qoobox & Sub Folders

   Start (27.10.2013 11:37:16)

   Running Repair Under System Account

   Done (27.10.2013 11:37:20)
 

02 - Reset File Permissions 14/18

   C:\QuickImmobilie 2012 & Sub Folders

   Start (27.10.2013 11:37:20)

   Running Repair Under System Account

   Done (27.10.2013 11:37:23)
 

02 - Reset File Permissions 15/18

   C:\Recovery & Sub Folders

   Start (27.10.2013 11:37:23)

   Running Repair Under System Account

   Done (27.10.2013 11:37:25)
 

02 - Reset File Permissions 16/18

   C:\Temp & Sub Folders

   Start (27.10.2013 11:37:25)

   Running Repair Under System Account

   Done (27.10.2013 11:37:38)
 

02 - Reset File Permissions 17/18

   C:\tmp & Sub Folders

   Start (27.10.2013 11:37:38)

   Running Repair Under System Account

   Done (27.10.2013 11:37:41)
 

02 - Reset File Permissions 18/18

   C:\Windows & Sub Folders

   Start (27.10.2013 11:37:41)

   Running Repair Under System Account

   Done (27.10.2013 11:41:30)
 

02 - Reset File Permissions 01/04

   D:\Drivers & Sub Folders

   Start (27.10.2013 11:41:30)

   Running Repair Under System Account

   Done (27.10.2013 11:41:41)
 

02 - Reset File Permissions 02/04

   D:\MAXFUNCKE-PC & Sub Folders

   Start (27.10.2013 11:41:41)

   Running Repair Under System Account

   Done (27.10.2013 11:41:43)
 

02 - Reset File Permissions 03/04

   D:\Recover & Sub Folders

   Start (27.10.2013 11:41:43)

   Running Repair Under System Account

   Done (27.10.2013 11:41:46)
 

02 - Reset File Permissions 04/04

   D:\Tools & Sub Folders

   Start (27.10.2013 11:41:46)

   Running Repair Under System Account

   Done (27.10.2013 11:42:03)
 

02 - Reset File Permissions 01/11

   E:\Alter PC, Part. E & Sub Folders

   Start (27.10.2013 11:42:03)

   Running Repair Under System Account

   Done (27.10.2013 11:42:43)
 

02 - Reset File Permissions 02/11

   E:\Anita & Sub Folders

   Start (27.10.2013 11:42:43)

   Running Repair Under System Account

   Done (27.10.2013 11:42:58)
 

02 - Reset File Permissions 03/11

   E:\CANON G 10 & Sub Folders

   Start (27.10.2013 11:42:58)

   Running Repair Under System Account

   Done (27.10.2013 11:43:13)
 

02 - Reset File Permissions 04/11

   E:\Canon Powershot A 80 & Sub Folders

   Start (27.10.2013 11:43:13)

   Running Repair Under System Account

   Done (27.10.2013 11:43:45)
 

02 - Reset File Permissions 05/11

   E:\Frank Objekt Graal & Sub Folders

   Start (27.10.2013 11:43:45)

   Running Repair Under System Account

   Done (27.10.2013 11:43:47)
 

02 - Reset File Permissions 06/11

   E:\Funcke & Sub Folders

   Start (27.10.2013 11:43:47)

   Running Repair Under System Account

   Done (27.10.2013 11:43:54)
 

02 - Reset File Permissions 07/11

   E:\Leervorlagen & Sub Folders

   Start (27.10.2013 11:43:54)

   Running Repair Under System Account

   Done (27.10.2013 11:43:56)
 

02 - Reset File Permissions 08/11

   E:\Max & Sub Folders

   Start (27.10.2013 11:43:56)

   Running Repair Under System Account

   Done (27.10.2013 11:44:01)
 

02 - Reset File Permissions 09/11

   E:\PC HILFE & Sub Folders

   Start (27.10.2013 11:44:01)

   Running Repair Under System Account

   Done (27.10.2013 11:44:10)
 

02 - Reset File Permissions 10/11

   E:\QUICKEN (aktuelle Dateien) & Sub Folders

   Start (27.10.2013 11:44:10)

   Running Repair Under System Account

   Done (27.10.2013 11:44:23)
 

02 - Reset File Permissions 11/11

   E:\skat & Sub Folders

   Start (27.10.2013 11:44:23)

   Running Repair Under System Account

   Done (27.10.2013 11:44:25)
 

02 - Reset File Permissions: Cleanup

    & Sub Folders

   Start (27.10.2013 11:44:25)

   Running Repair Under System Account

Processing ACL of: <\\?\C:\Documents and Settings>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\ProgramData\Application Data>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\ProgramData\Desktop>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\ProgramData\Documents>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\ProgramData\Favorites>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\ProgramData\Start Menu>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\ProgramData\Templates>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\All Users\Application Data>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\All Users\Desktop>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\All Users\Documents>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\All Users\Favorites>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\All Users\Start Menu>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\All Users\Templates>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default User>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\Application Data>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\Cookies>

Reading the SD from <\\?\C:\Users\Default\Cookies> failed with: Das System kann die angegebene Datei nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann die angegebene Datei nicht finden.
 

Processing ACL of: <\\?\C:\Users\Default\Local Settings>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\My Documents>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\NetHood>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\PrintHood>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\Recent>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\SendTo>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\Start Menu>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\Templates>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>
 

SetACL finished successfully.

Processing ACL of: <\\?\C:\Users\ALDIPC$\Application Data>

Reading the SD from <\\?\C:\Users\ALDIPC$\Application Data> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\Cookies>

Reading the SD from <\\?\C:\Users\ALDIPC$\Cookies> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\Local Settings>

Reading the SD from <\\?\C:\Users\ALDIPC$\Local Settings> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\My Documents>

Reading the SD from <\\?\C:\Users\ALDIPC$\My Documents> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\NetHood>

Reading the SD from <\\?\C:\Users\ALDIPC$\NetHood> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\PrintHood>

Reading the SD from <\\?\C:\Users\ALDIPC$\PrintHood> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\Recent>

Reading the SD from <\\?\C:\Users\ALDIPC$\Recent> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\SendTo>

Reading the SD from <\\?\C:\Users\ALDIPC$\SendTo> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\Start Menu>

Reading the SD from <\\?\C:\Users\ALDIPC$\Start Menu> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\Templates>

Reading the SD from <\\?\C:\Users\ALDIPC$\Templates> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\AppData\Local\Application Data>

Reading the SD from <\\?\C:\Users\ALDIPC$\AppData\Local\Application Data> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\AppData\Local\History>

Reading the SD from <\\?\C:\Users\ALDIPC$\AppData\Local\History> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\AppData\Local\Temporary Internet Files>

Reading the SD from <\\?\C:\Users\ALDIPC$\AppData\Local\Temporary Internet Files> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\Documents\My Music>

Reading the SD from <\\?\C:\Users\ALDIPC$\Documents\My Music> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\Documents\My Pictures>

Reading the SD from <\\?\C:\Users\ALDIPC$\Documents\My Pictures> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

Processing ACL of: <\\?\C:\Users\ALDIPC$\Documents\My Videos>

Reading the SD from <\\?\C:\Users\ALDIPC$\Documents\My Videos> failed with: Das System kann den angegebenen Pfad nicht finden.
 
 

SetACL finished with error(s): 

SetACL error message: The call to GetNamedSecurityInfo () failed

Operating system error message: Das System kann den angegebenen Pfad nicht finden.
 

   Done (27.10.2013 11:44:29)
 

04 - Repair WMI

   Start (27.10.2013 11:44:29)

   Running Repair Under Current User Account

   Done (27.10.2013 11:47:03)
 

05 - Repair Windows Firewall

   Start (27.10.2013 11:47:03)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (27.10.2013 11:47:37)
 

06 - Repair Internet Explorer

   Start (27.10.2013 11:47:37)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (27.10.2013 11:47:54)
 

09 - Remove Policies Set By Infections

   Start (27.10.2013 11:47:54)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (27.10.2013 11:47:58)
 

12 - Repair Winsock & DNS Cache

   Start (27.10.2013 11:47:58)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (27.10.2013 11:48:09)
 

14 - Repair Proxy Settings

   Start (27.10.2013 11:48:09)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (27.10.2013 11:48:14)
 

16 - Repair Windows Updates

   Start (27.10.2013 11:48:14)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (27.10.2013 11:48:29)
 

Cleaning up empty logs...
 

All Selected Repairs Done.

   Done (27.10.2013 11:48:29)

   Total Repair Time: 00:16:52
 
 

...YOU MUST RESTART YOUR SYSTEM...

   Running Repair Under Current User Account

Ich brauch keine davon eigentlich :)

Frisches FSS und FRST log bitte.

Guten Morgen Schrauber, wie gewünscht:

Code:

Farbar Service Scanner Version: 24-10-2013

Ran by Max Funcke (administrator) on 28-10-2013 at 09:40:15

Running from "C:\Users\Max Funcke\Downloads"

Microsoft Windows 7 Home Premium   (X86)

Boot Mode: Normal

****************************************************************
 

Internet Services:

============
 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.
 
 

Windows Firewall:

=============
 

Firewall Disabled Policy: 

==================
 
 

System Restore:

============
 

System Restore Disabled Policy: 

========================
 
 

Action Center:

============
 

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is set to Disabled. The default start type is Auto.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.
 
 

Windows Update:

============
 

Windows Autoupdate Disabled Policy: 

============================
 
 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Disabled. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.
 
 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1
 
 

Other Services:

==============
 
 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2013-02-13 10:47] - [2013-01-04 05:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD
 

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll

[2012-02-17 17:07] - [2012-02-17 17:07] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F
 

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll

[2012-10-11 11:20] - [2012-06-02 05:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED
 

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\ipnathlp.dll => MD5 is legit

C:\Windows\system32\iphlpsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit
 
 

**** End of log ****

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-10-2013

Ran by Max Funcke (administrator) on ALDIPC on 28-10-2013 09:43:02

Running from C:\Users\Max Funcke\Downloads

Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(REINER SCT) C:\Windows\system32\cjpcsc.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe

(Mozilla Corporation) C:\Users\Max Funcke\AppData\Local\Mozilla Firefox\firefox.exe

(Farbar) C:\Users\Max Funcke\Downloads\FRST(2).exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()

HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()

HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()

HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {4B485EF4-889E-4A2D-98F9-ED6CEDE22D33} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

SearchScopes: HKCU - {4B485EF4-889E-4A2D-98F9-ED6CEDE22D33} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - No Name - {8C3887BA-3367-4297-B288-13472BD407E4} -  No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default

FF DefaultSearchEngine: Startpage HTTPS - Deutsch

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\searchplugins\ixquick-https---deutsch.xml

FF SearchPlugin: C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\searchplugins\startpage-https---deutsch.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

FF Extension: adblockplus - C:\Users\Max Funcke\AppData\Roaming\Mozilla\Firefox\Profiles\rkxjz51e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF StartMenuInternet: FIREFOX.EXE - C:\Users\Max Funcke\AppData\Local\Mozilla Firefox\firefox.exe
 

========================== Services (Whitelisted) =================
 

S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2012-02-17] ()

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [619408 2009-11-06] (Acronis)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [948296 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)

S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S4 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [x]

S4 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [x]

S4 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [x]

S4 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]

S4 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [29208 2012-02-17] (Agnitum Ltd.)

R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [318488 2012-02-17] (Agnitum Ltd.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [55888 2012-02-17] (BullGuard Ltd.)

R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)

S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2012-02-17] (REINER SCT)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2012-02-17] (Samsung Electronics Co., Ltd.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-08-16] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-08-16] ()

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-10-09] (Avira GmbH)

R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2011-03-14] (Samsung Electronics)

R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2012-02-19] (Acronis)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2012-02-17] (Microsoft Corporation)

S3 catchme; \??\C:\Users\MAXFUN~1\AppData\Local\Temp\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-27 11:31 - 2013-10-27 11:48 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE

2013-10-27 11:07 - 2013-10-27 11:07 - 00006576 ____N C:\bootsqm.dat

2013-10-27 10:58 - 2013-10-27 10:58 - 00002117 _____ C:\Users\Max Funcke\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2013-10-27 10:58 - 2013-10-27 10:58 - 00000000 ____D C:\Program Files\Tweaking.com

2013-10-27 10:57 - 2013-10-27 10:57 - 04976148 _____ C:\Users\Max Funcke\Downloads\tweaking.com_windows_repair_aio_setup.exe

2013-10-27 10:55 - 2013-10-27 10:55 - 00000000 ____D C:\Users\Max Funcke\Downloads\tweaking.com_windows_repair_aio

2013-10-27 10:53 - 2013-10-27 10:53 - 02804464 _____ C:\Users\Max Funcke\Downloads\tweaking.com_windows_repair_aio.zip

2013-10-26 22:56 - 2013-10-28 09:40 - 00003014 _____ C:\Users\Max Funcke\Downloads\FSS.txt

2013-10-26 22:55 - 2013-10-26 22:55 - 00359085 _____ (Farbar) C:\Users\Max Funcke\Downloads\FSS.exe

2013-10-26 22:48 - 2013-10-26 22:48 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-26 22:48 - 2013-10-26 22:48 - 00000000 ____D C:\Program Files\Common Files\Java

2013-10-26 22:37 - 2013-10-26 22:49 - 00000000 ____D C:\ProgramData\Oracle

2013-10-26 22:31 - 2013-10-26 22:32 - 00915368 _____ (Oracle Corporation) C:\Users\Max Funcke\Downloads\jxpiinstall(1).exe

2013-10-25 21:06 - 2013-10-25 21:06 - 01088465 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(2).exe

2013-10-25 19:16 - 2013-10-25 19:15 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(1).exe

2013-10-25 19:11 - 2013-10-25 19:12 - 00000448 _____ C:\Users\Max Funcke\Desktop\SecurityCheck.exe.lnk

2013-10-25 19:04 - 2013-10-25 19:04 - 00891167 _____ C:\Users\Max Funcke\Downloads\SecurityCheck.exe

2013-10-25 15:39 - 2013-10-25 15:39 - 02347384 _____ (ESET) C:\Users\Max Funcke\Downloads\esetsmartinstaller_enu.exe

2013-10-25 11:30 - 2013-10-25 11:30 - 00001401 _____ C:\Users\Max Funcke\Desktop\JRT.txt

2013-10-25 11:28 - 2013-10-25 11:28 - 01033335 _____ (Thisisu) C:\Users\Max Funcke\Downloads\JRT.exe

2013-10-25 11:28 - 2013-10-25 11:28 - 00000000 ____D C:\Windows\ERUNT

2013-10-25 11:18 - 2013-10-25 11:21 - 00000000 ____D C:\AdwCleaner

2013-10-25 11:18 - 2013-10-25 11:18 - 01060070 _____ C:\Users\Max Funcke\Downloads\adwcleaner.exe

2013-10-25 10:56 - 2013-10-25 10:56 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-25 10:56 - 2013-10-25 10:56 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Malwarebytes

2013-10-25 10:56 - 2013-10-25 10:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-25 10:56 - 2013-10-25 10:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-25 10:56 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-23 16:45 - 2013-10-23 16:45 - 00014235 _____ C:\ComboFix.txt

2013-10-23 16:36 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-23 16:36 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-23 16:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-23 16:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-23 16:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-23 16:36 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-23 16:36 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-23 16:36 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-23 16:33 - 2013-10-23 16:45 - 00000000 ____D C:\Qoobox

2013-10-23 16:33 - 2013-10-23 16:44 - 00000000 ____D C:\Windows\erdnt

2013-10-23 16:29 - 2013-10-23 16:32 - 00001373 _____ C:\Users\Max Funcke\Desktop\ComboFix.exe.lnk

2013-10-22 18:13 - 2013-10-22 18:13 - 00000000 ____D C:\FRST

2013-10-22 18:10 - 2013-10-22 18:10 - 00000094 _____ C:\Users\Max Funcke\AppData\Roaming\WB.CFG

2013-10-22 10:12 - 2013-10-22 18:09 - 00000890 _____ C:\Users\Max Funcke\daemonprocess.txt

2013-10-22 10:12 - 2013-10-22 10:27 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mobogenie

2013-10-22 10:12 - 2013-10-22 10:12 - 00000000 ____D C:\Users\Max Funcke\Documents\Mobogenie

2013-10-22 10:12 - 2013-10-22 10:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\cache

2013-10-21 15:59 - 2013-10-21 15:59 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup(1).exe

2013-10-21 15:58 - 2013-10-21 15:58 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup.exe

2013-10-18 14:37 - 2013-10-18 14:40 - 00005006 _____ C:\Users\Max Funcke\Desktop\Windows Compatibility Report.htm

2013-10-10 13:48 - 2013-10-10 13:48 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-10-02 13:38 - 2013-10-02 13:38 - 00281896 _____ (Mozilla) C:\Users\Max Funcke\Downloads\Firefox Setup Stub 24.0.exe

2013-10-01 13:03 - 2013-03-02 06:06 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-01 13:03 - 2013-03-02 06:05 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-01 13:03 - 2013-03-02 06:05 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-10-01 13:03 - 2013-03-02 06:02 - 06032384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-01 13:03 - 2013-03-02 06:02 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-01 13:03 - 2013-03-02 06:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2013-10-01 13:03 - 2013-03-02 06:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-10-01 13:03 - 2013-03-02 06:02 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-10-01 13:03 - 2013-03-02 06:01 - 11019776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-01 13:03 - 2013-03-02 06:01 - 02077184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-01 13:03 - 2013-03-02 06:01 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-10-01 13:03 - 2013-03-02 06:01 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-10-01 13:03 - 2013-03-02 06:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-01 13:03 - 2013-03-02 06:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-01 13:03 - 2013-03-02 05:03 - 00386048 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-10-01 13:03 - 2013-03-02 04:30 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-10-01 13:03 - 2013-03-02 04:29 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-01 13:03 - 2013-03-02 04:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-10-01 12:34 - 2013-10-01 12:34 - 237088386 _____ C:\Windows\MEMORY.DMP

2013-10-01 12:34 - 2013-10-01 12:34 - 00143840 _____ C:\Windows\Minidump\100113-20420-01.dmp
 

==================== One Month Modified Files and Folders =======
 

2013-10-28 09:40 - 2013-10-26 22:56 - 00003014 _____ C:\Users\Max Funcke\Downloads\FSS.txt

2013-10-28 09:31 - 2013-05-29 15:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-28 09:31 - 2010-11-04 14:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-28 09:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing

2013-10-27 15:24 - 2010-11-04 14:19 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-27 15:09 - 2010-09-30 12:01 - 01137408 _____ C:\Windows\WindowsUpdate.log

2013-10-27 12:09 - 2009-07-14 05:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-27 12:09 - 2009-07-14 05:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-27 12:06 - 2010-06-29 14:26 - 01621294 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-27 12:02 - 2013-09-25 15:07 - 00000326 _____ C:\Windows\Tasks\WFSRUCH.job

2013-10-27 12:02 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-27 12:02 - 2009-07-14 05:39 - 00008396 _____ C:\Windows\setupact.log

2013-10-27 12:02 - 2009-07-14 05:33 - 00329024 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-27 12:01 - 2010-09-30 17:17 - 00558206 _____ C:\Windows\PFRO.log

2013-10-27 11:48 - 2013-10-27 11:31 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE

2013-10-27 11:07 - 2013-10-27 11:07 - 00006576 ____N C:\bootsqm.dat

2013-10-27 10:58 - 2013-10-27 10:58 - 00002117 _____ C:\Users\Max Funcke\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2013-10-27 10:58 - 2013-10-27 10:58 - 00000000 ____D C:\Program Files\Tweaking.com

2013-10-27 10:57 - 2013-10-27 10:57 - 04976148 _____ C:\Users\Max Funcke\Downloads\tweaking.com_windows_repair_aio_setup.exe

2013-10-27 10:55 - 2013-10-27 10:55 - 00000000 ____D C:\Users\Max Funcke\Downloads\tweaking.com_windows_repair_aio

2013-10-27 10:53 - 2013-10-27 10:53 - 02804464 _____ C:\Users\Max Funcke\Downloads\tweaking.com_windows_repair_aio.zip

2013-10-26 22:55 - 2013-10-26 22:55 - 00359085 _____ (Farbar) C:\Users\Max Funcke\Downloads\FSS.exe

2013-10-26 22:49 - 2013-10-26 22:37 - 00000000 ____D C:\ProgramData\Oracle

2013-10-26 22:48 - 2013-10-26 22:48 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-26 22:48 - 2013-10-26 22:48 - 00000000 ____D C:\Program Files\Common Files\Java

2013-10-26 22:48 - 2013-05-30 18:00 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-26 22:48 - 2013-05-30 18:00 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-26 22:48 - 2013-05-30 18:00 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-26 22:48 - 2010-06-30 11:02 - 00000000 ____D C:\Program Files\Java

2013-10-26 22:32 - 2013-10-26 22:31 - 00915368 _____ (Oracle Corporation) C:\Users\Max Funcke\Downloads\jxpiinstall(1).exe

2013-10-25 21:06 - 2013-10-25 21:06 - 01088465 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(2).exe

2013-10-25 19:15 - 2013-10-25 19:16 - 01088113 _____ (Farbar) C:\Users\Max Funcke\Downloads\FRST(1).exe

2013-10-25 19:12 - 2013-10-25 19:11 - 00000448 _____ C:\Users\Max Funcke\Desktop\SecurityCheck.exe.lnk

2013-10-25 19:04 - 2013-10-25 19:04 - 00891167 _____ C:\Users\Max Funcke\Downloads\SecurityCheck.exe

2013-10-25 15:39 - 2013-10-25 15:39 - 02347384 _____ (ESET) C:\Users\Max Funcke\Downloads\esetsmartinstaller_enu.exe

2013-10-25 11:30 - 2013-10-25 11:30 - 00001401 _____ C:\Users\Max Funcke\Desktop\JRT.txt

2013-10-25 11:28 - 2013-10-25 11:28 - 01033335 _____ (Thisisu) C:\Users\Max Funcke\Downloads\JRT.exe

2013-10-25 11:28 - 2013-10-25 11:28 - 00000000 ____D C:\Windows\ERUNT

2013-10-25 11:21 - 2013-10-25 11:18 - 00000000 ____D C:\AdwCleaner

2013-10-25 11:18 - 2013-10-25 11:18 - 01060070 _____ C:\Users\Max Funcke\Downloads\adwcleaner.exe

2013-10-25 11:14 - 2010-10-23 17:00 - 00000000 ____D C:\Windows\pss

2013-10-25 10:56 - 2013-10-25 10:56 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-25 10:56 - 2013-10-25 10:56 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Malwarebytes

2013-10-25 10:56 - 2013-10-25 10:56 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-25 10:56 - 2013-10-25 10:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-23 16:45 - 2013-10-23 16:45 - 00014235 _____ C:\ComboFix.txt

2013-10-23 16:45 - 2013-10-23 16:33 - 00000000 ____D C:\Qoobox

2013-10-23 16:45 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public

2013-10-23 16:44 - 2013-10-23 16:33 - 00000000 ____D C:\Windows\erdnt

2013-10-23 16:43 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini

2013-10-23 16:32 - 2013-10-23 16:29 - 00001373 _____ C:\Users\Max Funcke\Desktop\ComboFix.exe.lnk

2013-10-22 18:13 - 2013-10-22 18:13 - 00000000 ____D C:\FRST

2013-10-22 18:10 - 2013-10-22 18:10 - 00000094 _____ C:\Users\Max Funcke\AppData\Roaming\WB.CFG

2013-10-22 18:09 - 2013-10-22 10:12 - 00000890 _____ C:\Users\Max Funcke\daemonprocess.txt

2013-10-22 10:27 - 2013-10-22 10:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mobogenie

2013-10-22 10:12 - 2013-10-22 10:12 - 00000000 ____D C:\Users\Max Funcke\Documents\Mobogenie

2013-10-22 10:12 - 2013-10-22 10:12 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\cache

2013-10-22 10:12 - 2010-09-30 12:08 - 00000000 ____D C:\Users\Max Funcke

2013-10-21 15:59 - 2013-10-21 15:59 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup(1).exe

2013-10-21 15:58 - 2013-10-21 15:58 - 00707880 _____ C:\Users\Max Funcke\Downloads\DownloadManagerSetup.exe

2013-10-21 15:21 - 2010-10-15 10:50 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Google

2013-10-18 15:55 - 2012-02-17 17:07 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-18 14:41 - 2012-02-04 07:35 - 00013668 _____ C:\Windows\diagwrn.xml

2013-10-18 14:41 - 2012-02-04 07:35 - 00001908 _____ C:\Windows\diagerr.xml

2013-10-18 14:40 - 2013-10-18 14:37 - 00005006 _____ C:\Users\Max Funcke\Desktop\Windows Compatibility Report.htm

2013-10-18 14:31 - 2009-07-14 05:39 - 00000000 _____ C:\Windows\setuperr.log

2013-10-15 10:30 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF

2013-10-14 16:38 - 2010-10-08 10:56 - 00000000 ____D C:\Users\Max Funcke\Documents\ChessBase

2013-10-14 16:21 - 2010-06-30 10:55 - 00000000 ____D C:\ProgramData\Adobe

2013-10-12 11:34 - 2010-06-30 09:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-10 13:49 - 2010-09-30 14:29 - 00000000 ____D C:\Users\Max Funcke\AppData\Roaming\Adobe

2013-10-10 13:48 - 2013-10-10 13:48 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-10-10 13:48 - 2010-10-06 15:36 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Adobe

2013-10-10 13:47 - 2010-06-30 10:55 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-10-10 13:47 - 2010-06-30 10:55 - 00000000 ____D C:\Program Files\Adobe

2013-10-10 12:51 - 2013-05-29 15:51 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

2013-10-10 12:51 - 2013-02-14 12:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-10 12:51 - 2011-09-13 09:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-10 11:06 - 2010-06-30 09:36 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-10 11:06 - 2009-07-14 03:04 - 00000687 _____ C:\Windows\win.ini

2013-10-10 10:33 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-10-06 13:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Help

2013-10-03 14:54 - 2012-08-30 11:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-02 13:43 - 2013-08-17 10:40 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mozilla Firefox

2013-10-02 13:43 - 2013-02-28 18:04 - 00001233 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-10-02 13:43 - 2010-09-30 17:38 - 00000000 ____D C:\Users\Max Funcke\AppData\Local\Mozilla

2013-10-02 13:38 - 2013-10-02 13:38 - 00281896 _____ (Mozilla) C:\Users\Max Funcke\Downloads\Firefox Setup Stub 24.0.exe

2013-10-01 15:15 - 2013-05-06 11:01 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-10-01 15:15 - 2012-10-09 17:02 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-10-01 15:15 - 2012-10-09 17:02 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-10-01 15:15 - 2012-10-09 17:02 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-10-01 12:35 - 2010-09-30 12:01 - 00000000 ____D C:\Recovery

2013-10-01 12:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\Recovery

2013-10-01 12:34 - 2013-10-01 12:34 - 237088386 _____ C:\Windows\MEMORY.DMP

2013-10-01 12:34 - 2013-10-01 12:34 - 00143840 _____ C:\Windows\Minidump\100113-20420-01.dmp

2013-10-01 12:34 - 2010-10-09 17:40 - 00000000 ____D C:\Windows\Minidump
 

Some content of TEMP:

====================

C:\Users\Max Funcke\AppData\Local\Temp\avgnt.exe

C:\Users\Max Funcke\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-25 18:51
 

==================== End Of Log ============================

--- --- ---

und tschüss, xamecknuf

Habt ihr auch schon mal nen komplettes Inplace Upgrade versucht?

ich meine nein, weis aber eigentlich nicht, was das ist. Du meinst zusammen dem dem Mann von Mocrosoft?
Gruß xamecknuf

Hi, vielleicht hilft Dir dies: Seit dem Problem mit dem Sicherheitsservice, kann ich bei meinem Provider meine Rechnungen nicht mehr laden/lesen. Ich logge ganz normal auf der Vodafon/Arcor Seite ein, bekomme alle Daten die so gespeichert sind, aber nach dem Befehl meine Rechnung kommt nur noch Rechnungsdaten werden geladen in Endlosschleife.
Auf meinem Laptop gibt es damit bei Arcor keine Probleme.

Gruß xamecknuf

Schau mal hier wegen Inplace Upgrade:
"In Place Upgrade"

Hi, kann man das auch mit einer Recovery Disc von Medion "Windows 7 Home Premium ohne SP! machen, oder ist das keine OEM oder Retail version und funktioniert dann nicht?

Kannst Du das klären???