Trojaner-Board - WINDOWS 7, 64bit - Werbefenster poppen auf - ständige Aufforderung Java o.ä. Updates zu machen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - WINDOWS 7, 64bit - Werbefenster poppen auf - ständige Aufforderung Java o.ä. Updates zu machen (https://www.trojaner-board.de/151434-windows-7-64bit-werbefenster-poppen-staendige-aufforderung-java-o-ae-updates.html)

WINDOWS 7, 64bit - Werbefenster poppen auf - ständige Aufforderung Java o.ä. Updates zu machen

Hallo!
Seit einiger Zeit werde ich mit Werbeanzeigen regelrecht zugebombt und im Text erscheinen einzelne Wörter doppelt grün unterstrichen. Beim Darüberfahren öffnen sich kleine Werbefenster. Sobald ich einen neuen Tab öffne geht ein leeres Fenster auf, welches mich zu interyield weiterleitet. Außerdem steht oft Ads by Buzzit da,obwohl ich Pop-ups eigentlich geblockt habe.
Ich habe unter Systemsteuerung schon einiges entfernt, dass sich irgendwie am 26.02. scheinbar selbst installiert hat, aber es ist wohl doch nicht verschwunden!

Was kann ich tun und warum zeigt Norton 360° nichts an? Muss ich da noch etwas an meinen Einstellungen ändern?

Ich habe bei euch schon ein wenig geschnüffelt und mir FRST 64 runtergeladen.
Hier ist das Ergebniß:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Sternschnuppe (administrator) on RUMPELKAMMER on 24-03-2014 17:47:48

Running from J:\Hörbücher

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\Buzz-it-soft\Buzz-it_wd.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Buzz-it-soft\Buzz-it155.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe

() C:\Program Files\IB Updater\ExtensionUpdaterService.exe

() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2011-12-23] (IDT, Inc.)

HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard )

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [EPSON Stylus DX3800 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE [98304 2005-02-08] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)

HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)

HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)

HKU\S-1-5-21-93671772-2379690000-1990322554-1000\...\Run: [IncrediMail] - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367168 2013-01-24] (IncrediMail, Ltd.)

HKU\S-1-5-21-93671772-2379690000-1990322554-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20588704 2013-11-15] (Skype Technologies S.A.)

HKU\S-1-5-21-93671772-2379690000-1990322554-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)

HKU\S-1-5-21-93671772-2379690000-1990322554-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Sternschnuppe\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

HKU\S-1-5-21-93671772-2379690000-1990322554-1000\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-02-11] (AMD)
 

==================== Internet (Whitelisted) ====================
 

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:13828

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP62DA7751-F4DA-4708-8777-B94675373D37&SSPV=

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4

SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 

SearchScopes: HKLM - {975EC1F3-19EA-448A-A407-7B1A68C9F353} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {975EC1F3-19EA-448A-A407-7B1A68C9F353} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP62DA7751-F4DA-4708-8777-B94675373D37&q={searchTerms}&SSPV=

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP62DA7751-F4DA-4708-8777-B94675373D37&q={searchTerms}&SSPV=

SearchScopes: HKCU - {45F761FE-B2E0-425E-8DD0-86E363068F44} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=4C89A030-8D9D-4096-88DC-D487BD2CAA4E&apn_sauid=441A43D9-4F97-43BC-AD6E-B48845F5B0DA

SearchScopes: HKCU - {975EC1F3-19EA-448A-A407-7B1A68C9F353} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

BHO: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()

BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default

FF DefaultSearchEngine: Google

FF SearchEngineOrder.1: Ask.com

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\1-hs-sceneto.undefined.undefined

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\amazonde-hrbuch-shop-bcher.xml

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\chefkochde.xml

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\holidaycheck.xml

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\hs-sceneto.undefined.undefined

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\weltbildde--.xml

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\youtube-videosuche.undefined.undefined

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\youtube.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: YouTube Unblocker - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\youtubeunblocker@unblocker.yt [2014-03-21]

FF Extension: Forecastfox - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-12-03]

FF Extension: Add to Search Bar - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2012-12-03]

FF Extension: MEGA - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\firefox@mega.co.nz.xpi [2014-01-16]

FF Extension: Facebook Blocker - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\info@skymeissner.com.xpi [2013-07-29]

FF Extension: Personas Plus - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\personas@christopher.beard.xpi [2012-12-03]

FF Extension: 1-Click YouTube Video Downloader - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-03-21]

FF Extension: Adblock Plus - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-03]

FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox

FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-03]

FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox

FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-03]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013-10-09]

FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
 

==================== Services (Whitelisted) =================
 

R2 Buzz-it; C:\Program Files (x86)\Buzz-it-soft\Buzz-it155.exe [192512 2014-02-26] ()

S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-25] (CyberLink)

R2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2012-11-20] ()

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
 

==================== Drivers (Whitelisted) ====================
 

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2013-04-10] ()

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-25] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-25] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140321.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2013-04-10] ()

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140324.001\ENG64.SYS [126040 2013-11-25] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140324.001\EX64.SYS [2099288 2013-11-25] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-18] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-24 17:20 - 2014-03-24 17:47 - 00000000 ____D () C:\FRST

2014-03-23 14:01 - 2014-03-23 14:01 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\Islands5_realore_bigfishgames_de

2014-03-23 13:55 - 2014-03-23 13:55 - 00001159 _____ () C:\Users\Public\Desktop\Island Tribe 5.lnk

2014-03-23 13:47 - 2014-03-23 13:49 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\NPE

2014-03-15 14:06 - 2014-03-15 14:06 - 00001331 _____ () C:\Users\Sternschnuppe\Desktop\Minecraft CHEAT EDiTiON by BlackTBK.lnk

2014-03-13 15:48 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-13 15:48 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-13 15:48 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-13 15:48 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-13 15:48 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-13 15:48 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-13 15:48 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-13 15:48 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-13 15:48 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-13 15:48 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-13 15:48 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-13 15:48 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-13 15:48 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-13 15:48 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-13 15:48 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-13 15:48 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-13 15:48 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-13 15:48 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-13 15:48 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-13 15:48 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-13 15:48 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-13 15:48 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-13 15:48 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-13 15:48 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-13 15:48 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-13 15:48 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-13 15:48 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-13 15:48 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-13 15:48 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-13 15:48 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-13 15:48 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-13 15:48 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-13 15:48 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-13 15:48 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-13 15:48 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-13 15:48 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-13 15:48 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-13 15:48 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-13 15:48 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-13 15:48 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-13 15:48 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-13 15:48 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-13 15:48 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-03-13 15:48 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-13 15:47 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-13 15:47 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-13 15:47 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-13 15:47 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-03-01 14:06 - 2014-03-01 14:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\Program Files\iTunes

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\Program Files\iPod

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-02-26 19:57 - 2014-03-24 16:48 - 00000400 _____ () C:\Windows\Tasks\Buzz-it Update.job

2014-02-26 19:57 - 2014-03-24 16:48 - 00000394 _____ () C:\Windows\Tasks\Buzz-it_wd.job

2014-02-26 19:57 - 2014-03-04 21:28 - 00000000 ____D () C:\Program Files (x86)\Buzz-it-soft

2014-02-26 19:57 - 2014-02-26 19:57 - 00003064 _____ () C:\Windows\System32\Tasks\Buzz-it Update

2014-02-26 19:57 - 2014-02-26 19:57 - 00002998 _____ () C:\Windows\System32\Tasks\Buzz-it_wd

2014-02-26 19:55 - 2014-02-28 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-02-26 19:55 - 2014-02-26 21:09 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-02-26 19:54 - 2014-02-26 19:54 - 21703480 _____ (Mozilla) C:\Users\Sternschnuppe\Downloads\Firefox Setup 22.0.exe

2014-02-26 19:53 - 2014-02-16 17:56 - 00000426 _____ () C:\AVScanner.ini

2014-02-26 19:47 - 2014-03-24 16:48 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\newnext.me

2014-02-26 19:47 - 2014-02-26 19:57 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\VOPackage

2014-02-26 19:47 - 2014-02-26 19:51 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\Systweak

2014-02-26 19:47 - 2014-02-26 19:48 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\Mobogenie

2014-02-26 19:47 - 2014-02-26 19:48 - 00000000 ____D () C:\Program Files (x86)\Mobogenie

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\Documents\Mobogenie

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\genienext

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\cache

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\.android

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 _____ () C:\Users\Sternschnuppe\daemonprocess.txt

2014-02-26 19:47 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
 

==================== One Month Modified Files and Folders =======
 

2014-03-24 17:47 - 2014-03-24 17:20 - 00000000 ____D () C:\FRST

2014-03-24 17:13 - 2012-12-03 19:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-24 16:57 - 2012-12-03 19:05 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6DF3B6D9-F082-432F-BF4B-152FA2C45AA8}

2014-03-24 16:55 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-24 16:55 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-24 16:51 - 2013-07-02 13:24 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-24 16:51 - 2012-12-03 18:19 - 01714960 _____ () C:\Windows\WindowsUpdate.log

2014-03-24 16:48 - 2014-02-26 19:57 - 00000400 _____ () C:\Windows\Tasks\Buzz-it Update.job

2014-03-24 16:48 - 2014-02-26 19:57 - 00000394 _____ () C:\Windows\Tasks\Buzz-it_wd.job

2014-03-24 16:48 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\newnext.me

2014-03-24 16:48 - 2014-01-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-03-24 16:48 - 2013-07-02 13:24 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-24 16:48 - 2012-05-16 01:37 - 00000000 ____D () C:\ProgramData\PDFC

2014-03-24 16:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-24 16:47 - 2009-07-14 05:51 - 00122272 _____ () C:\Windows\setupact.log

2014-03-24 11:17 - 2014-02-10 11:17 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\FileAdvisor

2014-03-24 11:17 - 2014-02-09 11:17 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor

2014-03-23 14:01 - 2014-03-23 14:01 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\Islands5_realore_bigfishgames_de

2014-03-23 13:55 - 2014-03-23 13:55 - 00001159 _____ () C:\Users\Public\Desktop\Island Tribe 5.lnk

2014-03-23 13:55 - 2012-12-04 10:08 - 00000000 ____D () C:\Program Files (x86)\Spiele

2014-03-23 13:49 - 2014-03-23 13:47 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\NPE

2014-03-23 13:48 - 2012-05-16 01:40 - 00000000 ____D () C:\ProgramData\Norton

2014-03-23 11:55 - 2012-05-16 01:05 - 00699416 _____ () C:\Windows\system32\perfh007.dat

2014-03-23 11:55 - 2012-05-16 01:05 - 00149556 _____ () C:\Windows\system32\perfc007.dat

2014-03-23 11:55 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-23 11:42 - 2010-11-21 04:47 - 00791058 _____ () C:\Windows\PFRO.log

2014-03-21 10:53 - 2012-12-05 16:13 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\vlc

2014-03-20 17:10 - 2012-12-03 22:00 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2014-03-20 13:27 - 2012-12-05 15:24 - 00003234 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSternschnuppe

2014-03-20 13:27 - 2012-12-05 15:24 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForSternschnuppe.job

2014-03-19 15:08 - 2012-12-27 09:17 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-03-19 15:08 - 2012-12-05 15:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-03-18 12:20 - 2013-08-14 22:44 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-18 12:16 - 2012-12-03 19:11 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-16 15:52 - 2013-08-16 13:30 - 00043520 _____ () C:\Windows\SysWOW64\CmdLineExt03.dll

2014-03-15 14:07 - 2013-12-23 17:06 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\.minecraft

2014-03-15 14:06 - 2014-03-15 14:06 - 00001331 _____ () C:\Users\Sternschnuppe\Desktop\Minecraft CHEAT EDiTiON by BlackTBK.lnk

2014-03-14 12:45 - 2013-03-13 19:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-14 12:45 - 2013-03-13 19:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-14 12:45 - 2009-07-14 05:45 - 00435280 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-13 20:39 - 2014-01-09 22:18 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-03-12 20:13 - 2012-12-03 19:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-12 20:13 - 2012-12-03 19:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-03-12 20:13 - 2012-05-16 01:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-09 18:13 - 2014-02-02 16:47 - 00000336 _____ () C:\Users\Sternschnuppe\Desktop\KNeuNam.ini

2014-03-05 15:20 - 2012-12-04 10:34 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\CrashDumps

2014-03-05 12:43 - 2013-11-17 12:28 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2014-03-05 10:19 - 2013-11-16 12:25 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\Skype

2014-03-04 21:32 - 2013-11-16 12:25 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-04 21:32 - 2013-11-16 12:25 - 00000000 ____D () C:\ProgramData\Skype

2014-03-04 21:28 - 2014-02-26 19:57 - 00000000 ____D () C:\Program Files (x86)\Buzz-it-soft

2014-03-01 19:17 - 2011-02-11 18:15 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-03-01 14:06 - 2014-03-01 14:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\Program Files\iTunes

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\Program Files\iPod

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-03-01 07:05 - 2014-03-13 15:48 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-01 06:17 - 2014-03-13 15:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-01 06:16 - 2014-03-13 15:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-01 05:58 - 2014-03-13 15:48 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-01 05:52 - 2014-03-13 15:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-01 05:51 - 2014-03-13 15:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-01 05:42 - 2014-03-13 15:48 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-01 05:40 - 2014-03-13 15:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-01 05:37 - 2014-03-13 15:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-01 05:33 - 2014-03-13 15:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-01 05:33 - 2014-03-13 15:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-01 05:32 - 2014-03-13 15:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-01 05:30 - 2014-03-13 15:48 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-01 05:23 - 2014-03-13 15:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-01 05:17 - 2014-03-13 15:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-01 05:11 - 2014-03-13 15:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-01 05:02 - 2014-03-13 15:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-01 04:54 - 2014-03-13 15:48 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-01 04:52 - 2014-03-13 15:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-01 04:51 - 2014-03-13 15:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-01 04:47 - 2014-03-13 15:48 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-01 04:43 - 2014-03-13 15:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-01 04:43 - 2014-03-13 15:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-01 04:42 - 2014-03-13 15:48 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-01 04:40 - 2014-03-13 15:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-01 04:38 - 2014-03-13 15:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-01 04:37 - 2014-03-13 15:48 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-01 04:35 - 2014-03-13 15:48 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-01 04:18 - 2014-03-13 15:48 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-01 04:16 - 2014-03-13 15:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-01 04:14 - 2014-03-13 15:48 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-01 04:10 - 2014-03-13 15:48 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-01 04:03 - 2014-03-13 15:48 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-01 04:00 - 2014-03-13 15:48 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-01 03:57 - 2014-03-13 15:48 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-01 03:38 - 2014-03-13 15:48 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-01 03:32 - 2014-03-13 15:48 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-01 03:27 - 2014-03-13 15:48 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-01 03:25 - 2014-03-13 15:48 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-01 03:25 - 2014-03-13 15:48 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-28 16:43 - 2014-02-26 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-02-26 21:09 - 2014-02-26 19:55 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-02-26 21:09 - 2014-02-14 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-02-26 19:57 - 2014-02-26 19:57 - 00003064 _____ () C:\Windows\System32\Tasks\Buzz-it Update

2014-02-26 19:57 - 2014-02-26 19:57 - 00002998 _____ () C:\Windows\System32\Tasks\Buzz-it_wd

2014-02-26 19:57 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\VOPackage

2014-02-26 19:54 - 2014-02-26 19:54 - 21703480 _____ (Mozilla) C:\Users\Sternschnuppe\Downloads\Firefox Setup 22.0.exe

2014-02-26 19:51 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\Systweak

2014-02-26 19:51 - 2012-12-03 19:05 - 00000000 ___RD () C:\Users\Sternschnuppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-26 19:48 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\Mobogenie

2014-02-26 19:48 - 2014-02-26 19:47 - 00000000 ____D () C:\Program Files (x86)\Mobogenie

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\Documents\Mobogenie

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\genienext

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\cache

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\.android

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 _____ () C:\Users\Sternschnuppe\daemonprocess.txt

2014-02-26 19:47 - 2012-12-03 18:20 - 00000000 ____D () C:\Users\Sternschnuppe
 

Some content of TEMP:

====================

C:\Users\Sternschnuppe\AppData\Local\Temp\uninstall.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-22 18:29
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Ich hoffe, es hilft mir jemand. Vielen Dank schon mal.

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Ich habe gerade entdeckt, das Buzzit immer noch auf C: vorhanden ist, obwohl ich es über Systemsteuerung deinstalliert hatte: R2 Buzz-it; C:\Program Files (x86)\Buzz-it-soft\Buzz-it155.exe [192512 2014-02-26] ()

Sorry, wegen des Anhangs, ich hatte schon überlegt, wie ich das in so eine schöne Box bekomme. Danke!

da fehlt noch die Additional.txt. Such die mal, brauchste nicht posten, aber du brauchst sie gleich:

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Vielleicht bin ich ja blind, ich finde im Text nichts mit dem Zusatz <== ATTENTION. Deshalb stell ich ihn doch ein:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014

Ran by Sternschnuppe at 2014-03-24 17:47:59

Running from J:\Hörbücher

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Norton 360 Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 

==================== Installed Programs ======================
 

A Gnome's Home - Der Kristall des Lebens Version 1.0 (HKLM-x32\...\{3A82CFD6-CE0B-4349-8768-C886C8437ED0}_is1) (Version: 1.0 - Share)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Allway Sync version 8.1.0 (HKLM-x32\...\Allway Sync_is1) (Version:  - Usov Lab)

AMD Accelerated Video Transcoding (Version: 12.5.100.20928 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.70928.1539 - Advanced Micro Devices, Inc.) Hidden

Ancient Rome 2 Version 1.0 (HKLM-x32\...\{C159A96C-6543-41B1-88C7-550580D0D8BF}_is1) (Version: 1.0 - Share)

ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)

Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Besiedelte Welten - Das alte Aegypten (HKLM-x32\...\Besiedelte Welten - Das alte Aegypten) (Version:  - )

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden

calibre (HKLM-x32\...\{D060E2E3-5509-4420-AA04-FA197C6678C8}) (Version: 0.9.28 - Kovid Goyal)

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )

Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )

Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)

Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )

Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center (x32 Version: 2012.0928.1532.26058 - Ihr Firmenname) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden

Christmas Stories - Nussknacker Sammleredition Version 1.0 (HKLM-x32\...\{3E282096-63E1-4B4F-9B94-A0C39EE04D5F}_is1) (Version: 1.0 - Share)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Clone Wars (HKCU\...\SOE-Clone Wars) (Version:  - Sony Online Entertainment)

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.3226 - CyberLink Corp.)

CyberLink PowerDVD 10 (x32 Version: 10.0.1.3226 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dark Parables 4 - Der Orden der Rotkäppchen Sammleredition Version 1.0 (HKLM-x32\...\Dark Parables 4 - Der Orden der Rotkäppchen Samm~53E6409B_is1) (Version: 1.0 - Share)

Das Verrückte Königreich Version 1.0 (HKLM-x32\...\{A3D34597-AFE2-4650-97DC-2701A2DAEE2A}_is1) (Version: 1.0 - Share)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)

Die verlassenen Inseln (HKLM-x32\...\Die verlassenen Inseln) (Version:  - )

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )

Farm Frenzy - Das antike Rom (HKLM-x32\...\Farm Frenzy - Das antike Rom) (Version:  - )

Farm Frenzy - Helden der Wikinger (HKLM-x32\...\Farm Frenzy - Helden der Wikinger) (Version:  - )

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Farm Tribe 2 Version 1.0 (HKLM-x32\...\{BE253326-0F45-47E9-9DA3-873A39A8445E}_is1) (Version: 1.0 - Share)

Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

File Type Advisor 1.4 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

Fishdom - Frosty Splash (DE) (HKLM-x32\...\Fishdom - Frosty Splash (DE)) (Version:  - )

Fishdom - Spooky Splash (HKLM-x32\...\Fishdom - Spooky Splash) (Version:  - )

Fishdom (HKLM-x32\...\Fishdom) (Version:  - )

Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Fishdom 2 (HKLM-x32\...\Fishdom 2) (Version:  - )

Fishdom H2O - Hidden Odyssey (HKLM-x32\...\Fishdom H2O - Hidden Odyssey) (Version:  - )

Fishdom Seasons under the Sea (HKLM-x32\...\Fishdom Seasons under the Sea) (Version:  - )

Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)

Garden Rescue - Weihnachtsedition Version 1.0 (HKLM-x32\...\{43C33181-A544-4A31-A7F2-3B803106A46E}_is1) (Version: 1.0 - Share)

Giana Sisters - Twisted Dreams (HKLM-x32\...\Giana Sisters - Twisted Dreams) (Version: 1.0 - Black Forest Games)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden

Grim Facade 2 - Dunkle Obsession Sammleredition (HKLM-x32\...\Grim Facade 2 - Dunkle Obsession Sammleredition) (Version:  - )

Grim Tales 3 - Gefährliche Wünsche Sammleredition Version 1.0 (HKLM-x32\...\Grim Tales 3 - Gefährliche Wünsche Sammleredition_is1) (Version: 1.0 - Share)

Haunted Hotel 4 - Der Fall Charles Dexter Ward - Sammleredition (HKLM-x32\...\Haunted Hotel 4 - Der Fall Charles Dexter Ward - Sammleredition) (Version:  - )

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)

HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden

HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)

HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)

HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)

HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)

HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)

HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)

HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)

HydraVision (x32 Version: 4.2.220.0 - Advanced Micro Devices, Inc.) Hidden

IB Updater 2.0.0.550 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.550 - IncrediBar) <==== ATTENTION

Im Land der Wikinger Version 1.0 (HKLM-x32\...\{29CF1967-D5FF-4DFE-AE79-A7884849BFC2}_is1) (Version: 1.0 - Share)

IncrediMail (x32 Version: 6.3.9.5254 - IncrediMail) Hidden

IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.3.9.5254 - IncrediMail Ltd.)

Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)

Island Tribe (HKLM-x32\...\Island Tribe) (Version:  - )

Island Tribe 2 (HKLM-x32\...\Island Tribe 2) (Version:  - )

Island Tribe 3 (HKLM-x32\...\Island Tribe 3) (Version:  - )

Island Tribe 4 Version 1.0 (HKLM-x32\...\{CD8A89A3-16C9-4D26-9F32-F36BE671A842}_is1) (Version: 1.0 - Share)

Island Tribe 5 Version 1.0 (HKLM-x32\...\{3B62C508-BF01-4007-A3FA-A83A78862C78}_is1) (Version: 1.0 - Share)

iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)

JDownloader (HKLM-x32\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden

Luxor - 5th Passage (HKLM-x32\...\Luxor - 5th Passage) (Version:  - )

Luxor 1 (HKLM-x32\...\Luxor 1) (Version:  - )

Luxor 2 (HKLM-x32\...\Luxor 2) (Version:  - )

Luxor 3 (HKLM-x32\...\Luxor 3) (Version:  - )

Luxor 4 Quest For The Afterlife (HKLM-x32\...\Luxor 4 Quest For The Afterlife) (Version:  - )

Luxor Mahjong (HKLM-x32\...\Luxor Mahjong) (Version:  - )

Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden

MarkAble 2.2.0 (HKLM-x32\...\MarkAble2_is1) (Version: 2.2.0 - Rightword Enterprises)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Minecraft CHEAT EDiTiON by BlackTBK Version 1.7.2 (HKLM-x32\...\{F41E7266-3195-4ACA-9C5C-8BBA1802AE30}_is1) (Version: 1.7.2 - BLACKTBK)

Moorhuhn 2 (HKLM-x32\...\Moorhuhn 2 deinstallieren) (Version:  - )

Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

Mp3tag v2.48 (HKLM-x32\...\Mp3tag) (Version: v2.48 - Florian Heidenreich)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

My Kingdom for the Princess 3 (HKLM-x32\...\My Kingdom for the Princess 3) (Version:  - )

My Kingdom for the Princess II (HKLM-x32\...\My Kingdom for the Princess II) (Version:  - )

Mystery Legends - The Phantom of the Opera Sammleredition (HKLM-x32\...\Mystery Legends - The Phantom of the Opera Sammleredition) (Version:  - )

Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden

Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)

Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden

Nero BackItUp (x32 Version: 12.0.2001 - Nero AG) Hidden

Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero Blu-ray Player (x32 Version: 12.0.14300 - Nero AG) Hidden

Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden

Nero Burning ROM (x32 Version: 12.0.20000 - Nero AG) Hidden

Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero ControlCenter (x32 Version: 11.0.15200 - Nero AG) Hidden

Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero Core Components (x32 Version: 11.0.18100 - Nero AG) Hidden

Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden

Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden

Nero Express (x32 Version: 12.0.20000 - Nero AG) Hidden

Nero Express Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden

Nero Kwik Media (x32 Version: 1.18.18200 - Nero AG) Hidden

Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden

Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden

Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden

Nero Recode (x32 Version: 12.0.24000 - Nero AG) Hidden

Nero Recode Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden

Nero RescueAgent (x32 Version: 12.0.9000 - Nero AG) Hidden

Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden

Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden

Nero Video (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero Video Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden

neroxml (x32 Version: 1.0.0 - Nero AG) Hidden

New Yankee 2 - Unter Rittern Version 1.0 (HKLM-x32\...\{6315B496-ED07-44F2-BB0D-9B227A71D002}_is1) (Version: 1.0 - Share)

Nightmares from the Deep - Die Schädelinsel - Sammleredition (HKLM-x32\...\Nightmares from the Deep - Die Schädelinsel - Sammleredition) (Version:  - )

Norton 360 (HKLM-x32\...\N360) (Version: 20.4.0.40 - Symantec Corporation)

OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)

opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)

Phenomenon 2 - Meteorit Sammleredition Version 1.0 (HKLM-x32\...\{C3526FFC-1251-42D2-9C27-74991C4EBD85}_is1) (Version: 1.0 - Share)

Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)

Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009 - Ihr Firmenname) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden

Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden

Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden

Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)

Roads of Rome (HKLM-x32\...\Roads of Rome) (Version:  - )

Roads of Rome 2 (HKLM-x32\...\Roads of Rome 2) (Version:  - )

Roads Of Rome 3 (HKLM-x32\...\Roads Of Rome 3) (Version:  - )

RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)

Safari Park Afrika Version 1.0 (HKLM-x32\...\{B9FC3D77-05D2-4B06-A66E-0EACC3AEBA1C}_is1) (Version: 1.0 - Share)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Sisters Secrecy - Mysteriöse Abstammung Sammleredition (HKLM-x32\...\Sisters Secrecy - Mysteriöse Abstammung Sammleredition) (Version:  - )

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Stoneloops! of Jurassica (HKLM-x32\...\Stoneloops! of Jurassica) (Version:  - )

The TimeBuilders - Pyramid Rising 2 Version 1.0 (HKLM-x32\...\{4355719B-BCFF-43F1-B7F5-76BB6913AC35}_is1) (Version: 1.0 - Share)

The Tribloos 2 Version 1.0 (HKLM-x32\...\{FCFF97CC-6FAE-429C-9999-76AE808CB785}_is1) (Version: 1.0 - Share)

Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden

Trine (HKLM-x32\...\Steam App 35700) (Version:  - Frozenbyte)

Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)

TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)

Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden

Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 

==================== Restore Points  =========================
 

04-03-2014 20:31:52 Windows Update

12-03-2014 21:23:21 Geplanter Prüfpunkt

13-03-2014 19:35:51 Windows Update

18-03-2014 11:16:23 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {04826A8F-0749-446E-9EC8-7AD568B82773} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-09-04] (File Type Advisor)

Task: {2F8CBE75-E1C7-4368-B619-DDC6C84E789D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)

Task: {3020F16D-F93C-4967-8FED-96A05C5B140F} - System32\Tasks\HPCeeScheduleForSternschnuppe => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {32E555C7-CBD6-44B8-9911-DB95B1B386B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {3316B426-3002-426C-AE8C-9F0A9F404838} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)

Task: {38F78881-1615-449E-AC7E-3D5ACFE75EE5} - System32\Tasks\Buzz-it_wd => C:\Program Files (x86)\Buzz-it-soft\Buzz-it_wd.exe [2014-02-26] ()

Task: {462A960E-D8CC-44CA-8591-F32B285823B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)

Task: {4C03F788-732F-4268-B2C7-DCC6EC441881} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)

Task: {54FFE130-DC72-4221-90BD-E5699C3BF800} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)

Task: {5DD22CCF-017F-4D85-8182-019D4333D3F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)

Task: {7D1CB416-7801-465E-A7B9-15FDDDFD0743} - System32\Tasks\Buzz-it Update => C:\Program Files (x86)\Buzz-it-soft\Buzzi.exe [2014-02-26] ()

Task: {A444B2D1-A300-44BF-8005-51B2310CB897} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)

Task: {B355BB6F-B501-477C-8EB4-0023E3BEC791} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {D40D39F6-154C-4A86-A071-07CE66792F16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)

Task: {EFBEEC90-0724-48D6-85FF-E3B365935B1F} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-09-04] (filetypeadvisor.com                                         )

Task: {FE9DB189-457E-41A3-BBA1-4BD19CD581E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Buzz-it Update.job => C:\Program Files (x86)\Buzz-it-soft\Buzzi.exe

Task: C:\Windows\Tasks\Buzz-it_wd.job => C:\Program Files (x86)\Buzz-it-soft\Buzz-it_wd.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForSternschnuppe.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2014-02-26 19:57 - 2014-02-26 19:57 - 00093184 _____ () C:\Program Files (x86)\Buzz-it-soft\Buzz-it_wd.exe

2014-02-26 19:57 - 2014-02-26 19:57 - 00192512 _____ () C:\Program Files (x86)\Buzz-it-soft\Buzz-it155.exe

2012-12-03 21:28 - 2012-11-20 15:09 - 00188760 _____ () C:\Program Files\IB Updater\ExtensionUpdaterService.exe

2013-11-17 12:38 - 2011-02-07 08:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

2012-05-16 01:24 - 2011-12-16 21:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-07-18 16:35 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll

2013-01-24 11:16 - 2013-01-24 11:16 - 00033272 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll

2013-01-24 11:16 - 2013-01-24 11:16 - 00072256 _____ () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll

2013-01-24 11:16 - 2013-01-24 11:16 - 00268864 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll

2012-11-18 17:29 - 2012-11-18 17:29 - 00108448 _____ () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll

2013-01-24 11:16 - 2013-01-24 11:16 - 00133696 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2014-01-08 11:33 - 2013-12-12 23:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll

2014-01-08 11:33 - 2013-11-05 02:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll

2013-11-06 13:48 - 2014-02-11 03:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2013-12-11 11:40 - 2014-02-25 22:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2013-11-06 13:48 - 2014-01-11 00:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2013-06-14 15:49 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll

2013-06-14 15:49 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll

2013-06-14 15:49 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

2013-01-24 11:16 - 2013-01-24 11:16 - 00080448 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll

2014-02-26 19:55 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2013-07-18 16:35 - 2012-05-30 07:51 - 00699280 ____R () C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll

2014-03-12 20:13 - 2014-03-12 20:13 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

2012-05-16 01:24 - 2011-12-16 19:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\Temp:F1175E1D
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (03/24/2014 04:46:22 PM) (Source: Application Hang) (User: )

Description: Programm Skype.exe, Version 6.11.60.102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: ff4
 

Startzeit: 01cf4777ea6019ad
 

Endzeit: 4
 

Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
 

Berichts-ID:
 

Error: (03/06/2014 07:19:03 PM) (Source: Application Hang) (User: )

Description: Programm PhotoScreensaver.scr, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 7aec
 

Startzeit: 01cf39661a989b61
 

Endzeit: 22
 

Anwendungspfad: C:\Windows\system32\PhotoScreensaver.scr
 

Berichts-ID: c812f206-a55b-11e3-93bb-e840f268d7e2
 

Error: (03/05/2014 03:20:34 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.18150, Zeitstempel: 0x518c6df8

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00000000

ID des fehlerhaften Prozesses: 0x6054

Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0

Pfad der fehlerhaften Anwendung: wmplayer.exe1

Pfad des fehlerhaften Moduls: wmplayer.exe2

Berichtskennung: wmplayer.exe3
 

Error: (03/05/2014 03:18:53 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.18150, Zeitstempel: 0x518c6df8

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00000000

ID des fehlerhaften Prozesses: 0x603c

Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0

Pfad der fehlerhaften Anwendung: wmplayer.exe1

Pfad des fehlerhaften Moduls: wmplayer.exe2

Berichtskennung: wmplayer.exe3
 

Error: (03/01/2014 02:27:40 PM) (Source: Application Hang) (User: )

Description: Programm IncMail.exe, Version 6.3.9.5254 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: f60
 

Startzeit: 01cf354d4340d14d
 

Endzeit: 30
 

Anwendungspfad: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
 

Berichts-ID: 3f41bab8-a145-11e3-8102-e840f268d7e2
 

Error: (03/01/2014 02:27:23 PM) (Source: Application Hang) (User: )

Description: Programm wmplayer.exe, Version 12.0.7601.18150 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 3b40
 

Startzeit: 01cf3551eeffed16
 

Endzeit: 28
 

Anwendungspfad: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 

Berichts-ID: 34957ca7-a145-11e3-8102-e840f268d7e2
 

Error: (03/01/2014 01:50:21 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
 

Error: (02/21/2014 07:02:44 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: jxpiinstall(1).exe, Version: 7.0.510.13, Zeitstempel: 0x52b28ed6

Name des fehlerhaften Moduls: jxpiinstall(1).exe, Version: 7.0.510.13, Zeitstempel: 0x52b28ed6

Ausnahmecode: 0xc0000409

Fehleroffset: 0x00012d7d

ID des fehlerhaften Prozesses: 0xa20

Startzeit der fehlerhaften Anwendung: 0xjxpiinstall(1).exe0

Pfad der fehlerhaften Anwendung: jxpiinstall(1).exe1

Pfad des fehlerhaften Moduls: jxpiinstall(1).exe2

Berichtskennung: jxpiinstall(1).exe3
 

Error: (02/17/2014 04:49:28 PM) (Source: Application Hang) (User: )

Description: Programm PhotoScreensaver.scr, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1d70
 

Startzeit: 01cf2beb4d2bab67
 

Endzeit: 27
 

Anwendungspfad: C:\Windows\system32\PhotoScreensaver.scr
 

Berichts-ID: 11ce22ff-97eb-11e3-8568-e840f268d7e2
 

Error: (02/16/2014 10:17:18 PM) (Source: Application Hang) (User: )

Description: Programm PhotoScreensaver.scr, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 20a4
 

Startzeit: 01cf2b5afe9cab3f
 

Endzeit: 1
 

Anwendungspfad: C:\Windows\system32\PhotoScreensaver.scr
 

Berichts-ID: b327c296-974f-11e3-8373-e840f268d7e2
 
 

System errors:

=============

Error: (03/24/2014 04:48:05 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (03/24/2014 04:48:05 PM) (Source: Application Popup) (User: )

Description: Treiber atksgt.sys konnte nicht geladen werden.
 

Error: (03/24/2014 04:44:04 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (03/24/2014 04:44:04 PM) (Source: Application Popup) (User: )

Description: Treiber atksgt.sys konnte nicht geladen werden.
 

Error: (03/24/2014 10:05:16 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (03/24/2014 10:05:16 AM) (Source: Application Popup) (User: )

Description: Treiber atksgt.sys konnte nicht geladen werden.
 

Error: (03/23/2014 11:42:31 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (03/23/2014 11:42:31 AM) (Source: Application Popup) (User: )

Description: Treiber atksgt.sys konnte nicht geladen werden.
 

Error: (03/22/2014 09:41:54 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (03/22/2014 09:41:54 AM) (Source: Application Popup) (User: )

Description: Treiber atksgt.sys konnte nicht geladen werden.
 
 

Microsoft Office Sessions:

=========================

Error: (03/24/2014 04:46:22 PM) (Source: Application Hang)(User: )

Description: Skype.exe6.11.60.102ff401cf4777ea6019ad4C:\Program Files (x86)\Skype\Phone\Skype.exe
 

Error: (03/06/2014 07:19:03 PM) (Source: Application Hang)(User: )

Description: PhotoScreensaver.scr6.1.7601.175147aec01cf39661a989b6122C:\Windows\system32\PhotoScreensaver.scrc812f206-a55b-11e3-93bb-e840f268d7e2
 

Error: (03/05/2014 03:20:34 PM) (Source: Application Error)(User: )

Description: wmplayer.exe12.0.7601.18150518c6df8unknown0.0.0.000000000c000000500000000605401cf387e120290ffC:\Program Files (x86)\Windows Media Player\wmplayer.exeunknown50008109-a471-11e3-aefd-e840f268d7e2
 

Error: (03/05/2014 03:18:53 PM) (Source: Application Error)(User: )

Description: wmplayer.exe12.0.7601.18150518c6df8unknown0.0.0.000000000c000000500000000603c01cf387dd4a6e17fC:\Program Files (x86)\Windows Media Player\wmplayer.exeunknown13fff9cf-a471-11e3-aefd-e840f268d7e2
 

Error: (03/01/2014 02:27:40 PM) (Source: Application Hang)(User: )

Description: IncMail.exe6.3.9.5254f6001cf354d4340d14d30C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe3f41bab8-a145-11e3-8102-e840f268d7e2
 

Error: (03/01/2014 02:27:23 PM) (Source: Application Hang)(User: )

Description: wmplayer.exe12.0.7601.181503b4001cf3551eeffed1628C:\Program Files (x86)\Windows Media Player\wmplayer.exe34957ca7-a145-11e3-8102-e840f268d7e2
 

Error: (03/01/2014 01:50:21 PM) (Source: .NET Runtime Optimization Service)(User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005 

System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 

Error: (02/21/2014 07:02:44 PM) (Source: Application Error)(User: )

Description: jxpiinstall(1).exe7.0.510.1352b28ed6jxpiinstall(1).exe7.0.510.1352b28ed6c000040900012d7da2001cf2f2f0d012fe0J:\Hörbücher\jxpiinstall(1).exeJ:\Hörbücher\jxpiinstall(1).exe5c63bdcd-9b22-11e3-8605-e840f268d7e2
 

Error: (02/17/2014 04:49:28 PM) (Source: Application Hang)(User: )

Description: PhotoScreensaver.scr6.1.7601.175141d7001cf2beb4d2bab6727C:\Windows\system32\PhotoScreensaver.scr11ce22ff-97eb-11e3-8568-e840f268d7e2
 

Error: (02/16/2014 10:17:18 PM) (Source: Application Hang)(User: )

Description: PhotoScreensaver.scr6.1.7601.1751420a401cf2b5afe9cab3f1C:\Windows\system32\PhotoScreensaver.scrb327c296-974f-11e3-8373-e840f268d7e2
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 24%

Total physical RAM: 12244.2 MB

Available physical RAM: 9300.41 MB

Total Pagefile: 24486.57 MB

Available Pagefile: 21283.31 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:1845.39 GB) (Free:1515.44 GB) NTFS

Drive d: (HP_RECOVERY) (Fixed) (Total:17.52 GB) (Free:2.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive j: (Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:785.22 GB) NTFS

Drive t: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E6485F49)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 1 (Size: 1863 GB) (Disk ID: 5F3CC7FB)

Partition 1: (Not Active) - (Size=-198626966528) - (Type=07 NTFS)
 

==================== End Of Log ============================

Skype habe ich mit Revo schon mal entfernt.

Du bist blind :p

Zitat:

IB Updater 2.0.0.550 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.550 - IncrediBar) <==== ATTENTION

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 26.03.2014

Suchlauf-Zeit: 15:31:51

Logdatei: 

Administrator: Ja
 

Version: 2.00.0.1000

Malware Datenbank: v2014.03.26.04

Rootkit Datenbank: v2014.03.25.01

Lizenz: Testversion
 
 
 

        Code:


        
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows 7 Home Premium x64

Ran by Sternschnuppe on 26.03.2014 at 15:50:56,17

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-93671772-2379690000-1990322554-1000\Software\ib updater

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{45F761FE-B2E0-425E-8DD0-86E363068F44}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{975EC1F3-19EA-448A-A407-7B1A68C9F353}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{975EC1F3-19EA-448A-A407-7B1A68C9F353}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted the following from C:\Users\Sternschnuppe\AppData\Roaming\mozilla\firefox\profiles\okbgvamm.default\prefs.js
 

user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_installer_name", "vbates_somoto_.exe");

user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_temp_installer_name", "vbates_somoto_.exe");

Emptied folder: C:\Users\Sternschnuppe\AppData\Roaming\mozilla\firefox\profiles\okbgvamm.default\minidumps [78 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26.03.2014 at 15:56:14,05

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 
Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Chameleon: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Sternschnuppe
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 271342

Verstrichene Zeit: 12 Min, 29 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Shuriken: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 3

PUP.Optional.SweetPacks.A, C:\Program Files\IB Updater\ExtensionUpdaterService.exe, 2380, Löschen bei Neustart, [67752fd8a4d748ee198f44b906fa33cd]

PUP.Optional.BuzzIT.A, C:\Program Files (x86)\Buzz-it-soft\Buzz-it155.exe, 2216, Löschen bei Neustart, [11cb48bfcab1d4624e589bbdda2830d0]

PUP.Optional.BuzzIT.A, C:\Program Files (x86)\Buzz-it-soft\Buzz-it_wd.exe, 1916, Löschen bei Neustart, [716b9572e992033371bc9fb32cd655ab]
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 11

PUP.Optional.SweetPacks.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IB Updater, In Quarantäne, [67752fd8a4d748ee198f44b906fa33cd], 

PUP.Optional.IBUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{336D0C35-8A85-403A-B9D2-65C292C39087}, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{336D0C35-8A85-403A-B9D2-65C292C39087}, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, HKLM\SOFTWARE\CLASSES\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, HKLM\SOFTWARE\CLASSES\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}\INPROCSERVER32, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, HKU\S-1-5-21-93671772-2379690000-1990322554-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{336D0C35-8A85-403A-B9D2-65C292C39087}, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, HKU\S-1-5-21-93671772-2379690000-1990322554-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{336D0C35-8A85-403A-B9D2-65C292C39087}, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.BuzzIT.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BUZZ-IT, In Quarantäne, [11cb48bfcab1d4624e589bbdda2830d0], 

PUP.Optional.SearchProtect.A, HKU\S-1-5-21-93671772-2379690000-1990322554-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT, In Quarantäne, [2fad58af82f98ea88dfaa2bf43bf35cb], 
 

Registrierungswerte: 11

PUP.Optional.NextLive.A, HKU\S-1-5-21-93671772-2379690000-1990322554-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe "C:\Users\Sternschnuppe\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l, In Quarantäne, [b329fe095e1de84e852167e404fd7090]

PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [706c3ccb3546e74fd7cc887e43bf8080], 

PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [706c3ccb3546e74fd7cc887e43bf8080]

PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [706c3ccb3546e74fd7cc887e43bf8080]

PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [37a5dc2b46352d095251e91dd82a6f91], 

PUP.Optional.IBUpdater, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6]

PUP.Optional.IBUpdater, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6]

PUP.Optional.BuzzIT.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BUZZ-IT|ImagePath, C:\Program Files (x86)\Buzz-it-soft\Buzz-it155.exe, In Quarantäne, [11cb48bfcab1d4624e589bbdda2830d0]

PUP.Optional.IBUpdater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IB UPDATER|ImagePath, C:\Program Files\IB Updater\ExtensionUpdaterService.exe, In Quarantäne, [4c908e7990ebb38329f986fe689b3fc1]

PUM.Bad.Proxy, HKU\S-1-5-21-93671772-2379690000-1990322554-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:13828, In Quarantäne, [eaf23acdea911a1c80fed5bc768d42be]

PUP.Optional.SearchProtect.A, HKU\S-1-5-21-93671772-2379690000-1990322554-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT|Install, 1, In Quarantäne, [2fad58af82f98ea88dfaa2bf43bf35cb]
 

Registrierungsdaten: 1

PUP.Optional.Conduit.A, HKU\S-1-5-21-93671772-2379690000-1990322554-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP62DA7751-F4DA-4708-8777-B94675373D37&SSPV=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.conduit.com/?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP62DA7751-F4DA-4708-8777-B94675373D37&SSPV=),Ersetzt,[ad2fc641bdbe39fd34e12fcdbd46a759]
 

Ordner: 16

PUP.Optional.IBUpdater, C:\Program Files\IB Updater, Löschen bei Neustart, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content\libraries, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content\resources, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\locale, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\locale\en-US, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\skin, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\defaults, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\defaults\preferences, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\libraries, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\resources, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.NextLive.A, C:\Users\Sternschnuppe\AppData\Roaming\newnext.me, In Quarantäne, [c01c3ec93c3f2016313de9656a986d93], 

PUP.Optional.NextLive.A, C:\Users\Sternschnuppe\AppData\Roaming\newnext.me\cache, In Quarantäne, [c01c3ec93c3f2016313de9656a986d93], 

PUP.Optional.BuzzIT.A, C:\Program Files (x86)\Buzz-it-soft, Löschen bei Neustart, [716b9572e992033371bc9fb32cd655ab], 
 

Dateien: 34

PUP.Optional.SweetPacks.A, C:\Program Files\IB Updater\ExtensionUpdaterService.exe, Löschen bei Neustart, [67752fd8a4d748ee198f44b906fa33cd], 

PUP.Optional.NextLive.A, C:\Users\Sternschnuppe\AppData\Roaming\newnext.me\nengine.dll, In Quarantäne, [b329fe095e1de84e852167e404fd7090], 

PUP.Optional.InstallCore.A, C:\Users\Sternschnuppe\AppData\Roaming\VOPackage\Setup.exe, In Quarantäne, [02dabf48aad13402c7d2ce1956ad659b], 

PUP.Optional.NextLive.A, C:\Users\Sternschnuppe\AppData\Local\genienext\nengine.dll, In Quarantäne, [fbe14fb897e496a0e6c076d5ad541ce4], 

PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [5488d037de9df0464ea9f56622e07a86], 

PUP.Optional.BuzzIT.A, C:\Windows\Tasks\Buzz-it Update.job, In Quarantäne, [ca1240c719623df99cdb64f8f111df21], 

PUP.Optional.BuzzIT.A, C:\Windows\Tasks\Buzz-it_wd.job, In Quarantäne, [904c10f7aad121153f3891cb12f0d12f], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\source.crx, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Extension32.dll, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Extension64.dll, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\InstallerHelper.dll, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\unins000.dat, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\unins000.exe, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome.manifest, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\install.rdf, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content\main.js, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content\main.xul, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content\libraries\DataExchangeScript.js, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content\resources\localscript.js, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\locale\en-US\overlay.dtd, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\skin\overlay.css, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\defaults\preferences\defaults.js, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\libraries\DataExchangeScript.js, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.IBUpdater, C:\Program Files\IB Updater\resources\localscript.js, In Quarantäne, [875547c05c1f3bfb59c83054946f1ae6], 

PUP.Optional.BuzzIT.A, C:\Program Files (x86)\Buzz-it-soft\Buzz-it155.exe, Löschen bei Neustart, [11cb48bfcab1d4624e589bbdda2830d0], 

PUP.Optional.NextLive.A, C:\Users\Sternschnuppe\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [c01c3ec93c3f2016313de9656a986d93], 

PUP.Optional.NextLive.A, C:\Users\Sternschnuppe\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [c01c3ec93c3f2016313de9656a986d93], 

PUP.Optional.BuzzIT.A, C:\Program Files (x86)\Buzz-it-soft\155.dat, In Quarantäne, [716b9572e992033371bc9fb32cd655ab], 

PUP.Optional.BuzzIT.A, C:\Program Files (x86)\Buzz-it-soft\a.db, In Quarantäne, [716b9572e992033371bc9fb32cd655ab], 

PUP.Optional.BuzzIT.A, C:\Program Files (x86)\Buzz-it-soft\b.db, In Quarantäne, [716b9572e992033371bc9fb32cd655ab], 

PUP.Optional.BuzzIT.A, C:\Program Files (x86)\Buzz-it-soft\Buzz-it155.bin, In Quarantäne, [716b9572e992033371bc9fb32cd655ab], 

PUP.Optional.BuzzIT.A, C:\Program Files (x86)\Buzz-it-soft\Buzz-it155.ini, In Quarantäne, [716b9572e992033371bc9fb32cd655ab], 

PUP.Optional.BuzzIT.A, C:\Program Files (x86)\Buzz-it-soft\Buzz-it_wd.exe, Löschen bei Neustart, [716b9572e992033371bc9fb32cd655ab], 

PUP.Optional.BuzzIT.A, C:\Program Files (x86)\Buzz-it-soft\Buzzi.exe, In Quarantäne, [716b9572e992033371bc9fb32cd655ab], 
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

Code:

# AdwCleaner v3.022 - Bericht erstellt am 26/03/2014 um 15:43:05

# Aktualisiert 13/03/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Sternschnuppe - RUMPELKAMMER

# Gestartet von : J:\Hörbücher\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Ask

Ordner Gelöscht : C:\ProgramData\SoftSafe

Ordner Gelöscht : C:\ProgramData\Trymedia

Ordner Gelöscht : C:\ProgramData\AlawarEntertainment

Ordner Gelöscht : C:\Program Files (x86)\Mobogenie

Ordner Gelöscht : C:\Users\Sternschnuppe\AppData\Local\genienext

Ordner Gelöscht : C:\Users\Sternschnuppe\AppData\Local\Mobogenie

Ordner Gelöscht : C:\Users\Sternschnuppe\AppData\Roaming\Systweak

Ordner Gelöscht : C:\Users\Sternschnuppe\AppData\Roaming\VOPackage

Ordner Gelöscht : C:\Users\Sternschnuppe\AppData\Roaming\AlawarEntertainment

Ordner Gelöscht : C:\Users\Sternschnuppe\Documents\Mobogenie

Ordner Gelöscht : C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\youtubeunblocker@unblocker.yt

Ordner Gelöscht : C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

Datei Gelöscht : C:\Users\STERNS~1\AppData\Local\Temp\Uninstall.exe
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Schlüssel Gelöscht : HKCU\Software\IM

Schlüssel Gelöscht : HKCU\Software\ImInstaller

Schlüssel Gelöscht : HKCU\Software\systweak

Schlüssel Gelöscht : HKLM\Software\IB Updater

Schlüssel Gelöscht : HKLM\Software\ImInstaller

Schlüssel Gelöscht : HKLM\Software\systweak

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\IB Updater
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.16521
 
 

-\\ Mozilla Firefox v27.0.1 (de)
 

[ Datei : C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
 

*************************
 

AdwCleaner[R0].txt - [4876 octets] - [26/03/2014 15:41:00]

AdwCleaner[S0].txt - [4275 octets] - [26/03/2014 15:43:05]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4335 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows 7 Home Premium x64

Ran by Sternschnuppe on 26.03.2014 at 15:50:56,17

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-93671772-2379690000-1990322554-1000\Software\ib updater

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{45F761FE-B2E0-425E-8DD0-86E363068F44}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{975EC1F3-19EA-448A-A407-7B1A68C9F353}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{975EC1F3-19EA-448A-A407-7B1A68C9F353}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted the following from C:\Users\Sternschnuppe\AppData\Roaming\mozilla\firefox\profiles\okbgvamm.default\prefs.js
 

user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_installer_name", "vbates_somoto_.exe");

user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_temp_installer_name", "vbates_somoto_.exe");

Emptied folder: C:\Users\Sternschnuppe\AppData\Roaming\mozilla\firefox\profiles\okbgvamm.default\minidumps [78 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26.03.2014 at 15:56:14,05

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Sternschnuppe (administrator) on RUMPELKAMMER on 26-03-2014 16:00:25

Running from J:\Hörbücher

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2011-12-23] (IDT, Inc.)

HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard )

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [EPSON Stylus DX3800 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE [98304 2005-02-08] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)

HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)

HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)

HKU\S-1-5-21-93671772-2379690000-1990322554-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)

HKU\S-1-5-21-93671772-2379690000-1990322554-1000\...\MountPoints2: {1d2790dc-9ef2-11e1-bcef-806e6f6e6963} - E:\Autorun.exe
 

==================== Internet (Whitelisted) ====================
 

ProxyEnable: Internet Explorer proxy is enabled.

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4

SearchScopes: HKLM - {975EC1F3-19EA-448A-A407-7B1A68C9F353} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\1-hs-sceneto.undefined.undefined

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\amazonde-hrbuch-shop-bcher.xml

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\chefkochde.xml

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\holidaycheck.xml

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\hs-sceneto.undefined.undefined

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\weltbildde--.xml

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\youtube-videosuche.undefined.undefined

FF SearchPlugin: C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\searchplugins\youtube.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Add to Search Bar - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2012-12-03]

FF Extension: MEGA - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\firefox@mega.co.nz.xpi [2014-01-16]

FF Extension: Facebook Blocker - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\info@skymeissner.com.xpi [2013-07-29]

FF Extension: Personas Plus - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\personas@christopher.beard.xpi [2012-12-03]

FF Extension: 1-Click YouTube Video Downloader - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-03-21]

FF Extension: Adblock Plus - C:\Users\Sternschnuppe\AppData\Roaming\Mozilla\Firefox\Profiles\okbgvamm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-03]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013-10-09]
 

==================== Services (Whitelisted) =================
 

S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-25] (CyberLink)

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
 

==================== Drivers (Whitelisted) ====================
 

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2013-04-10] ()

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-25] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-25] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140324.002\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2013-04-10] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-26] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140326.001\ENG64.SYS [126040 2013-11-25] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140326.001\EX64.SYS [2099288 2013-11-25] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-18] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-26 15:56 - 2014-03-26 15:56 - 00001742 _____ () C:\Users\Sternschnuppe\Desktop\JRT.txt

2014-03-26 15:50 - 2014-03-26 15:50 - 00000000 ____D () C:\Windows\ERUNT

2014-03-26 15:40 - 2014-03-26 15:43 - 00000000 ____D () C:\AdwCleaner

2014-03-26 15:17 - 2014-03-26 15:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-26 15:17 - 2014-03-26 15:17 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-26 15:17 - 2014-03-26 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-26 15:17 - 2014-03-26 15:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-03-26 15:17 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-26 15:17 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-26 15:17 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-25 14:09 - 2014-03-25 14:09 - 00001266 _____ () C:\Users\Sternschnuppe\Desktop\Revo Uninstaller.lnk

2014-03-25 14:09 - 2014-03-25 14:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-03-24 17:20 - 2014-03-26 16:00 - 00000000 ____D () C:\FRST

2014-03-23 14:01 - 2014-03-23 14:01 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\Islands5_realore_bigfishgames_de

2014-03-23 13:55 - 2014-03-23 13:55 - 00001159 _____ () C:\Users\Public\Desktop\Island Tribe 5.lnk

2014-03-23 13:47 - 2014-03-23 13:49 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\NPE

2014-03-15 14:06 - 2014-03-15 14:06 - 00001331 _____ () C:\Users\Sternschnuppe\Desktop\Minecraft CHEAT EDiTiON by BlackTBK.lnk

2014-03-13 15:48 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-13 15:48 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-13 15:48 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-13 15:48 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-13 15:48 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-13 15:48 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-13 15:48 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-13 15:48 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-13 15:48 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-13 15:48 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-13 15:48 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-13 15:48 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-13 15:48 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-13 15:48 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-13 15:48 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-13 15:48 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-13 15:48 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-13 15:48 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-13 15:48 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-13 15:48 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-13 15:48 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-13 15:48 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-13 15:48 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-13 15:48 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-13 15:48 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-13 15:48 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-13 15:48 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-13 15:48 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-13 15:48 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-13 15:48 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-13 15:48 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-13 15:48 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-13 15:48 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-13 15:48 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-13 15:48 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-13 15:48 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-13 15:48 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-13 15:48 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-13 15:48 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-13 15:48 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-13 15:48 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-13 15:48 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-13 15:48 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-03-13 15:48 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-13 15:47 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-13 15:47 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-13 15:47 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-13 15:47 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-03-01 14:06 - 2014-03-01 14:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\Program Files\iTunes

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\Program Files\iPod

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-02-26 19:55 - 2014-02-28 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-02-26 19:55 - 2014-02-26 21:09 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-02-26 19:54 - 2014-02-26 19:54 - 21703480 _____ (Mozilla) C:\Users\Sternschnuppe\Downloads\Firefox Setup 22.0.exe

2014-02-26 19:53 - 2014-02-16 17:56 - 00000426 _____ () C:\AVScanner.ini

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\cache

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\.android

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 _____ () C:\Users\Sternschnuppe\daemonprocess.txt
 

==================== One Month Modified Files and Folders =======
 

2014-03-26 16:00 - 2014-03-24 17:20 - 00000000 ____D () C:\FRST

2014-03-26 15:56 - 2014-03-26 15:56 - 00001742 _____ () C:\Users\Sternschnuppe\Desktop\JRT.txt

2014-03-26 15:52 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-26 15:52 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-26 15:51 - 2013-07-02 13:24 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-26 15:50 - 2014-03-26 15:50 - 00000000 ____D () C:\Windows\ERUNT

2014-03-26 15:45 - 2014-03-26 15:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-26 15:45 - 2014-01-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-03-26 15:45 - 2012-05-16 01:37 - 00000000 ____D () C:\ProgramData\PDFC

2014-03-26 15:44 - 2013-07-02 13:24 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-26 15:44 - 2012-12-03 18:19 - 01767888 _____ () C:\Windows\WindowsUpdate.log

2014-03-26 15:44 - 2010-11-21 04:47 - 00803502 _____ () C:\Windows\PFRO.log

2014-03-26 15:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-26 15:44 - 2009-07-14 05:51 - 00122552 _____ () C:\Windows\setupact.log

2014-03-26 15:43 - 2014-03-26 15:40 - 00000000 ____D () C:\AdwCleaner

2014-03-26 15:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization

2014-03-26 15:22 - 2012-12-03 21:28 - 00000000 ____D () C:\ProgramData\IncrediMail

2014-03-26 15:17 - 2014-03-26 15:17 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-26 15:17 - 2014-03-26 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-26 15:17 - 2014-03-26 15:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-03-26 15:13 - 2012-12-03 19:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-26 15:11 - 2012-12-05 15:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-03-26 15:10 - 2012-12-27 09:17 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-03-25 17:59 - 2013-08-16 13:30 - 00043520 _____ () C:\Windows\SysWOW64\CmdLineExt03.dll

2014-03-25 17:38 - 2012-12-03 19:05 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6DF3B6D9-F082-432F-BF4B-152FA2C45AA8}

2014-03-25 15:58 - 2012-12-03 22:00 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2014-03-25 14:19 - 2013-11-16 12:25 - 00000000 ____D () C:\ProgramData\Skype

2014-03-25 14:18 - 2013-11-16 12:25 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\Skype

2014-03-25 14:09 - 2014-03-25 14:09 - 00001266 _____ () C:\Users\Sternschnuppe\Desktop\Revo Uninstaller.lnk

2014-03-25 14:09 - 2014-03-25 14:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-03-24 19:27 - 2012-12-05 15:24 - 00003234 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSternschnuppe

2014-03-24 19:27 - 2012-12-05 15:24 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForSternschnuppe.job

2014-03-24 18:53 - 2012-05-16 01:05 - 00699416 _____ () C:\Windows\system32\perfh007.dat

2014-03-24 18:53 - 2012-05-16 01:05 - 00149556 _____ () C:\Windows\system32\perfc007.dat

2014-03-24 18:53 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-24 11:17 - 2014-02-10 11:17 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\FileAdvisor

2014-03-24 11:17 - 2014-02-09 11:17 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor

2014-03-23 14:01 - 2014-03-23 14:01 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\Islands5_realore_bigfishgames_de

2014-03-23 13:55 - 2014-03-23 13:55 - 00001159 _____ () C:\Users\Public\Desktop\Island Tribe 5.lnk

2014-03-23 13:55 - 2012-12-04 10:08 - 00000000 ____D () C:\Program Files (x86)\Spiele

2014-03-23 13:49 - 2014-03-23 13:47 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\NPE

2014-03-23 13:48 - 2012-05-16 01:40 - 00000000 ____D () C:\ProgramData\Norton

2014-03-21 10:53 - 2012-12-05 16:13 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\vlc

2014-03-18 12:20 - 2013-08-14 22:44 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-18 12:16 - 2012-12-03 19:11 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-15 14:07 - 2013-12-23 17:06 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Roaming\.minecraft

2014-03-15 14:06 - 2014-03-15 14:06 - 00001331 _____ () C:\Users\Sternschnuppe\Desktop\Minecraft CHEAT EDiTiON by BlackTBK.lnk

2014-03-14 12:45 - 2013-03-13 19:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-14 12:45 - 2013-03-13 19:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-14 12:45 - 2009-07-14 05:45 - 00435280 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-13 20:39 - 2014-01-09 22:18 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-03-12 20:13 - 2012-12-03 19:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-12 20:13 - 2012-12-03 19:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-03-12 20:13 - 2012-05-16 01:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-09 18:13 - 2014-02-02 16:47 - 00000336 _____ () C:\Users\Sternschnuppe\Desktop\KNeuNam.ini

2014-03-05 15:20 - 2012-12-04 10:34 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\CrashDumps

2014-03-05 12:43 - 2013-11-17 12:28 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2014-03-05 09:26 - 2014-03-26 15:17 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-05 09:26 - 2014-03-26 15:17 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-05 09:26 - 2014-03-26 15:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-01 19:17 - 2011-02-11 18:15 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-03-01 14:06 - 2014-03-01 14:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\Program Files\iTunes

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\Program Files\iPod

2014-03-01 14:06 - 2014-03-01 14:06 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-03-01 07:05 - 2014-03-13 15:48 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-01 06:17 - 2014-03-13 15:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-01 06:16 - 2014-03-13 15:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-01 05:58 - 2014-03-13 15:48 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-01 05:52 - 2014-03-13 15:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-01 05:51 - 2014-03-13 15:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-01 05:42 - 2014-03-13 15:48 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-01 05:40 - 2014-03-13 15:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-01 05:37 - 2014-03-13 15:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-01 05:33 - 2014-03-13 15:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-01 05:33 - 2014-03-13 15:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-01 05:32 - 2014-03-13 15:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-01 05:30 - 2014-03-13 15:48 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-01 05:23 - 2014-03-13 15:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-01 05:17 - 2014-03-13 15:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-01 05:11 - 2014-03-13 15:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-01 05:02 - 2014-03-13 15:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-01 04:54 - 2014-03-13 15:48 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-01 04:52 - 2014-03-13 15:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-01 04:51 - 2014-03-13 15:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-01 04:47 - 2014-03-13 15:48 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-01 04:43 - 2014-03-13 15:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-01 04:43 - 2014-03-13 15:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-01 04:42 - 2014-03-13 15:48 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-01 04:40 - 2014-03-13 15:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-01 04:38 - 2014-03-13 15:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-01 04:37 - 2014-03-13 15:48 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-01 04:35 - 2014-03-13 15:48 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-01 04:18 - 2014-03-13 15:48 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-01 04:16 - 2014-03-13 15:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-01 04:14 - 2014-03-13 15:48 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-01 04:10 - 2014-03-13 15:48 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-01 04:03 - 2014-03-13 15:48 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-01 04:00 - 2014-03-13 15:48 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-01 03:57 - 2014-03-13 15:48 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-01 03:38 - 2014-03-13 15:48 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-01 03:32 - 2014-03-13 15:48 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-01 03:27 - 2014-03-13 15:48 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-01 03:25 - 2014-03-13 15:48 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-01 03:25 - 2014-03-13 15:48 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-28 16:43 - 2014-02-26 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-02-26 21:09 - 2014-02-26 19:55 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-02-26 21:09 - 2014-02-14 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-02-26 19:54 - 2014-02-26 19:54 - 21703480 _____ (Mozilla) C:\Users\Sternschnuppe\Downloads\Firefox Setup 22.0.exe

2014-02-26 19:51 - 2012-12-03 19:05 - 00000000 ___RD () C:\Users\Sternschnuppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\AppData\Local\cache

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 ____D () C:\Users\Sternschnuppe\.android

2014-02-26 19:47 - 2014-02-26 19:47 - 00000000 _____ () C:\Users\Sternschnuppe\daemonprocess.txt

2014-02-26 19:47 - 2012-12-03 18:20 - 00000000 ____D () C:\Users\Sternschnuppe
 

Some content of TEMP:

====================

C:\Users\Sternschnuppe\AppData\Local\Temp\Quarantine.exe

C:\Users\Sternschnuppe\AppData\Local\Temp\SIntf16.dll

C:\Users\Sternschnuppe\AppData\Local\Temp\SIntf32.dll

C:\Users\Sternschnuppe\AppData\Local\Temp\SIntfNT.dll

C:\Users\Sternschnuppe\AppData\Local\Temp\swt-win32-3346.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-22 18:29
 

==================== End Of Log ============================

--- --- ---

Die Probleme scheinen behoben. Vielen Dank schon mal für deine Hilfe.

Kontrollscans :)

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)