nach firefox update / portaldosites in jedem neuen tap

MaKenobby · 20.05.2014, 08:41

Hallo,

ich habe heute morgen ein Firefox update vorgenommen und jetzt erscheint bei der Öffnung eines neuen Taps immer die portaldosites Seite.

Nach ein bisschen Suche im Netz habe ich herausgefunden das es sich um eine Spyware handelt.
Ihr habt mir in einem ähnlichen Fall schon einmal ganz hervorragend geholfen. Darum jetzt meine Frage und Bitte:
Wie werde ich das ganz schnell wieder los?

schrauber · 20.05.2014, 08:45

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

MaKenobby · 20.05.2014, 08:57

Hi Schrauber,

schön das Du mir noch einmal hilfst.

Hier die FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Martina (administrator) on MARTINA-PC on 20-05-2014 09:52:42
Running from C:\Users\Martina\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-690356491-1174369309-2236414189-1000\...\Run: [] => [X]
HKU\S-1-5-21-690356491-1174369309-2236414189-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-690356491-1174369309-2236414189-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Martina\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=9427094b7add47d39ca80919a0d8b530-e0c1b7bcbd5fbcb6eb432da5ca2d2cff55523c66 /CMPID=1213b

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386605906&from=tugs&uid=TOSHIBAXDT01ACA100_X384KT6NSXXX384KT6NSX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386605906&from=tugs&uid=TOSHIBAXDT01ACA100_X384KT6NSXXX384KT6NSX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386605906&from=tugs&uid=TOSHIBAXDT01ACA100_X384KT6NSXXX384KT6NSX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386605906&from=tugs&uid=TOSHIBAXDT01ACA100_X384KT6NSXXX384KT6NSX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {FC739C94-F44E-4EBA-9B70-87AB45DFD999} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - {FC739C94-F44E-4EBA-9B70-87AB45DFD999} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\..\Interfaces\{0F245E3B-7DC2-4299-BED7-9089C5A77AA1}: [NameServer]62.109.121.2 62.109.121.1
Tcpip\..\Interfaces\{441E04CD-6116-4027-919E-D2D34375EACE}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default
FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1386605906&from=tugs&uid=TOSHIBAXDT01ACA100_X384KT6NSXXX384KT6NSX
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-25]
FF Extension: Noia 4 Theme Manager - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\Noia4Options@ArisT2.xpi [2013-11-03]
FF Extension: Noia Fox options - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\NoiaFoxoption@davidvincent.tld.xpi [2013-11-03]
FF Extension: Personas Plus - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\personas@christopher.beard.xpi [2013-11-03]
FF Extension: No Name - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2013-11-03]
FF Extension: AniWeather - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2013-11-03]
FF Extension: KOLOBOK Smiles - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{5CEFD22F-9A9E-4544-9BFC-C4F2FBCA87D6}.xpi [2013-11-03]
FF Extension: eCleaner - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2013-11-03]
FF Extension: Ecosia - The search engine that plants trees - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2013-11-03]
FF Extension: Adblock Plus - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-03]
FF Extension: BetterPrivacy - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-12-09]
FF Extension: Extended Statusbar - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi [2013-11-03]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-11-16] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-11-16] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-20 09:52 - 2014-05-20 09:52 - 00010911 _____ () C:\Users\Martina\Desktop\FRST.txt
2014-05-20 09:52 - 2014-05-20 09:52 - 00000000 ____D () C:\FRST
2014-05-20 09:51 - 2014-05-20 09:51 - 02067456 _____ (Farbar) C:\Users\Martina\Desktop\FRST64.exe
2014-05-20 07:38 - 2014-05-20 07:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-17 15:52 - 2014-05-17 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradewinds Caravans
2014-05-16 20:03 - 2014-05-16 20:03 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Up
2014-05-16 20:03 - 2014-05-16 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Up
2014-05-16 19:48 - 2014-05-16 19:48 - 00001743 _____ () C:\Users\Public\Desktop\The Snow Fable.lnk
2014-05-16 19:48 - 2014-05-16 19:48 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Snow Fable
2014-05-16 19:48 - 2014-05-16 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Snow Fable
2014-05-15 18:42 - 2014-05-15 18:42 - 00001888 _____ () C:\Users\Martina\Desktop\Mystika 2 - The Sanctuary.lnk
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\unikgame
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystika 2 - The Sanctuary
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystika 2 - The Sanctuary
2014-05-14 23:24 - 2014-05-15 00:39 - 00000000 ____D () C:\Users\Martina\Documents\Big Bang West
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-13 00:36 - 2014-05-13 00:36 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\GameInvest
2014-05-13 00:34 - 2014-05-13 00:34 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Zellians - Kingdom Builder
2014-05-13 00:34 - 2014-05-13 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Zellians - Kingdom Builder
2014-05-11 09:46 - 2014-05-11 09:46 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forgotten Books - The Enchanted Crown Collectors Edition
2014-05-11 09:46 - 2014-05-11 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forgotten Books - The Enchanted Crown Collectors Edition
2014-05-07 13:01 - 2014-05-07 13:01 - 00017047 _____ () C:\Users\Martina\Documents\Mietvertrag Wohnungsbörse.odt
2014-05-04 16:54 - 2014-05-04 16:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-03 08:27 - 2014-05-03 08:30 - 00000000 ____D () C:\ProgramData\Emberwind
2014-05-03 08:25 - 2014-05-03 08:25 - 00419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-05-02 12:23 - 2014-05-02 12:23 - 00000000 ____D () C:\ProgramData\Magic-Heroes
2014-05-02 12:06 - 2014-05-02 12:06 - 00001923 _____ () C:\Users\Public\Desktop\Magic Heroes - Save Our Park.lnk
2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic Heroes - Save Our Park
2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Heroes - Save Our Park
2014-05-01 13:19 - 2014-05-03 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2014-05-01 13:19 - 2014-05-03 08:34 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-04-30 18:55 - 2014-05-01 13:20 - 00000000 ____D () C:\ProgramData\Trymedia
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 ____D () C:\Program Files (x86)\Online Games Manager
2014-04-30 18:52 - 2014-04-30 18:52 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\WinRAR
2014-04-27 18:54 - 2014-04-27 18:54 - 00000000 ____D () C:\Users\Martina\Documents\PassionFruit Games
2014-04-26 21:36 - 2014-04-26 21:36 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\LDW
2014-04-26 21:11 - 2014-05-11 17:00 - 00000000 ____D () C:\Users\Martina\Documents\LDW
2014-04-26 21:06 - 2014-04-26 21:06 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tiger Eye - Part I - Curse of the Riddle Box
2014-04-26 21:06 - 2014-04-26 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiger Eye - Part I - Curse of the Riddle Box
2014-04-23 18:52 - 2014-04-23 18:52 - 00000000 ____D () C:\ProgramData\Beanbag Studios
2014-04-23 18:47 - 2014-04-23 18:47 - 00000000 ____D () C:\ProgramData\Brainiversity2
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\ProgramData\MisteryRiddles
2014-04-23 17:45 - 2014-04-23 17:45 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brain Training for Dummies
2014-04-23 17:45 - 2014-04-23 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brain Training for Dummies
2014-04-23 17:43 - 2014-04-23 17:43 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Riddles
2014-04-23 17:43 - 2014-04-23 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Riddles
2014-04-20 09:01 - 2014-04-20 09:01 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Archie - Riverdale Rescue
2014-04-20 09:01 - 2014-04-20 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Archie - Riverdale Rescue

==================== One Month Modified Files and Folders =======

2014-05-20 09:52 - 2014-05-20 09:52 - 00010911 _____ () C:\Users\Martina\Desktop\FRST.txt
2014-05-20 09:52 - 2014-05-20 09:52 - 00000000 ____D () C:\FRST
2014-05-20 09:51 - 2014-05-20 09:51 - 02067456 _____ (Farbar) C:\Users\Martina\Desktop\FRST64.exe
2014-05-20 08:35 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 08:35 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 08:34 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-05-20 08:34 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-05-20 08:34 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 08:32 - 2013-11-03 20:32 - 02058373 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 08:28 - 2013-11-17 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-20 08:28 - 2013-11-03 22:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-20 08:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 08:28 - 2009-07-14 06:51 - 00072919 _____ () C:\Windows\setupact.log
2014-05-20 08:26 - 2014-04-04 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-20 07:38 - 2014-05-20 07:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-18 20:32 - 2013-11-13 15:35 - 00000000 ___RD () C:\Users\Martina\Desktop\Mieter & Verträge
2014-05-18 06:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-17 18:23 - 2013-11-17 22:37 - 00000000 ___RD () C:\Users\Martina\Desktop\Games
2014-05-17 15:52 - 2014-05-17 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradewinds Caravans
2014-05-17 15:52 - 2013-12-11 01:00 - 00000000 ____D () C:\Spiele (Programme)
2014-05-17 15:52 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-17 15:50 - 2013-12-10 12:02 - 00000000 ____D () C:\BigFishCache
2014-05-16 20:04 - 2014-02-13 01:47 - 00001722 _____ () C:\Users\Public\Desktop\Farm Up.lnk
2014-05-16 20:03 - 2014-05-16 20:03 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Up
2014-05-16 20:03 - 2014-05-16 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Up
2014-05-16 19:59 - 2013-11-18 16:15 - 00000000 ___RD () C:\MaBluEden
2014-05-16 19:59 - 2013-11-04 23:18 - 00000000 ___RD () C:\Users\Martina\AppData\Roaming\Realore
2014-05-16 19:48 - 2014-05-16 19:48 - 00001743 _____ () C:\Users\Public\Desktop\The Snow Fable.lnk
2014-05-16 19:48 - 2014-05-16 19:48 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Snow Fable
2014-05-16 19:48 - 2014-05-16 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Snow Fable
2014-05-16 19:40 - 2013-11-17 18:20 - 00000000 ____D () C:\Users\Martina\AppData\Local\CrashDumps
2014-05-15 18:42 - 2014-05-15 18:42 - 00001888 _____ () C:\Users\Martina\Desktop\Mystika 2 - The Sanctuary.lnk
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\unikgame
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystika 2 - The Sanctuary
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystika 2 - The Sanctuary
2014-05-15 00:39 - 2014-05-14 23:24 - 00000000 ____D () C:\Users\Martina\Documents\Big Bang West
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-13 00:36 - 2014-05-13 00:36 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\GameInvest
2014-05-13 00:34 - 2014-05-13 00:34 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Zellians - Kingdom Builder
2014-05-13 00:34 - 2014-05-13 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Zellians - Kingdom Builder
2014-05-11 21:27 - 2013-11-06 08:46 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\AlawarEntertainment
2014-05-11 17:12 - 2013-12-24 23:15 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\ERS Game Studios
2014-05-11 17:00 - 2014-04-26 21:11 - 00000000 ____D () C:\Users\Martina\Documents\LDW
2014-05-11 09:46 - 2014-05-11 09:46 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forgotten Books - The Enchanted Crown Collectors Edition
2014-05-11 09:46 - 2014-05-11 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forgotten Books - The Enchanted Crown Collectors Edition
2014-05-08 08:39 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-07 13:01 - 2014-05-07 13:01 - 00017047 _____ () C:\Users\Martina\Documents\Mietvertrag Wohnungsbörse.odt
2014-05-04 16:55 - 2014-05-04 16:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-03 08:34 - 2014-05-01 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2014-05-03 08:34 - 2014-05-01 13:19 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-05-03 08:30 - 2014-05-03 08:27 - 00000000 ____D () C:\ProgramData\Emberwind
2014-05-03 08:25 - 2014-05-03 08:25 - 00419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-05-02 12:23 - 2014-05-02 12:23 - 00000000 ____D () C:\ProgramData\Magic-Heroes
2014-05-02 12:06 - 2014-05-02 12:06 - 00001923 _____ () C:\Users\Public\Desktop\Magic Heroes - Save Our Park.lnk
2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic Heroes - Save Our Park
2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Heroes - Save Our Park
2014-05-01 13:46 - 2013-11-17 16:18 - 00000000 ____D () C:\Users\Martina\AppData\Local\VirtualStore
2014-05-01 13:20 - 2014-04-30 18:55 - 00000000 ____D () C:\ProgramData\Trymedia
2014-05-01 13:19 - 2013-11-03 20:34 - 00000000 ____D () C:\Users\Martina
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 ____D () C:\Program Files (x86)\Online Games Manager
2014-04-30 18:55 - 2013-11-13 17:01 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\PlayFirst
2014-04-30 18:52 - 2014-04-30 18:52 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\WinRAR
2014-04-27 18:54 - 2014-04-27 18:54 - 00000000 ____D () C:\Users\Martina\Documents\PassionFruit Games
2014-04-26 21:36 - 2014-04-26 21:36 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\LDW
2014-04-26 21:06 - 2014-04-26 21:06 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tiger Eye - Part I - Curse of the Riddle Box
2014-04-26 21:06 - 2014-04-26 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiger Eye - Part I - Curse of the Riddle Box
2014-04-23 18:52 - 2014-04-23 18:52 - 00000000 ____D () C:\ProgramData\Beanbag Studios
2014-04-23 18:47 - 2014-04-23 18:47 - 00000000 ____D () C:\ProgramData\Brainiversity2
2014-04-23 17:47 - 2014-04-23 17:47 - 00000000 ____D () C:\ProgramData\MisteryRiddles
2014-04-23 17:45 - 2014-04-23 17:45 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brain Training for Dummies
2014-04-23 17:45 - 2014-04-23 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brain Training for Dummies
2014-04-23 17:43 - 2014-04-23 17:43 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Riddles
2014-04-23 17:43 - 2014-04-23 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Riddles
2014-04-20 09:02 - 2014-04-05 15:17 - 00001890 _____ () C:\Users\Public\Desktop\Archie - Riverdale Rescue.lnk
2014-04-20 09:01 - 2014-04-20 09:01 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Archie - Riverdale Rescue
2014-04-20 09:01 - 2014-04-20 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Archie - Riverdale Rescue

Some content of TEMP:
====================
C:\Users\Martina\AppData\Local\Temp\AlawarGameBoxSetup.exe
C:\Users\Martina\AppData\Local\Temp\bfguni.exe
C:\Users\Martina\AppData\Local\Temp\bstrapInstall.exe
C:\Users\Martina\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Martina\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Martina\AppData\Local\Temp\Quarantine.exe
C:\Users\Martina\AppData\Local\Temp\tempmessage.bfg
C:\Users\Martina\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 10:00

==================== End Of Log ============================

--- --- ---

und die Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Martina at 2014-05-20 09:53:12
Running from C:\Users\Martina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

4 Elements (HKLM-x32\...\BFG-4 Elements) (Version:  - )
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Album Shaper 2.1 (HKLM-x32\...\AlbumShaper_2.1) (Version:  - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{F87F5A36-43B2-F8CD-F601-AED5D064DD4C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD USB 3.0 Device Detector (Version: 2.1.29.0 - Advanced Micro Devices, Inc.) Hidden
Archie: Riverdale Rescue (HKLM-x32\...\BFG-Archie - Riverdale Rescue) (Version:  - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Awakening: Moonfell Wood (HKLM-x32\...\BFG-Awakening - Moonfell Wood) (Version:  - )
Awakening: Schloss ohne Tr&auml;ume (HKLM-x32\...\BFG-Awakening - Schloss ohne Traeume) (Version:  - )
Azada: Elementa (HKLM-x32\...\BFG-Azada - Elementa) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Botanica: Into the Unknown Collector's Edition (HKLM-x32\...\BFG-Botanica - Into the Unknown Collector's Edition) (Version:  - )
Brain Training for Dummies (HKLM-x32\...\BFG-Brain Training for Dummies) (Version:  - )
Brunhilda and the Dark Crystal (HKLM-x32\...\BFG-Brunhilda and the Dark Crystal) (Version:  - )
Buku Kakuro (HKLM-x32\...\BFG-Buku Kakuro) (Version:  - )
Canon iP7200 series Benutzerregistrierung (HKLM-x32\...\Canon iP7200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - Canon Inc.)
Christmas Tales: Fellina's Journey (HKLM-x32\...\BFG-Christmas Tales - Fellina's Journey) (Version:  - )
Corel Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Death at Cape Porto: A Dana Knightstone Novel Collector’s Edition (HKLM-x32\...\BFG-Death at Cape Porto - A Dana Knightstone Novel Collectors Edition) (Version:  - )
Delicious Promo (HKLM-x32\...\8b567f6f25e6a3d6abf028aeb1d36a31) (Version:  - Zylom)
Dream Hills: Captured Magic (HKLM-x32\...\BFG-Dream Hills - Captured Magic) (Version:  - )
Druid Kingdom (HKLM-x32\...\BFG-Druid Kingdom) (Version:  - )
Elven Mists (HKLM-x32\...\BFG-Elven Mists) (Version:  - )
Experiment (HKLM-x32\...\BFG-Experiment) (Version:  - )
Fairy Jewels 2 (HKLM-x32\...\BFG-Fairy Jewels 2) (Version:  - )
Farm Up (HKLM-x32\...\BFG-Farm Up) (Version:  - )
Farmington Tales (HKLM-x32\...\BFG-Farmington Tales) (Version:  - )
Farmington Tales 2: Winter Crop (HKLM-x32\...\BFG-Farmington Tales 2 - Winter Crop) (Version:  - )
Flights of Fancy: Two Doves Collector's Edition (HKLM-x32\...\BFG-Flights of Fancy - Two Doves Collectors Edition) (Version:  - )
Forgotten Books: The Enchanted Crown Collector's Edition (HKLM-x32\...\BFG-Forgotten Books - The Enchanted Crown Collectors Edition) (Version:  - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gardenscapes 2 (HKLM-x32\...\BFG-Gardenscapes 2) (Version:  - )
Gemini Lost(TM) (HKLM-x32\...\ed32be8786d48de6888566889c3be6eb) (Version:  - Zylom)
Great Adventures: Lost in Mountains (HKLM-x32\...\BFG-Great Adventures - Lost in Mountains) (Version:  - )
Green City (HKLM-x32\...\BFG-Green City) (Version:  - )
Green City 2 (HKLM-x32\...\BFG-Green City 2) (Version:  - )
Inbetween Land (HKLM-x32\...\BFG-Inbetween Land) (Version:  - )
Island Tribe 5 (HKLM-x32\...\BFG-Island Tribe 5) (Version:  - )
Jack of All Tribes (HKLM-x32\...\BFG-Jack of All Tribes) (Version:  - )
Jewel Master - Cradle Of Rome (HKLM-x32\...\{BD11E3C6-065E-40BB-A129-435C4530A159}_is1) (Version:  - cerasus.media GmbH)
Journey: The Heart of Gaia (HKLM-x32\...\BFG-Journey - The Heart of Gaia) (Version:  - )
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Keepsake (HKLM-x32\...\Keepsake) (Version:  - )
Kingdom Chronicles (HKLM-x32\...\BFG-Kingdom Chronicles) (Version:  - )
Kingdom Tales (HKLM-x32\...\BFG-Kingdom Tales) (Version:  - )
Kingdom's Heyday (HKLM-x32\...\BFG-Kingdom's Heyday) (Version:  - )
LibreOffice 4.1.0.4 (HKLM-x32\...\{F8478020-D98E-49FB-BA14-07A534AED99C}) (Version: 4.1.0.4 - The Document Foundation)
Love Story: The Way Home (HKLM-x32\...\BFG-Love Story - The Way Home) (Version:  - )
Magic Encyclopedia: Illusions (HKLM-x32\...\BFG-Magic Encyclopedia - Illusions) (Version:  - )
Magic Heroes: Save Our Park (HKLM-x32\...\BFG-Magic Heroes - Save Our Park) (Version:  - )
Mahjong Holidays 2006 (HKLM-x32\...\BFG-Mahjong Holidays 2006) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 FRA Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Moai: Build Your Dream (HKLM-x32\...\BFG-Moai - Build Your Dream) (Version:  - )
Module linguistique de Microsoft .NET Framework 4.5 - FRA (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50709 - Microsoft Corporation)
Mosaics Galore (HKLM-x32\...\BFG-Mosaics Galore) (Version:  - )
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Kingdom for the Princess IV (HKLM-x32\...\BFG-My Kingdom for the Princess IV) (Version:  - )
Mystery Riddles (HKLM-x32\...\BFG-Mystery Riddles) (Version:  - )
Mystika 2: The Sanctuary (HKLM-x32\...\BFG-Mystika 2 - The Sanctuary) (Version:  - )
Mythic Mahjong (HKLM-x32\...\BFG-Mythic Mahjong) (Version:  - )
Nearwood Collector's Edition (HKLM-x32\...\BFG-Nearwood Collector's Edition) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
Northern Tale 2 (HKLM-x32\...\BFG-Northern Tale 2) (Version:  - )
Northern Tale 3 (HKLM-x32\...\BFG-Northern Tale 3) (Version:  - )
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Otherworld: Omens of Summer Collector's Edition (HKLM-x32\...\BFG-Otherworld - Omens of Summer Collector's Edition) (Version:  - )
Otherworld: Shades of Fall Collector's Edition (HKLM-x32\...\BFG-Otherworld - Shades of Fall Collectors Edition) (Version:  - )
Patchworkz™ (HKLM-x32\...\BFG-Patchworkz) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Revived Legends: Road of the Kings Collector's Edition (HKLM-x32\...\BFG-Revived Legends - Road of the Kings Collectors Edition) (Version:  - )
Royal Envoy 3 Collector's Edition (HKLM-x32\...\Royal Envoy 3 Collector's Edition_is1) (Version: 1.0 - Playrix Entertainment)
Royal Envoy Campaign for the Crown Collector's Edition (HKLM-x32\...\Royal Envoy Campaign for the Crown Collector's Edition_is1) (Version: 1.0 - Playrix Entertainment)
Royal Trouble (HKLM-x32\...\BFG-Royal Trouble) (Version:  - )
Rush for Gold: California (HKLM-x32\...\BFG-Rush for Gold - California) (Version:  - )
Settlement: Colossus (HKLM-x32\...\BFG-Settlement - Colossus) (Version:  - )
Shaolin Mystery: Tale of the Jade Dragon Staff (HKLM-x32\...\BFG-Shaolin Mystery - Tale of the Jade Dragon Staff) (Version:  - )
Snark Busters: Welcome to the Club (HKLM-x32\...\BFG-Snark Busters - Welcome to the Club) (Version:  - )
Space Mahjong (HKLM-x32\...\BFG-Space Mahjong) (Version:  - )
Spirits of Mystery: The Dark Minotaur Collector's Edition (HKLM-x32\...\BFG-Spirits of Mystery - The Dark Minotaur Collector's Edition) (Version:  - )
Spirits of Mystery: The Silver Arrow Collector's Edition (HKLM-x32\...\BFG-Spirits of Mystery - The Silver Arrow Collectors Edition) (Version:  - )
Summer Mahjong (HKLM-x32\...\BFG-Summer Mahjong) (Version:  - )
Tales of Lagoona 2: Peril at Poseidon Park (HKLM-x32\...\BFG-Tales of Lagoona 2 - Peril at Poseidon Park) (Version:  - )
Tales of Lagoona: Orphans of the Ocean (HKLM-x32\...\BFG-Tales of Lagoona - Orphans of the Ocean) (Version:  - )
The Enchanting Islands (HKLM-x32\...\BFG-The Enchanting Islands) (Version:  - )
The Far Kingdoms (HKLM-x32\...\BFG-The Far Kingdoms) (Version:  - )
The Golden Years: Way Out West (HKLM-x32\...\BFG-The Golden Years - Way Out West) (Version:  - )
The Island: Castaway (HKLM-x32\...\BFG-The Island - Castaway) (Version:  - )
The Promised Land (HKLM-x32\...\BFG-The Promised Land) (Version:  - )
The Snow Fable (HKLM-x32\...\BFG-The Snow Fable) (Version:  - )
The Tiny Bang Story (HKLM-x32\...\BFG-The Tiny Bang Story) (Version:  - )
The Whispered World (HKLM-x32\...\{BD009869-6498-4CF9-9016-E9EA6E3742B2}) (Version: 1.00 - Deep Silver)
Tiger Eye - Part I: Curse of the Riddle Box (HKLM-x32\...\BFG-Tiger Eye - Part I - Curse of the Riddle Box) (Version:  - )
Tradewinds Caravans (HKLM-x32\...\BFG-Tradewinds Caravans) (Version:  - )
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
VBA (2701.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Viking Saga: New World (HKLM-x32\...\BFG-Viking Saga - New World) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Wonderburg (HKLM-x32\...\BFG-Wonderburg) (Version:  - )
World of Zellians: Kingdom Builder ™ (HKLM-x32\...\BFG-World of Zellians - Kingdom Builder) (Version:  - )
ZenGems (HKLM-x32\...\BFG-ZenGems) (Version:  - )

==================== Restore Points  =========================

24-04-2014 10:41:08 Geplanter Prüfpunkt
29-04-2014 19:24:41 Installed AVG 2014
03-05-2014 06:24:57 DirectX wurde installiert
10-05-2014 09:17:26 Geplanter Prüfpunkt
17-05-2014 15:37:28 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-12-09 21:02 - 00000860 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {6DF46B77-9479-4A12-AE04-B60AAE2761BE} - System32\Tasks\{FA308BDD-39C6-447C-B946-04EDB95DF9CA} => C:\Program Files (x86)\LibreOffice 4\program\soffice.exe [2013-07-23] (The Document Foundation)

==================== Loaded Modules (whitelisted) =============

2013-10-02 21:29 - 2013-10-02 21:29 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 21:30 - 2013-10-02 21:30 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 14:26 - 2013-04-15 14:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 14:26 - 2013-04-15 14:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 21:28 - 2013-10-02 21:28 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 21:28 - 2013-10-02 21:28 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-10-02 21:30 - 2013-10-02 21:30 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2014-05-20 07:38 - 2014-05-20 07:38 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:00F3978A
AlternateDataStreams: C:\ProgramData\TEMP:07D64CD9
AlternateDataStreams: C:\ProgramData\TEMP:08B7D3D2
AlternateDataStreams: C:\ProgramData\TEMP:0AF6266B
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:0CDF8C3D
AlternateDataStreams: C:\ProgramData\TEMP:0D0F6CE7
AlternateDataStreams: C:\ProgramData\TEMP:0EBD727C
AlternateDataStreams: C:\ProgramData\TEMP:0F3F6B1E
AlternateDataStreams: C:\ProgramData\TEMP:124B94C0
AlternateDataStreams: C:\ProgramData\TEMP:12A012A1
AlternateDataStreams: C:\ProgramData\TEMP:132714FA
AlternateDataStreams: C:\ProgramData\TEMP:14362DF8
AlternateDataStreams: C:\ProgramData\TEMP:16F42F1F
AlternateDataStreams: C:\ProgramData\TEMP:18345E10
AlternateDataStreams: C:\ProgramData\TEMP:19C541B5
AlternateDataStreams: C:\ProgramData\TEMP:1CDEDE11
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:213AFE42
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:32AA69ED
AlternateDataStreams: C:\ProgramData\TEMP:4111E573
AlternateDataStreams: C:\ProgramData\TEMP:413177C4
AlternateDataStreams: C:\ProgramData\TEMP:4149A170
AlternateDataStreams: C:\ProgramData\TEMP:425759C6
AlternateDataStreams: C:\ProgramData\TEMP:432EC713
AlternateDataStreams: C:\ProgramData\TEMP:43DA85AC
AlternateDataStreams: C:\ProgramData\TEMP:45335F0B
AlternateDataStreams: C:\ProgramData\TEMP:4AA2F6A9
AlternateDataStreams: C:\ProgramData\TEMP:4C16B46B
AlternateDataStreams: C:\ProgramData\TEMP:4C3504B5
AlternateDataStreams: C:\ProgramData\TEMP:4F7D133D
AlternateDataStreams: C:\ProgramData\TEMP:5106F19A
AlternateDataStreams: C:\ProgramData\TEMP:52329B88
AlternateDataStreams: C:\ProgramData\TEMP:52A22573
AlternateDataStreams: C:\ProgramData\TEMP:54531C7D
AlternateDataStreams: C:\ProgramData\TEMP:5607B58C
AlternateDataStreams: C:\ProgramData\TEMP:5C02B7AF
AlternateDataStreams: C:\ProgramData\TEMP:5C9A6C78
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:5E9E3A14
AlternateDataStreams: C:\ProgramData\TEMP:60C897F3
AlternateDataStreams: C:\ProgramData\TEMP:60F5A2F7
AlternateDataStreams: C:\ProgramData\TEMP:61C6B926
AlternateDataStreams: C:\ProgramData\TEMP:6352F3F9
AlternateDataStreams: C:\ProgramData\TEMP:663B62CA
AlternateDataStreams: C:\ProgramData\TEMP:67396145
AlternateDataStreams: C:\ProgramData\TEMP:6765A8A9
AlternateDataStreams: C:\ProgramData\TEMP:691F4D97
AlternateDataStreams: C:\ProgramData\TEMP:6D65CED0
AlternateDataStreams: C:\ProgramData\TEMP:71112705
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
AlternateDataStreams: C:\ProgramData\TEMP:78739EC9
AlternateDataStreams: C:\ProgramData\TEMP:7EC01D6D
AlternateDataStreams: C:\ProgramData\TEMP:865F21BF
AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DD
AlternateDataStreams: C:\ProgramData\TEMP:8967C154
AlternateDataStreams: C:\ProgramData\TEMP:89A5891E
AlternateDataStreams: C:\ProgramData\TEMP:8AED9359
AlternateDataStreams: C:\ProgramData\TEMP:8B3C3098
AlternateDataStreams: C:\ProgramData\TEMP:8C12CFCD
AlternateDataStreams: C:\ProgramData\TEMP:8CCDAB14
AlternateDataStreams: C:\ProgramData\TEMP:8DC85A87
AlternateDataStreams: C:\ProgramData\TEMP:8DD20B4A
AlternateDataStreams: C:\ProgramData\TEMP:91FF95D8
AlternateDataStreams: C:\ProgramData\TEMP:928DF32E
AlternateDataStreams: C:\ProgramData\TEMP:96838F8A
AlternateDataStreams: C:\ProgramData\TEMP:9A88B65D
AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4
AlternateDataStreams: C:\ProgramData\TEMP:9D2DE4B4
AlternateDataStreams: C:\ProgramData\TEMP:A43B789A
AlternateDataStreams: C:\ProgramData\TEMP:A479BCC9
AlternateDataStreams: C:\ProgramData\TEMP:A6A65B80
AlternateDataStreams: C:\ProgramData\TEMP:A6CDBCAC
AlternateDataStreams: C:\ProgramData\TEMP:A8369371
AlternateDataStreams: C:\ProgramData\TEMP:A899E64E
AlternateDataStreams: C:\ProgramData\TEMP:AA18FA3A
AlternateDataStreams: C:\ProgramData\TEMP:AA93EFD3
AlternateDataStreams: C:\ProgramData\TEMP:AAAAEECA
AlternateDataStreams: C:\ProgramData\TEMP:AB03533D
AlternateDataStreams: C:\ProgramData\TEMP:B01EC114
AlternateDataStreams: C:\ProgramData\TEMP:B4530133
AlternateDataStreams: C:\ProgramData\TEMP:B8408597
AlternateDataStreams: C:\ProgramData\TEMP:BACC4A79
AlternateDataStreams: C:\ProgramData\TEMP:BAFAD1DF
AlternateDataStreams: C:\ProgramData\TEMP:BD932D90
AlternateDataStreams: C:\ProgramData\TEMP:C46848E8
AlternateDataStreams: C:\ProgramData\TEMP:C5340FA1
AlternateDataStreams: C:\ProgramData\TEMP:C69BA1D0
AlternateDataStreams: C:\ProgramData\TEMP:CAF8DAC8
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:CBAB74CB
AlternateDataStreams: C:\ProgramData\TEMP:CD5D93E7
AlternateDataStreams: C:\ProgramData\TEMP:CE707633
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06
AlternateDataStreams: C:\ProgramData\TEMP:D418CF95
AlternateDataStreams: C:\ProgramData\TEMP:D61EB62D
AlternateDataStreams: C:\ProgramData\TEMP:D64DD961
AlternateDataStreams: C:\ProgramData\TEMP:D750EF68
AlternateDataStreams: C:\ProgramData\TEMP:D7C0213D
AlternateDataStreams: C:\ProgramData\TEMP:D8D58038
AlternateDataStreams: C:\ProgramData\TEMP:E1ABC2C7
AlternateDataStreams: C:\ProgramData\TEMP:E266F325
AlternateDataStreams: C:\ProgramData\TEMP:E446CB48
AlternateDataStreams: C:\ProgramData\TEMP:E96A2658
AlternateDataStreams: C:\ProgramData\TEMP:EC769091
AlternateDataStreams: C:\ProgramData\TEMP:ED6B6C83
AlternateDataStreams: C:\ProgramData\TEMP:ED92736E
AlternateDataStreams: C:\ProgramData\TEMP:EFECABA9
AlternateDataStreams: C:\ProgramData\TEMP:F123F8B9
AlternateDataStreams: C:\ProgramData\TEMP:F2AF86D9
AlternateDataStreams: C:\ProgramData\TEMP:F2E878EB
AlternateDataStreams: C:\ProgramData\TEMP:F4362715
AlternateDataStreams: C:\ProgramData\TEMP:F6910DB1
AlternateDataStreams: C:\ProgramData\TEMP:FC414D14
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============

HKU\S-1-5-21-690356491-1174369309-2236414189-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-690356491-1174369309-2236414189-1000\Software\Classes\exefile:  <===== ATTENTION!

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2014 08:30:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 08:29:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/20/2014 08:29:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/20/2014 07:00:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 06:58:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/20/2014 06:58:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/19/2014 08:54:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 08:53:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/19/2014 08:53:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/19/2014 04:39:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/20/2014 08:28:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/20/2014 06:58:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/19/2014 08:52:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/19/2014 04:38:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/19/2014 07:23:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/18/2014 06:28:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/17/2014 02:44:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/17/2014 11:34:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/17/2014 08:24:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/16/2014 02:54:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (05/20/2014 08:30:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 08:29:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (05/20/2014 08:29:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (05/20/2014 07:00:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 06:58:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (05/20/2014 06:58:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (05/19/2014 08:54:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 08:53:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (05/19/2014 08:53:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (05/19/2014 04:39:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 7369.05 MB
Available physical RAM: 5638.48 MB
Total Pagefile: 14736.27 MB
Available Pagefile: 12921.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:920.13 GB) (Free:840.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EC7BDCE1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=27)

==================== End Of Log ============================

Danke schon mal im Voraus.

LG

Martina

schrauber · 21.05.2014, 07:37

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

MaKenobby · 21.05.2014, 08:52

Hi Schrauber,

anbei die combofix.txt

Code:

ATTFilter

ComboFix 14-05-19.01 - Martina 21.05.2014   9:34.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.7369.6337 [GMT 2:00]
ausgeführt von:: c:\users\Martina\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-21 bis 2014-05-21  ))))))))))))))))))))))))))))))
.
.
2014-05-21 07:41 . 2014-05-21 07:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-20 07:52 . 2014-05-20 07:53	--------	d-----w-	C:\FRST
2014-05-15 16:42 . 2014-05-15 16:42	--------	d-----w-	c:\users\Martina\AppData\Roaming\unikgame
2014-05-13 12:20 . 2014-05-13 12:20	235800	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2014-05-13 12:20 . 2014-05-13 12:20	273176	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2014-05-13 12:06 . 2014-05-13 12:06	323352	----a-w-	c:\windows\system32\drivers\avgloga.sys
2014-05-13 12:05 . 2014-05-13 12:05	191768	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2014-05-13 12:05 . 2014-05-13 12:05	152344	----a-w-	c:\windows\system32\drivers\avgdiska.sys
2014-05-13 12:05 . 2014-05-13 12:05	130328	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2014-05-13 12:04 . 2014-05-13 12:04	236312	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2014-05-13 12:04 . 2014-05-13 12:04	31512	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2014-05-12 22:36 . 2014-05-12 22:36	--------	d-----w-	c:\users\Martina\AppData\Roaming\GameInvest
2014-05-04 14:54 . 2014-05-04 14:55	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2014-05-03 06:27 . 2014-05-03 06:30	--------	d-----w-	c:\programdata\Emberwind
2014-05-03 06:25 . 2014-05-03 06:25	419840	----a-w-	c:\windows\system32\wrap_oal.dll
2014-05-03 06:25 . 2014-05-03 06:25	413696	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2014-05-03 06:25 . 2014-05-03 06:25	133632	----a-w-	c:\windows\system32\OpenAL32.dll
2014-05-03 06:25 . 2014-05-03 06:25	--------	d-----w-	c:\program files (x86)\OpenAL
2014-05-03 06:25 . 2014-05-03 06:25	110592	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2014-05-02 10:23 . 2014-05-02 10:23	--------	d-----w-	c:\programdata\Magic-Heroes
2014-05-01 11:19 . 2014-05-03 06:34	--------	d-----w-	c:\program files (x86)\RealArcade
2014-04-30 16:55 . 2014-04-30 16:55	--------	d-----w-	c:\programdata\PlayFirst
2014-04-30 16:55 . 2014-04-30 16:55	--------	d-----w-	c:\program files (x86)\Online Games Manager
2014-04-30 16:55 . 2014-05-01 11:20	--------	d-----w-	c:\programdata\Trymedia
2014-04-26 19:36 . 2014-04-26 19:36	--------	d-----w-	c:\users\Martina\AppData\Roaming\LDW
2014-04-23 16:52 . 2014-04-23 16:52	--------	d-----w-	c:\programdata\Beanbag Studios
2014-04-23 16:47 . 2014-04-23 16:47	--------	d-----w-	c:\programdata\Brainiversity2
2014-04-23 15:47 . 2014-04-23 15:47	--------	d-----w-	c:\programdata\MisteryRiddles
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-10-02 1090912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-05-13 5181456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R3 DIRECTIO;DIRECTIO;UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys;UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-03 20:06	244696	----a-w-	c:\users\Martina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-03 20:06	244696	----a-w-	c:\users\Martina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-03 20:06	244696	----a-w-	c:\users\Martina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" [2012-04-11 97280]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: Interfaces\{0F245E3B-7DC2-4299-BED7-9089C5A77AA1}: NameServer = 62.109.121.1 62.109.121.2
TCP: Interfaces\{441E04CD-6116-4027-919E-D2D34375EACE}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_1213b - c:\users\Martina\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-SkyDriveSetup.exe - c:\users\Martina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveSetup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-21  09:43:57
ComboFix-quarantined-files.txt  2014-05-21 07:43
.
Vor Suchlauf: 10 Verzeichnis(se), 902.654.382.080 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 903.833.493.504 Bytes frei
.
- - End Of File - - B9A6C7F331BD90810CC0FD2C14E8F381
A36C5E4F47E84449FF07ED3517B43A31

LG
Martina

schrauber · 22.05.2014, 08:31

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

MaKenobby · 26.05.2014, 09:56

Hallo Schrauber,

sorry das es etwas gedauert hat.
Ich hoffe ich habe alles richtig gemacht.

Also, 1. Malware

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.05.2014
Suchlauf-Zeit: 10:06:55
Logdatei: MWB Suchlauf-Protokoll.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.02.20.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Martina

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 241237
Verstrichene Zeit: 5 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.5, In Quarantäne, [b297ea153446bc7a2d83276872902ad6], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 2
PUP.Optional.NationZoom.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.nationzoom.com/?type=hp&ts=1386605906&from=tugs&uid=TOSHIBAXDT01ACA100_X384KT6NSXXX384KT6NSX, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.nationzoom.com/?type=hp&ts=1386605906&from=tugs&uid=TOSHIBAXDT01ACA100_X384KT6NSXXX384KT6NSX),Ersetzt,[1a2fc33c1367ec4ab1ea60c5ae5612ee]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[4affdd227ffb1e18321149e66b99f808]

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

2. ADW

Code:

ATTFilter

# AdwCleaner v3.211 - Bericht erstellt am 26/05/2014 um 10:28:04
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Martina - MARTINA-PC
# Gestartet von : C:\Users\Martina\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Alawar
Ordner Gelöscht : C:\ProgramData\AlawarWrapper
Ordner Gelöscht : C:\Program Files (x86)\Alawar
Ordner Gelöscht : C:\Users\Martina\AppData\Local\AlawarWrapper
Ordner Gelöscht : C:\Users\Martina\AppData\Roaming\Alawar
Ordner Gelöscht : C:\Users\Public\Documents\AlawarWrapper

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\Software
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1386605906&from=tugs&uid=TOSHIBAXDT01ACA100_X384KT6NSXXX384KT6NSX");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1815 octets] - [26/05/2014 10:24:20]
AdwCleaner[S0].txt - [1626 octets] - [26/05/2014 10:28:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1686 octets] ##########

3. Junkware Removal

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Martina on 26.05.2014 at 10:33:30,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\bigfishcache"



~~~ FireFox

Emptied folder: C:\Users\Martina\AppData\Roaming\mozilla\firefox\profiles\wcyk0en5.default\minidumps [92 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.05.2014 at 10:42:04,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und das neue FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Martina (administrator) on MARTINA-PC on 26-05-2014 10:47:11
Running from C:\Users\Martina\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-690356491-1174369309-2236414189-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {FC739C94-F44E-4EBA-9B70-87AB45DFD999} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - {FC739C94-F44E-4EBA-9B70-87AB45DFD999} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\..\Interfaces\{441E04CD-6116-4027-919E-D2D34375EACE}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-25]
FF Extension: Noia 4 Theme Manager - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\Noia4Options@ArisT2.xpi [2013-11-03]
FF Extension: Noia Fox options - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\NoiaFoxoption@davidvincent.tld.xpi [2013-11-03]
FF Extension: Personas Plus - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\personas@christopher.beard.xpi [2013-11-03]
FF Extension: No Name - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2013-11-03]
FF Extension: AniWeather - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2013-11-03]
FF Extension: KOLOBOK Smiles - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{5CEFD22F-9A9E-4544-9BFC-C4F2FBCA87D6}.xpi [2013-11-03]
FF Extension: eCleaner - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2013-11-03]
FF Extension: Ecosia - The search engine that plants trees - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2013-11-03]
FF Extension: Adblock Plus - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-03]
FF Extension: BetterPrivacy - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-12-09]
FF Extension: Extended Statusbar - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi [2013-11-03]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-11-16] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-11-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-26 10:47 - 2014-05-26 10:47 - 00010588 _____ () C:\Users\Martina\Desktop\FRST.txt
2014-05-26 10:46 - 2014-05-26 10:46 - 00001934 _____ () C:\Users\Martina\Desktop\MWB Suchlauf-Protokoll.txt
2014-05-26 10:46 - 2014-05-26 10:46 - 00000000 ____D () C:\Users\Martina\Desktop\FRST-OlderVersion
2014-05-26 10:42 - 2014-05-26 10:42 - 00000939 _____ () C:\Users\Martina\Desktop\JRT.txt
2014-05-26 10:32 - 2014-05-26 10:32 - 00001936 _____ () C:\Users\Martina\Malw. Suchlauf Protokoll.txt
2014-05-26 10:29 - 2014-05-26 10:29 - 00001766 _____ () C:\Users\Martina\Desktop\AdwCleaner[S0].txt
2014-05-26 10:24 - 2014-05-26 10:28 - 00000000 ____D () C:\AdwCleaner
2014-05-26 10:06 - 2014-05-26 10:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 10:06 - 2014-05-26 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 10:06 - 2014-05-26 10:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 10:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 10:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 10:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-22 22:23 - 2014-05-22 22:23 - 00001800 _____ () C:\Users\Public\Desktop\ANNO 1503.lnk
2014-05-22 22:20 - 2014-05-22 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 GOLD
2014-05-21 23:43 - 2014-05-21 23:43 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\cerasus.media
2014-05-21 23:43 - 2014-05-21 23:43 - 00000000 ____D () C:\ProgramData\cerasus.media
2014-05-21 23:42 - 2014-05-21 23:42 - 00000961 _____ () C:\Users\Public\Desktop\MahJongg - Ancient Mayas.lnk
2014-05-21 23:42 - 2014-05-21 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freundin-Games
2014-05-21 09:32 - 2014-05-21 09:43 - 00000000 ____D () C:\Qoobox
2014-05-21 09:32 - 2014-05-21 09:42 - 00000000 ____D () C:\Windows\erdnt
2014-05-21 09:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-21 09:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-21 09:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-21 09:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-21 09:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-21 09:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-21 09:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-21 09:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-20 10:23 - 2014-05-26 10:43 - 00000000 ____D () C:\Users\Martina\Desktop\Neuer Ordner
2014-05-20 09:52 - 2014-05-26 10:47 - 00000000 ____D () C:\FRST
2014-05-20 09:51 - 2014-05-26 10:46 - 02066944 _____ (Farbar) C:\Users\Martina\Desktop\FRST64.exe
2014-05-20 07:38 - 2014-05-20 07:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-17 15:52 - 2014-05-17 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradewinds Caravans
2014-05-16 20:03 - 2014-05-16 20:03 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Up
2014-05-16 20:03 - 2014-05-16 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Up
2014-05-16 19:48 - 2014-05-16 19:48 - 00001743 _____ () C:\Users\Public\Desktop\The Snow Fable.lnk
2014-05-16 19:48 - 2014-05-16 19:48 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Snow Fable
2014-05-16 19:48 - 2014-05-16 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Snow Fable
2014-05-15 18:42 - 2014-05-15 18:42 - 00001888 _____ () C:\Users\Martina\Desktop\Mystika 2 - The Sanctuary.lnk
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\unikgame
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystika 2 - The Sanctuary
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystika 2 - The Sanctuary
2014-05-14 23:24 - 2014-05-15 00:39 - 00000000 ____D () C:\Users\Martina\Documents\Big Bang West
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-13 00:36 - 2014-05-13 00:36 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\GameInvest
2014-05-13 00:34 - 2014-05-13 00:34 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Zellians - Kingdom Builder
2014-05-13 00:34 - 2014-05-13 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Zellians - Kingdom Builder
2014-05-11 09:46 - 2014-05-11 09:46 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forgotten Books - The Enchanted Crown Collectors Edition
2014-05-11 09:46 - 2014-05-11 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forgotten Books - The Enchanted Crown Collectors Edition
2014-05-07 13:01 - 2014-05-07 13:01 - 00017047 _____ () C:\Users\Martina\Documents\Mietvertrag Wohnungsbörse.odt
2014-05-04 16:54 - 2014-05-04 16:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-03 08:27 - 2014-05-03 08:30 - 00000000 ____D () C:\ProgramData\Emberwind
2014-05-03 08:25 - 2014-05-03 08:25 - 00419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-05-02 12:23 - 2014-05-02 12:23 - 00000000 ____D () C:\ProgramData\Magic-Heroes
2014-05-02 12:06 - 2014-05-02 12:06 - 00001923 _____ () C:\Users\Public\Desktop\Magic Heroes - Save Our Park.lnk
2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic Heroes - Save Our Park
2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Heroes - Save Our Park
2014-05-01 13:19 - 2014-05-03 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2014-05-01 13:19 - 2014-05-03 08:34 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 ____D () C:\Program Files (x86)\Online Games Manager
2014-04-30 18:52 - 2014-04-30 18:52 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\WinRAR
2014-04-27 18:54 - 2014-04-27 18:54 - 00000000 ____D () C:\Users\Martina\Documents\PassionFruit Games
2014-04-26 21:36 - 2014-04-26 21:36 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\LDW
2014-04-26 21:11 - 2014-05-11 17:00 - 00000000 ____D () C:\Users\Martina\Documents\LDW
2014-04-26 21:06 - 2014-04-26 21:06 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tiger Eye - Part I - Curse of the Riddle Box
2014-04-26 21:06 - 2014-04-26 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiger Eye - Part I - Curse of the Riddle Box

==================== One Month Modified Files and Folders =======

2014-05-26 10:47 - 2014-05-26 10:47 - 00010588 _____ () C:\Users\Martina\Desktop\FRST.txt
2014-05-26 10:47 - 2014-05-20 09:52 - 00000000 ____D () C:\FRST
2014-05-26 10:46 - 2014-05-26 10:46 - 00001934 _____ () C:\Users\Martina\Desktop\MWB Suchlauf-Protokoll.txt
2014-05-26 10:46 - 2014-05-26 10:46 - 00000000 ____D () C:\Users\Martina\Desktop\FRST-OlderVersion
2014-05-26 10:46 - 2014-05-20 09:51 - 02066944 _____ (Farbar) C:\Users\Martina\Desktop\FRST64.exe
2014-05-26 10:43 - 2014-05-20 10:23 - 00000000 ____D () C:\Users\Martina\Desktop\Neuer Ordner
2014-05-26 10:42 - 2014-05-26 10:42 - 00000939 _____ () C:\Users\Martina\Desktop\JRT.txt
2014-05-26 10:36 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 10:36 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 10:33 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 10:33 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 10:33 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-26 10:32 - 2014-05-26 10:32 - 00001936 _____ () C:\Users\Martina\Malw. Suchlauf Protokoll.txt
2014-05-26 10:32 - 2013-11-03 20:34 - 00000000 ____D () C:\Users\Martina
2014-05-26 10:29 - 2014-05-26 10:29 - 00001766 _____ () C:\Users\Martina\Desktop\AdwCleaner[S0].txt
2014-05-26 10:29 - 2014-05-26 10:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 10:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 10:29 - 2009-07-14 06:51 - 00074039 _____ () C:\Windows\setupact.log
2014-05-26 10:28 - 2014-05-26 10:24 - 00000000 ____D () C:\AdwCleaner
2014-05-26 10:28 - 2013-11-03 20:32 - 01382598 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 10:28 - 2010-11-21 05:47 - 00459318 _____ () C:\Windows\PFRO.log
2014-05-26 10:06 - 2014-05-26 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 10:06 - 2014-05-26 10:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 10:06 - 2013-12-09 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 09:14 - 2013-11-03 22:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-23 18:05 - 2013-11-17 18:20 - 00000000 ____D () C:\Users\Martina\AppData\Local\CrashDumps
2014-05-22 22:37 - 2013-11-04 07:43 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-22 22:23 - 2014-05-22 22:23 - 00001800 _____ () C:\Users\Public\Desktop\ANNO 1503.lnk
2014-05-22 22:23 - 2014-05-22 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 GOLD
2014-05-22 22:20 - 2013-11-16 19:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-22 22:19 - 2013-12-11 01:00 - 00000000 ____D () C:\Spiele (Programme)
2014-05-21 23:43 - 2014-05-21 23:43 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\cerasus.media
2014-05-21 23:43 - 2014-05-21 23:43 - 00000000 ____D () C:\ProgramData\cerasus.media
2014-05-21 23:42 - 2014-05-21 23:42 - 00000961 _____ () C:\Users\Public\Desktop\MahJongg - Ancient Mayas.lnk
2014-05-21 23:42 - 2014-05-21 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freundin-Games
2014-05-21 22:33 - 2013-11-17 22:37 - 00000000 ___RD () C:\Users\Martina\Desktop\Games
2014-05-21 09:43 - 2014-05-21 09:32 - 00000000 ____D () C:\Qoobox
2014-05-21 09:42 - 2014-05-21 09:32 - 00000000 ____D () C:\Windows\erdnt
2014-05-21 09:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-20 08:28 - 2013-11-17 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-20 08:26 - 2014-04-04 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-20 07:38 - 2014-05-20 07:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-18 20:32 - 2013-11-13 15:35 - 00000000 ___RD () C:\Users\Martina\Desktop\Mieter & Verträge
2014-05-18 06:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-17 15:52 - 2014-05-17 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradewinds Caravans
2014-05-17 15:52 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-16 20:04 - 2014-02-13 01:47 - 00001722 _____ () C:\Users\Public\Desktop\Farm Up.lnk
2014-05-16 20:03 - 2014-05-16 20:03 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Up
2014-05-16 20:03 - 2014-05-16 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Up
2014-05-16 19:59 - 2013-11-18 16:15 - 00000000 ___RD () C:\MaBluEden
2014-05-16 19:59 - 2013-11-04 23:18 - 00000000 ___RD () C:\Users\Martina\AppData\Roaming\Realore
2014-05-16 19:48 - 2014-05-16 19:48 - 00001743 _____ () C:\Users\Public\Desktop\The Snow Fable.lnk
2014-05-16 19:48 - 2014-05-16 19:48 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Snow Fable
2014-05-16 19:48 - 2014-05-16 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Snow Fable
2014-05-15 18:42 - 2014-05-15 18:42 - 00001888 _____ () C:\Users\Martina\Desktop\Mystika 2 - The Sanctuary.lnk
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\unikgame
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystika 2 - The Sanctuary
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystika 2 - The Sanctuary
2014-05-15 00:39 - 2014-05-14 23:24 - 00000000 ____D () C:\Users\Martina\Documents\Big Bang West
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-13 00:36 - 2014-05-13 00:36 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\GameInvest
2014-05-13 00:34 - 2014-05-13 00:34 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Zellians - Kingdom Builder
2014-05-13 00:34 - 2014-05-13 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Zellians - Kingdom Builder
2014-05-12 07:26 - 2014-05-26 10:06 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-26 10:06 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 10:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 21:27 - 2013-11-06 08:46 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\AlawarEntertainment
2014-05-11 17:12 - 2013-12-24 23:15 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\ERS Game Studios
2014-05-11 17:00 - 2014-04-26 21:11 - 00000000 ____D () C:\Users\Martina\Documents\LDW
2014-05-11 09:46 - 2014-05-11 09:46 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forgotten Books - The Enchanted Crown Collectors Edition
2014-05-11 09:46 - 2014-05-11 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forgotten Books - The Enchanted Crown Collectors Edition
2014-05-08 08:39 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-07 13:01 - 2014-05-07 13:01 - 00017047 _____ () C:\Users\Martina\Documents\Mietvertrag Wohnungsbörse.odt
2014-05-04 16:55 - 2014-05-04 16:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-03 08:34 - 2014-05-01 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2014-05-03 08:34 - 2014-05-01 13:19 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-05-03 08:30 - 2014-05-03 08:27 - 00000000 ____D () C:\ProgramData\Emberwind
2014-05-03 08:25 - 2014-05-03 08:25 - 00419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-05-02 12:23 - 2014-05-02 12:23 - 00000000 ____D () C:\ProgramData\Magic-Heroes
2014-05-02 12:06 - 2014-05-02 12:06 - 00001923 _____ () C:\Users\Public\Desktop\Magic Heroes - Save Our Park.lnk
2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic Heroes - Save Our Park
2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Heroes - Save Our Park
2014-05-01 13:46 - 2013-11-17 16:18 - 00000000 ____D () C:\Users\Martina\AppData\Local\VirtualStore
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 ____D () C:\Program Files (x86)\Online Games Manager
2014-04-30 18:55 - 2013-11-13 17:01 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\PlayFirst
2014-04-30 18:52 - 2014-04-30 18:52 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\WinRAR
2014-04-27 18:54 - 2014-04-27 18:54 - 00000000 ____D () C:\Users\Martina\Documents\PassionFruit Games
2014-04-26 21:36 - 2014-04-26 21:36 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\LDW
2014-04-26 21:06 - 2014-04-26 21:06 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tiger Eye - Part I - Curse of the Riddle Box
2014-04-26 21:06 - 2014-04-26 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiger Eye - Part I - Curse of the Riddle Box

Some content of TEMP:
====================
C:\Users\Martina\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Martina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 10:00

==================== End Of Log ============================

--- --- ---

--- --- ---

LG
Martina

schrauber · 27.05.2014, 11:35

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

MaKenobby · 29.05.2014, 10:28

Zitat:

Zitat von schrauber

Noch Probleme?

Sieht nicht so aus

und hier die gewünschten Logfiles.

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=92e2e47536e5a44ab26633612dce0cd2
# engine=18453
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-29 08:54:59
# local_time=2014-05-29 10:54:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17752278 152983549 0 0
# scanned=289056
# found=1
# cleaned=0
# scan_time=4701
sh=BD7191934AD2B1159ABFD20C26A0EF8E870015EC ft=1 fh=3d9a72fb821c127c vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Spiele (Programme)\Farm_Up\Farm_Up.exe"

Security Check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus Free Edition 2014   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 12.0.0.43 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1) 
 Mozilla Thunderbird (24.5.0) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 Online Games Manager ogmservice.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und das neue FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Martina (administrator) on MARTINA-PC on 29-05-2014 11:16:33
Running from C:\Users\Martina\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-690356491-1174369309-2236414189-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {FC739C94-F44E-4EBA-9B70-87AB45DFD999} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - {FC739C94-F44E-4EBA-9B70-87AB45DFD999} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\..\Interfaces\{0F245E3B-7DC2-4299-BED7-9089C5A77AA1}: [NameServer]62.109.121.2 62.109.121.1
Tcpip\..\Interfaces\{441E04CD-6116-4027-919E-D2D34375EACE}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-25]
FF Extension: Noia 4 Theme Manager - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\Noia4Options@ArisT2.xpi [2013-11-03]
FF Extension: Noia Fox options - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\NoiaFoxoption@davidvincent.tld.xpi [2013-11-03]
FF Extension: Personas Plus - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\personas@christopher.beard.xpi [2013-11-03]
FF Extension: No Name - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2013-11-03]
FF Extension: AniWeather - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2013-11-03]
FF Extension: KOLOBOK Smiles - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{5CEFD22F-9A9E-4544-9BFC-C4F2FBCA87D6}.xpi [2013-11-03]
FF Extension: eCleaner - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2013-11-03]
FF Extension: Ecosia - The search engine that plants trees - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2013-11-03]
FF Extension: Adblock Plus - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-03]
FF Extension: BetterPrivacy - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-12-09]
FF Extension: Extended Statusbar - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\wcyk0en5.default\Extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi [2013-11-03]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-11-16] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-11-16] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 11:16 - 2014-05-29 11:16 - 00009341 _____ () C:\Users\Martina\Desktop\FRST.txt
2014-05-29 11:15 - 2014-05-29 11:15 - 00000835 _____ () C:\Users\Martina\Desktop\checkup.txt
2014-05-29 11:04 - 2014-05-29 11:04 - 00854367 _____ () C:\Users\Martina\Desktop\SecurityCheck.exe
2014-05-26 12:12 - 2014-05-26 12:12 - 00000000 ____D () C:\BigFishCache
2014-05-26 10:46 - 2014-05-26 10:46 - 00000000 ____D () C:\Users\Martina\Desktop\FRST-OlderVersion
2014-05-26 10:32 - 2014-05-26 10:32 - 00001936 _____ () C:\Users\Martina\Malw. Suchlauf Protokoll.txt
2014-05-26 10:24 - 2014-05-26 10:28 - 00000000 ____D () C:\AdwCleaner
2014-05-26 10:06 - 2014-05-26 10:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 10:06 - 2014-05-26 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 10:06 - 2014-05-26 10:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 10:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 10:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 10:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-22 22:23 - 2014-05-22 22:23 - 00001800 _____ () C:\Users\Public\Desktop\ANNO 1503.lnk
2014-05-22 22:20 - 2014-05-22 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 GOLD
2014-05-21 23:43 - 2014-05-21 23:43 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\cerasus.media
2014-05-21 23:43 - 2014-05-21 23:43 - 00000000 ____D () C:\ProgramData\cerasus.media
2014-05-21 23:42 - 2014-05-21 23:42 - 00000961 _____ () C:\Users\Public\Desktop\MahJongg - Ancient Mayas.lnk
2014-05-21 23:42 - 2014-05-21 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freundin-Games
2014-05-21 09:32 - 2014-05-21 09:43 - 00000000 ____D () C:\Qoobox
2014-05-21 09:32 - 2014-05-21 09:42 - 00000000 ____D () C:\Windows\erdnt
2014-05-21 09:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-21 09:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-21 09:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-21 09:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-21 09:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-21 09:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-21 09:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-21 09:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-20 10:23 - 2014-05-29 11:16 - 00000000 ____D () C:\Users\Martina\Desktop\Neuer Ordner
2014-05-20 09:52 - 2014-05-29 11:16 - 00000000 ____D () C:\FRST
2014-05-20 09:51 - 2014-05-26 10:46 - 02066944 _____ (Farbar) C:\Users\Martina\Desktop\FRST64.exe
2014-05-20 07:38 - 2014-05-20 07:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-17 15:52 - 2014-05-17 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradewinds Caravans
2014-05-16 20:03 - 2014-05-16 20:03 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Up
2014-05-16 20:03 - 2014-05-16 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Up
2014-05-16 19:48 - 2014-05-16 19:48 - 00001743 _____ () C:\Users\Public\Desktop\The Snow Fable.lnk
2014-05-16 19:48 - 2014-05-16 19:48 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Snow Fable
2014-05-16 19:48 - 2014-05-16 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Snow Fable
2014-05-15 18:42 - 2014-05-15 18:42 - 00001888 _____ () C:\Users\Martina\Desktop\Mystika 2 - The Sanctuary.lnk
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\unikgame
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystika 2 - The Sanctuary
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystika 2 - The Sanctuary
2014-05-14 23:24 - 2014-05-15 00:39 - 00000000 ____D () C:\Users\Martina\Documents\Big Bang West
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-13 00:36 - 2014-05-13 00:36 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\GameInvest
2014-05-13 00:34 - 2014-05-13 00:34 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Zellians - Kingdom Builder
2014-05-13 00:34 - 2014-05-13 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Zellians - Kingdom Builder
2014-05-11 09:46 - 2014-05-11 09:46 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forgotten Books - The Enchanted Crown Collectors Edition
2014-05-11 09:46 - 2014-05-11 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forgotten Books - The Enchanted Crown Collectors Edition
2014-05-07 13:01 - 2014-05-07 13:01 - 00017047 _____ () C:\Users\Martina\Documents\Mietvertrag Wohnungsbörse.odt
2014-05-04 16:54 - 2014-05-04 16:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-03 08:27 - 2014-05-03 08:30 - 00000000 ____D () C:\ProgramData\Emberwind
2014-05-03 08:25 - 2014-05-03 08:25 - 00419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-05-02 12:23 - 2014-05-02 12:23 - 00000000 ____D () C:\ProgramData\Magic-Heroes
2014-05-02 12:06 - 2014-05-02 12:06 - 00001923 _____ () C:\Users\Public\Desktop\Magic Heroes - Save Our Park.lnk
2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic Heroes - Save Our Park
2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Heroes - Save Our Park
2014-05-01 13:19 - 2014-05-03 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2014-05-01 13:19 - 2014-05-03 08:34 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 ____D () C:\Program Files (x86)\Online Games Manager
2014-04-30 18:52 - 2014-04-30 18:52 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\WinRAR

==================== One Month Modified Files and Folders =======

2014-05-29 11:16 - 2014-05-29 11:16 - 00009341 _____ () C:\Users\Martina\Desktop\FRST.txt
2014-05-29 11:16 - 2014-05-20 10:23 - 00000000 ____D () C:\Users\Martina\Desktop\Neuer Ordner
2014-05-29 11:16 - 2014-05-20 09:52 - 00000000 ____D () C:\FRST
2014-05-29 11:15 - 2014-05-29 11:15 - 00000835 _____ () C:\Users\Martina\Desktop\checkup.txt
2014-05-29 11:04 - 2014-05-29 11:04 - 00854367 _____ () C:\Users\Martina\Desktop\SecurityCheck.exe
2014-05-29 09:20 - 2013-11-03 22:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-29 08:46 - 2013-11-03 20:32 - 01561723 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 07:46 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 07:46 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 07:43 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-05-29 07:43 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-05-29 07:43 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 07:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 07:39 - 2009-07-14 06:51 - 00074431 _____ () C:\Windows\setupact.log
2014-05-26 12:12 - 2014-05-26 12:12 - 00000000 ____D () C:\BigFishCache
2014-05-26 10:46 - 2014-05-26 10:46 - 00000000 ____D () C:\Users\Martina\Desktop\FRST-OlderVersion
2014-05-26 10:46 - 2014-05-20 09:51 - 02066944 _____ (Farbar) C:\Users\Martina\Desktop\FRST64.exe
2014-05-26 10:32 - 2014-05-26 10:32 - 00001936 _____ () C:\Users\Martina\Malw. Suchlauf Protokoll.txt
2014-05-26 10:32 - 2013-11-03 20:34 - 00000000 ____D () C:\Users\Martina
2014-05-26 10:29 - 2014-05-26 10:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 10:28 - 2014-05-26 10:24 - 00000000 ____D () C:\AdwCleaner
2014-05-26 10:28 - 2010-11-21 05:47 - 00459318 _____ () C:\Windows\PFRO.log
2014-05-26 10:06 - 2014-05-26 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 10:06 - 2014-05-26 10:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 10:06 - 2013-12-09 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-23 18:05 - 2013-11-17 18:20 - 00000000 ____D () C:\Users\Martina\AppData\Local\CrashDumps
2014-05-22 22:37 - 2013-11-04 07:43 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-22 22:23 - 2014-05-22 22:23 - 00001800 _____ () C:\Users\Public\Desktop\ANNO 1503.lnk
2014-05-22 22:23 - 2014-05-22 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 GOLD
2014-05-22 22:20 - 2013-11-16 19:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-22 22:19 - 2013-12-11 01:00 - 00000000 ____D () C:\Spiele (Programme)
2014-05-21 23:43 - 2014-05-21 23:43 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\cerasus.media
2014-05-21 23:43 - 2014-05-21 23:43 - 00000000 ____D () C:\ProgramData\cerasus.media
2014-05-21 23:42 - 2014-05-21 23:42 - 00000961 _____ () C:\Users\Public\Desktop\MahJongg - Ancient Mayas.lnk
2014-05-21 23:42 - 2014-05-21 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freundin-Games
2014-05-21 22:33 - 2013-11-17 22:37 - 00000000 ___RD () C:\Users\Martina\Desktop\Games
2014-05-21 09:43 - 2014-05-21 09:32 - 00000000 ____D () C:\Qoobox
2014-05-21 09:42 - 2014-05-21 09:32 - 00000000 ____D () C:\Windows\erdnt
2014-05-21 09:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-20 08:28 - 2013-11-17 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-20 08:26 - 2014-04-04 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-20 07:38 - 2014-05-20 07:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-18 20:32 - 2013-11-13 15:35 - 00000000 ___RD () C:\Users\Martina\Desktop\Mieter & Verträge
2014-05-18 06:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-17 15:52 - 2014-05-17 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradewinds Caravans
2014-05-17 15:52 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-16 20:04 - 2014-02-13 01:47 - 00001722 _____ () C:\Users\Public\Desktop\Farm Up.lnk
2014-05-16 20:03 - 2014-05-16 20:03 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Up
2014-05-16 20:03 - 2014-05-16 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Up
2014-05-16 19:59 - 2013-11-18 16:15 - 00000000 ___RD () C:\MaBluEden
2014-05-16 19:59 - 2013-11-04 23:18 - 00000000 ___RD () C:\Users\Martina\AppData\Roaming\Realore
2014-05-16 19:48 - 2014-05-16 19:48 - 00001743 _____ () C:\Users\Public\Desktop\The Snow Fable.lnk
2014-05-16 19:48 - 2014-05-16 19:48 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Snow Fable
2014-05-16 19:48 - 2014-05-16 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Snow Fable
2014-05-15 18:42 - 2014-05-15 18:42 - 00001888 _____ () C:\Users\Martina\Desktop\Mystika 2 - The Sanctuary.lnk
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\unikgame
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystika 2 - The Sanctuary
2014-05-15 18:42 - 2014-05-15 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystika 2 - The Sanctuary
2014-05-15 00:39 - 2014-05-14 23:24 - 00000000 ____D () C:\Users\Martina\Documents\Big Bang West
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-13 00:36 - 2014-05-13 00:36 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\GameInvest
2014-05-13 00:34 - 2014-05-13 00:34 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Zellians - Kingdom Builder
2014-05-13 00:34 - 2014-05-13 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Zellians - Kingdom Builder
2014-05-12 07:26 - 2014-05-26 10:06 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-26 10:06 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 10:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 21:27 - 2013-11-06 08:46 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\AlawarEntertainment
2014-05-11 17:12 - 2013-12-24 23:15 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\ERS Game Studios
2014-05-11 17:00 - 2014-04-26 21:11 - 00000000 ____D () C:\Users\Martina\Documents\LDW
2014-05-11 09:46 - 2014-05-11 09:46 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forgotten Books - The Enchanted Crown Collectors Edition
2014-05-11 09:46 - 2014-05-11 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forgotten Books - The Enchanted Crown Collectors Edition
2014-05-08 08:39 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-07 13:01 - 2014-05-07 13:01 - 00017047 _____ () C:\Users\Martina\Documents\Mietvertrag Wohnungsbörse.odt
2014-05-04 16:55 - 2014-05-04 16:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-03 08:34 - 2014-05-01 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2014-05-03 08:34 - 2014-05-01 13:19 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-05-03 08:30 - 2014-05-03 08:27 - 00000000 ____D () C:\ProgramData\Emberwind
2014-05-03 08:25 - 2014-05-03 08:25 - 00419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-05-03 08:25 - 2014-05-03 08:25 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-05-02 12:23 - 2014-05-02 12:23 - 00000000 ____D () C:\ProgramData\Magic-Heroes
2014-05-02 12:06 - 2014-05-02 12:06 - 00001923 _____ () C:\Users\Public\Desktop\Magic Heroes - Save Our Park.lnk
2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magic Heroes - Save Our Park
2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Heroes - Save Our Park
2014-05-01 13:46 - 2013-11-17 16:18 - 00000000 ____D () C:\Users\Martina\AppData\Local\VirtualStore
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 ____D () C:\ProgramData\PlayFirst
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 ____D () C:\Program Files (x86)\Online Games Manager
2014-04-30 18:55 - 2013-11-13 17:01 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\PlayFirst
2014-04-30 18:52 - 2014-04-30 18:52 - 00000000 ____D () C:\Users\Martina\AppData\Roaming\WinRAR

Some content of TEMP:
====================
C:\Users\Martina\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Martina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 00:47

==================== End Of Log ============================

--- --- ---

--- --- ---

Ich sage noch ein mal herzlichen Dank
und wünsche Dir einen schönen Tag

LG
Martina

schrauber · 30.05.2014, 09:46

Flash Player updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

nach firefox update / portaldosites in jedem neuen tap

Plagegeister aller Art und deren Bekämpfung: nach firefox update / portaldosites in jedem neuen tap