| |
| |||||||
Log-Analyse und Auswertung: Windows7 Avira/WinzipMalware melden sich mit TR/BProtevtoe.genWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.03.2014, 10:46
| #1 |
 |  Windows7 Avira/WinzipMalware melden sich mit TR/BProtevtoe.gen Hallo liebes Team ,habe seit gestern nachmittag mit o.a. Virus ein grosses Problem.Avira meldet sich mit minütlich mit dem Virus. Habe mir Winzip Malware downgeloaded und nach dem 1. Virusscan kam er auf 100. Habe dann avira ausgeschaltet und den Rechner dann im abgesichertem Modus hochgefahren und noch mal mit Winzip gescannt.Dann waren es nur noch 2. Aber nach normalem Neustart bin ich wieder wie am Anfang.Aviera meldet sich minütlich und läßt sich auch nicht mehr ausschalten. Habe eure Anweisungen durchgelesen,alles runtergeladen,logfiles erstellt und hoffe,ich hab's richtig gemacht und ihr könnt mir weiterhelfen. Kann man auch den Verursacher feststellen ? Was kann ich noch tun und kann ich weiter am PC arbeiten? erstmal malware Code:
ATTFilter Exportierte Ereignisse:
28.03.2014 09:12 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\load
er.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/BProtector.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:17 on 28/03/2014 (Besitzer)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
dann noch mal malware Code:
ATTFilter Nico Mak Computing
WinZip Malware Protector
Datum der Überprüfung Freitag, 28. März 2014
Datenbankversion 1732
Gefundene Elemente insgesamt 2
Überprüfte Objekte: 289092
Abgelaufene Zeit: 00:19:56
Name Gefundene Elemente
Name der Infektion pup.adbundle
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
Gefundener Bereich FileSystem
Details Dateiname c:\users\besitzer\appdata\local\temp\icreinstall_pdfcreatorsetup.exe
MD5 0
Signatur 7489313295720763378
Md5hash: 3d3be8d9b7cc934c45158a67408ae382
Name der Infektion pup.optional
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
Gefundener Bereich FileSystem
Details Dateiname c:\users\besitzer\appdata\local\temp\is357113909\wajam_validate.exe
MD5 0
Signatur 6993739144339551831
Md5hash: 46f5c497f96e733176b010ff0ee56de3
© 2013 WinZip International LLC. All rights reserved.
Code:
ATTFilter Nico Mak Computing
WinZip Malware Protector
Datum der Überprüfung Freitag, 28. März 2014
Datenbankversion 1732
Gefundene Elemente insgesamt 13
Überprüfte Objekte: 370375
Abgelaufene Zeit: 00:39:14
Name Gefundene Elemente
Name der Infektion adware.lollipop
Kategorie Adware
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
Gefundener Bereich FileSystem
Details Dateiname c:\program files (x86)\delta\delta\1.8.24.6\uninstall.exe
MD5 7748294090907875384
Signatur 0
Md5hash: 7d0cacaf87e8a3c7de34dcee498a4f1c
Name der Infektion malware.agent
Kategorie Generic Malware
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 6
Gefundener Bereich FileSystem
Details Dateiname c:\games\iwin.com games\jewel quest mysteries the oracle of ur ce\assets\public\screensavers\screensaver1.scr
MD5 0
Signatur 739312635391478566
Md5hash: 0639b15a83b06a6432ef82645f05346e
Gefundener Bereich FileSystem
Details Dateiname c:\games\iwin.com games\jewel quest mysteries the oracle of ur ce\assets\public\screensavers\screensaver2.scr
MD5 0
Signatur 739312635391478566
Md5hash: 0639b15a83b06a6432ef82645f05346e
Gefundener Bereich FileSystem
Details Dateiname c:\games\iwin.com games\jewel quest mysteries the oracle of ur ce\assets\public\screensavers\screensaver3.scr
MD5 0
Signatur 739312635391478566
Md5hash: 0639b15a83b06a6432ef82645f05346e
Gefundener Bereich FileSystem
Details Dateiname c:\games\iwin.com games\jewel quest mysteries the oracle of ur ce\assets\public\screensavers\screensaver4.scr
MD5 0
Signatur 739312635391478566
Md5hash: 0639b15a83b06a6432ef82645f05346e
Gefundener Bereich FileSystem
Details Dateiname c:\games\iwin.com games\jewel quest mysteries the oracle of ur ce\assets\public\screensavers\screensaver5.scr
MD5 0
Signatur 739312635391478566
Md5hash: 0639b15a83b06a6432ef82645f05346e
Gefundener Bereich FileSystem
Details Dateiname c:\program files (x86)\jewel quest - der saphirdrache\jewelquest6screensaver.scr
MD5 0
Signatur 739312635391478566
Md5hash: 0639b15a83b06a6432ef82645f05346e
Name der Infektion pup.optional
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 3
Gefundener Bereich FileSystem
Details Dateiname c:\program files\popcap games\mystery pi\popuninstall.exe
MD5 0
Signatur 3599656126640927110
Md5hash: b53bc816105a8bce0b0faa288ef672de
Gefundener Bereich FileSystem
Details Dateiname c:\program files (x86)\delta\delta\1.8.24.6\deltaeng.dll
MD5 0
Signatur 9388227442667220930
Md5hash: 23a0125c2f25f37fe6485fdd62d9877a
Gefundener Bereich FileSystem
Details Dateiname c:\program files (x86)\delta\delta\1.8.24.6\deltasrv.exe
MD5 0
Signatur 17071956846505188488
Md5hash: 61ee48261fd29e38253ecfa6ce639327
Name der Infektion malware.gen
Kategorie Generic Malware
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 3
Gefundener Bereich FileSystem
Details Dateiname c:\program files (x86)\aegypten box\uninstal.exe
MD5 0
Signatur 1902896773625662358
Md5hash: f2f6bf7003eb87fafbce34d854bfedcb
Gefundener Bereich FileSystem
Details Dateiname c:\program files (x86)\der fluch des aegyptischen artefakts\uninstal.exe
MD5 0
Signatur 1902896773625662358
Md5hash: 94204845a9bfd8069c21a73fbc411811
Gefundener Bereich FileSystem
Details Dateiname c:\program files (x86)\popcap games\amazing adventures 2\amazingadventures2.exe
MD5 0
Signatur 2056818707839515693
Md5hash: 6bbffb701ab5ccf687484740305bfe89
© 2013 WinZip International LLC. All rights reserved.
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Besitzer (administrator) on CONNYPC on 28-03-2014 09:26:06
Running from C:\Users\Besitzer\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\Besitzer\Desktop\Gmer-19357.exe
() C:\Users\Besitzer\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2010-12-17] (IDT, Inc.)
HKLM\...\Run: [MDX.CloudPin] - "C:\Program Files (x86)\Microsoft Digital Experience\Scripts\PinApps.vbs"
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [MDX.CloudPin] - "C:\Program Files (x86)\Microsoft Digital Experience\Scripts\PinApps.vbs"
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-12] (Easybits)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WinZip Malware Protector_startup] - C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [6390136 2013-03-26] (Nico Mak Computing)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-619880712-574751267-193086799-1001\...\Run: [Spiele Post] - C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium)
HKU\S-1-5-21-619880712-574751267-193086799-1001\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2011-04-22] (TomTom)
HKU\S-1-5-21-619880712-574751267-193086799-1001\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Besitzer\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\S-1-5-21-619880712-574751267-193086799-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-619880712-574751267-193086799-1001\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-619880712-574751267-193086799-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-619880712-574751267-193086799-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-619880712-574751267-193086799-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-619880712-574751267-193086799-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-619880712-574751267-193086799-1001\...\MountPoints2: {a496f38a-dfce-11e0-a586-984be1b1002d} - F:\LaunchU3.exe -a
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] ()
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
GroupPolicyUsers\S-1-5-21-619880712-574751267-193086799-1006\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=3646AC81125A277A&affID=119357&tt=288013_icon&tsp=4988
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=3646AC81125A277A&affID=119357&tt=288013_icon&tsp=4988
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {647809D8-3F44-4F72-A81B-6ED305E9F372} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {647809D8-3F44-4F72-A81B-6ED305E9F372} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3646AC81125A277A&affID=119357&tt=288013_icon&tsp=4988
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3646AC81125A277A&affID=119357&tt=288013_icon&tsp=4988
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {647809D8-3F44-4F72-A81B-6ED305E9F372} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - No Name - {82E1477C-B154-48D3-9891-33D83C26BCD3} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-13] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\za6muobr.default
FF user.js: detected! => C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\za6muobr.default\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF Homepage: hxxp://www.arcor.de/ums/ums_ordner.jsp?ordnername=Posteingang
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\za6muobr.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Lyrics Seeker - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\za6muobr.default\Extensions\133 [2013-09-12]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-09-09]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-09-09]
FF HKCU\...\Firefox\Extensions: [{72273571-743d-427e-a1c1-0538fbc2ddd3}] - C:\Program Files (x86)\LyricsSeeker\133.xpi
FF Extension: Lyrics Seeker - C:\Program Files (x86)\LyricsSeeker\133.xpi [2013-09-12]
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-02-28] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U3 fxldqpog; \??\C:\Users\Besitzer\AppData\Local\Temp\fxldqpog.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 09:21 - 2014-03-28 09:25 - 00055350 _____ () C:\Users\Besitzer\Desktop\Addition.txt
2014-03-28 09:21 - 2014-03-28 09:21 - 00380416 _____ () C:\Users\Besitzer\Desktop\Gmer-19357.exe
2014-03-28 09:20 - 2014-03-28 09:26 - 00022257 _____ () C:\Users\Besitzer\Desktop\FRST.txt
2014-03-28 09:20 - 2014-03-28 09:26 - 00000000 ____D () C:\FRST
2014-03-28 09:19 - 2014-03-28 09:19 - 02157056 _____ (Farbar) C:\Users\Besitzer\Desktop\FRST64.exe
2014-03-28 09:18 - 2014-03-28 09:18 - 01145856 _____ (Farbar) C:\Users\Besitzer\Desktop\FRST.exe
2014-03-28 09:16 - 2014-03-28 09:17 - 00000478 _____ () C:\Users\Besitzer\Desktop\defogger_disable.log
2014-03-28 09:16 - 2014-03-28 09:16 - 00000000 _____ () C:\Users\Besitzer\defogger_reenable
2014-03-28 09:15 - 2014-03-28 09:15 - 00050477 _____ () C:\Users\Besitzer\Desktop\Defogger.exe
2014-03-28 08:56 - 2014-03-28 08:56 - 00274472 _____ () C:\Windows\Minidump\032814-32073-01.dmp
2014-03-28 08:53 - 2014-03-28 09:12 - 00000700 _____ () C:\Users\Besitzer\Desktop\Ereignisse.txt
2014-03-28 08:23 - 2014-03-28 08:23 - 00003063 _____ () C:\Users\Besitzer\Desktop\log.xml
2014-03-28 00:41 - 2014-03-28 00:41 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\{117BFF30-99ED-4EE8-A192-ABDB287B41DB}
2014-03-28 00:38 - 2014-03-28 00:38 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Nico Mak Computing
2014-03-28 00:07 - 2014-03-28 00:07 - 00003720 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector
2014-03-28 00:00 - 2014-03-28 00:00 - 04894544 _____ (WinZip International LLC ) C:\Users\Besitzer\Downloads\wzmalwareprotector_1.exe
2014-03-27 22:52 - 2014-03-28 08:58 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-03-27 22:52 - 2014-03-28 08:23 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-03-27 22:52 - 2014-03-28 00:38 - 00001185 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-03-27 22:52 - 2014-03-28 00:38 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-03-27 22:52 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-03-27 22:51 - 2014-03-27 22:52 - 04892480 _____ (WinZip International LLC ) C:\Users\Besitzer\Downloads\wzmp_8.exe
2014-03-27 13:21 - 2014-03-28 08:56 - 581660838 _____ () C:\Windows\MEMORY.DMP
2014-03-27 13:21 - 2014-03-28 08:56 - 00000000 ____D () C:\Windows\Minidump
2014-03-27 13:21 - 2014-03-27 13:21 - 00274472 _____ () C:\Windows\Minidump\032714-31418-01.dmp
2014-03-21 20:11 - 2014-03-21 20:11 - 00000000 ____D () C:\HP_TOOLS_mountHPSF
2014-03-14 23:18 - 2014-03-14 23:18 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\{E6B09C02-1B09-46F9-9916-330D55CD52D6}
2014-03-11 23:40 - 2014-03-11 23:40 - 00334962 _____ () C:\Users\Besitzer\Downloads\(2) Pearl's Peril auf Facebook.htm
2014-03-11 23:40 - 2014-03-11 23:40 - 00000000 ____D () C:\Users\Besitzer\Downloads\(2) Pearl's Peril auf Facebook-Dateien
==================== One Month Modified Files and Folders =======
2014-03-28 09:26 - 2014-03-28 09:20 - 00022257 _____ () C:\Users\Besitzer\Desktop\FRST.txt
2014-03-28 09:26 - 2014-03-28 09:20 - 00000000 ____D () C:\FRST
2014-03-28 09:26 - 2014-02-11 22:26 - 00000304 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-28 09:26 - 2013-08-29 21:26 - 00000229 _____ () C:\Users\Besitzer\AppData\Roaming\WB.CFG
2014-03-28 09:26 - 2013-08-28 21:26 - 00000298 _____ () C:\Windows\Tasks\DSite.job
2014-03-28 09:25 - 2014-03-28 09:21 - 00055350 _____ () C:\Users\Besitzer\Desktop\Addition.txt
2014-03-28 09:21 - 2014-03-28 09:21 - 00380416 _____ () C:\Users\Besitzer\Desktop\Gmer-19357.exe
2014-03-28 09:19 - 2014-03-28 09:19 - 02157056 _____ (Farbar) C:\Users\Besitzer\Desktop\FRST64.exe
2014-03-28 09:18 - 2014-03-28 09:18 - 01145856 _____ (Farbar) C:\Users\Besitzer\Desktop\FRST.exe
2014-03-28 09:17 - 2014-03-28 09:16 - 00000478 _____ () C:\Users\Besitzer\Desktop\defogger_disable.log
2014-03-28 09:16 - 2014-03-28 09:16 - 00000000 _____ () C:\Users\Besitzer\defogger_reenable
2014-03-28 09:16 - 2011-07-25 11:05 - 00000000 ____D () C:\Users\Besitzer
2014-03-28 09:15 - 2014-03-28 09:15 - 00050477 _____ () C:\Users\Besitzer\Desktop\Defogger.exe
2014-03-28 09:12 - 2014-03-28 08:53 - 00000700 _____ () C:\Users\Besitzer\Desktop\Ereignisse.txt
2014-03-28 09:05 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:05 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 09:02 - 2011-05-01 00:53 - 01602731 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 08:58 - 2014-03-27 22:52 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-03-28 08:58 - 2011-09-09 21:45 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\CrashDumps
2014-03-28 08:57 - 2012-03-30 19:46 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-28 08:56 - 2014-03-28 08:56 - 00274472 _____ () C:\Windows\Minidump\032814-32073-01.dmp
2014-03-28 08:56 - 2014-03-27 13:21 - 581660838 _____ () C:\Windows\MEMORY.DMP
2014-03-28 08:56 - 2014-03-27 13:21 - 00000000 ____D () C:\Windows\Minidump
2014-03-28 08:56 - 2013-09-12 21:00 - 00000394 _____ () C:\Windows\Tasks\Lyrics Seeker Update.job
2014-03-28 08:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 08:56 - 2009-07-14 05:51 - 00179060 _____ () C:\Windows\setupact.log
2014-03-28 08:55 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 08:23 - 2014-03-28 08:23 - 00003063 _____ () C:\Users\Besitzer\Desktop\log.xml
2014-03-28 08:23 - 2014-03-27 22:52 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-03-28 00:41 - 2014-03-28 00:41 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\{117BFF30-99ED-4EE8-A192-ABDB287B41DB}
2014-03-28 00:38 - 2014-03-28 00:38 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Nico Mak Computing
2014-03-28 00:38 - 2014-03-27 22:52 - 00001185 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-03-28 00:38 - 2014-03-27 22:52 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-03-28 00:34 - 2010-11-21 04:47 - 00580408 _____ () C:\Windows\PFRO.log
2014-03-28 00:32 - 2011-09-07 21:03 - 00000000 ____D () C:\Users\Besitzer\Desktop\Wimmelbild
2014-03-28 00:07 - 2014-03-28 00:07 - 00003720 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector
2014-03-28 00:00 - 2014-03-28 00:00 - 04894544 _____ (WinZip International LLC ) C:\Users\Besitzer\Downloads\wzmalwareprotector_1.exe
2014-03-27 22:52 - 2014-03-27 22:51 - 04892480 _____ (WinZip International LLC ) C:\Users\Besitzer\Downloads\wzmp_8.exe
2014-03-27 13:21 - 2014-03-27 13:21 - 00274472 _____ () C:\Windows\Minidump\032714-31418-01.dmp
2014-03-26 22:37 - 2011-09-07 10:52 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\SoftGrid Client
2014-03-26 13:01 - 2013-03-23 23:54 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBesitzer
2014-03-26 13:01 - 2013-03-23 23:54 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForBesitzer.job
2014-03-24 07:32 - 2011-12-24 20:35 - 00000000 ____D () C:\Users\Lisa\AppData\Local\CrashDumps
2014-03-21 20:11 - 2014-03-21 20:11 - 00000000 ____D () C:\HP_TOOLS_mountHPSF
2014-03-21 19:01 - 2011-09-09 21:03 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-17 21:44 - 2011-04-14 01:04 - 00658120 _____ () C:\Windows\system32\perfh007.dat
2014-03-17 21:44 - 2011-04-14 01:04 - 00131202 _____ () C:\Windows\system32\perfc007.dat
2014-03-17 21:44 - 2009-07-14 06:13 - 01508746 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 23:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-14 23:18 - 2014-03-14 23:18 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\{E6B09C02-1B09-46F9-9916-330D55CD52D6}
2014-03-12 23:17 - 2012-08-30 19:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 23:17 - 2011-09-07 15:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 23:15 - 2011-09-07 18:12 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Adobe
2014-03-11 23:40 - 2014-03-11 23:40 - 00334962 _____ () C:\Users\Besitzer\Downloads\(2) Pearl's Peril auf Facebook.htm
2014-03-11 23:40 - 2014-03-11 23:40 - 00000000 ____D () C:\Users\Besitzer\Downloads\(2) Pearl's Peril auf Facebook-Dateien
Some content of TEMP:
====================
C:\Users\Besitzer\AppData\Local\Temp\AskSLib.dll
C:\Users\Besitzer\AppData\Local\Temp\avgnt.exe
C:\Users\Besitzer\AppData\Local\Temp\bfguni.exe
C:\Users\Besitzer\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Besitzer\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Besitzer\AppData\Local\Temp\tmqjb5q9.dll
C:\Users\Besitzer\AppData\Local\Temp\zcenhbks.dll
C:\Users\Lisa\AppData\Local\Temp\APNStub.exe
C:\Users\Lisa\AppData\Local\Temp\AskSLib.dll
C:\Users\Lisa\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-17 13:53
==================== End Of Log ============================
Ich hätte da noch die Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Besitzer at 2014-03-28 09:26:56
Running from C:\Users\Besitzer\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
100 Prozent Wimmelbild (HKLM-x32\...\{149F9A5E-889D-474B-BA15-AFA0E614E5EA}_is1) (Version: - cerasus.media GmbH)
1001 Nacht - Die Abenteuer von Sindbad (HKLM-x32\...\1001 Nacht - Die Abenteuer von Sindbad) (Version: - )
20.000 Meilen unter dem Meer (HKLM-x32\...\{6692A6CC-6EDA-40C3-8F57-1E8ECD5AE2E0}) (Version: 1.00.0000 - Purplehills)
3 Days - Amulet Secret (HKLM-x32\...\3 Days - Amulet Secret_is1) (Version: - Realore Studios)
3*3 Match (HKCU\...\3*3 Match) (Version: - )
5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Abenteuer Hawaii - Pearl Harbor (HKLM-x32\...\Abenteuer Hawaii - Pearl Harbor) (Version: - )
Abenteuer Hawaii 2 - Die Verborgene Insel (HKLM-x32\...\Abenteuer Hawaii 2 - Die Verborgene Insel) (Version: - )
Abenteuer von Luxor (HKLM-x32\...\Abenteuer von Luxor) (Version: 1.1.0.0 - MumboJumbo)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Aegypten Box (HKLM-x32\...\Aegypten Box) (Version: - )
Affair Bureau (HKLM-x32\...\Affair Bureau) (Version: 1.0.0.0 - INTENIUM GmbH)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Agatha Christie Death on the Nile (HKLM-x32\...\{4C33389D-0F65-40A3-B76C-897502500C4B}) (Version: 1.0.0 - JoWood)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Akademie der Magie 2 (HKLM-x32\...\Akademie der Magie 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Alabama Smith (HKLM-x32\...\Alabama Smith) (Version: - )
Alabama Smith 2 (HKLM-x32\...\Alabama Smith 2) (Version: - )
Aladins Wunderlampe (HKLM-x32\...\Aladins Wunderlampe_is1) (Version: - )
Alamandi (HKLM-x32\...\Alamandi) (Version: 1.0.0.0 - INTENIUM GmbH)
Amazing Adventures Around the World (HKLM-x32\...\Amazing Adventures Around the World) (Version: - PopCap Games)
AMD Fuel (Version: 2011.0228.1151.21177 - Ihr Firmenname) Hidden
Ancient Mysteries (HKLM-x32\...\Ancient Mysteries_is1) (Version: - astragon Software GmbH)
Ancient Quest of Saqqarah (HKLM-x32\...\Ancient Quest of Saqqarah/DE-German_is1) (Version: - City Interactive)
Animal Agents (HKLM-x32\...\{7B5A952B-3150-4037-BE90-D94DFB717713}_is1) (Version: - cerasus.media GmbH)
Ankh_hog (HKLM-x32\...\Ankh_hog) (Version: - )
Annies Millions (HKLM-x32\...\Annies Millions) (Version: 1.0.0.0 - INTENIUM GmbH)
Antique Road Trip U.S.A. (HKLM-x32\...\Antique Road Trip U.S.A.) (Version: 1.0.0.0 - INTENIUM GmbH)
Ashley Jones – Reise Ins Alte Ägypten (HKLM-x32\...\Ashley Jones – Reise Ins Alte Ägypten) (Version: - )
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
AtlantisQuest (HKLM-x32\...\{1D619FC4-4F88-406C-9E78-B948BFC998FA}) (Version: 1.00.0000 - Ihr Firmenname)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Aztec Adventures (HKLM-x32\...\Aztec Adventures/DE-German_is1) (Version: - City Interactive)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version: - )
Big City Mystery (HKLM-x32\...\{9918955A-AA7E-4C18-AB5D-B949A1314347}_is1) (Version: - cerasus.media GmbH)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - )
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== ATTENTION
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 3 (HKLM-x32\...\Build-a-lot 3) (Version: - )
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0228.1151.21177 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0228.1151.21177 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0228.1151.21177 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help English (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help French (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help German (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0228.1151.21177 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2011.0228.1151.21177 - ATI) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)
Christmasville (HKLM-x32\...\{D178746E-0919-424E-88A7-81A0E46FF03E}) (Version: 1.00.0000 - Purplehills)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
City Style (HKLM-x32\...\City Style) (Version: - )
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Cradle of Egypt (HKLM-x32\...\{2C02C8E3-CF3B-44BE-98C8-12A16EAF2713}_is1) (Version: - cerasus.media GmbH)
Cradle of Rome 2 (HKLM-x32\...\{E60E8119-F64A-436B-8449-4FF87FC97350}_is1) (Version: - cerasus.media GmbH)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Curse of the Pharaoh: Die Tränen der Sachmet (HKLM-x32\...\BFG-Curse of the Pharaoh - Die Traenen der Sachmet) (Version: - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.3922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Tales: Der Goldkafer von Edgar Allan Poe (HKLM-x32\...\BFG-Dark Tales - Der Goldkafer von Edgar Allan Poe) (Version: - )
Das Geheimnis des Pharaos (HKLM-x32\...\Das Geheimnis des Pharaos) (Version: - )
Das geheimnisvolle Tagebuch (HKLM-x32\...\Das geheimnisvolle Tagebuch) (Version: - )
Das rätselhafte Kristall-Portal (HKLM-x32\...\Das rätselhafte Kristall-Portal) (Version: - )
Das Schicksal der Marie Antoinette (HKLM-x32\...\Das Schicksal der Marie Antoinette) (Version: - )
Das Vermächtnis: Die Legende des Heiligen Schatzes (HKLM-x32\...\Chronicles of Mystery 3/DE-German_is1) (Version: - City Interactive)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{28857979-5507-4C10-A922-FF709A19D38C}) (Version: - Microsoft)
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
Delta toolbar (HKLM-x32\...\delta) (Version: 1.8.24.6 - Delta) <==== ATTENTION
Der Fluch des Aegyptischen Artefakts (HKLM-x32\...\Der Fluch des Aegyptischen Artefakts) (Version: - )
Der Graf von Monte Christo (HKLM-x32\...\Der Graf von Monte Christo) (Version: 1.0.0.0 - INTENIUM GmbH)
Der Stein der Weisen (HKLM-x32\...\Der Stein der Weisen) (Version: - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
DEUTSCHLAND SPIELT Spiele Post (HKLM-x32\...\DEUTSCHLAND SPIELT Spiele Post) (Version: 1.0.2.4 - INTENIUM GmbH)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Die 4 Elemente (HKLM-x32\...\Die 4 Elemente) (Version: - )
Die Abenteuer-Reise (HKLM-x32\...\Die Abenteuer-Reise) (Version: 1.0.0.0 - INTENIUM GmbH)
Die Jade-Münze (HKLM-x32\...\Die Jade-Münze) (Version: 1.0.0.0 - INTENIUM GmbH)
Die Kunst des Mordens: Der Marionettenspieler (HKLM-x32\...\Art of Murder 2/DE-German_is1) (Version: - City Interactive)
Die Legende von Pocahontas (HKLM-x32\...\{3BFA752E-2E76-4964-BDA3-94B486A18223}_is1) (Version: - cerasus.media GmbH)
Die Sage von Kolossus (HKLM-x32\...\Die Sage von Kolossus) (Version: - )
Die Schatzsucher: Visionen des Goldes ™ (HKLM-x32\...\BFG-Die Schatzsucher - Visionen des Goldes) (Version: - )
Die Schlange der Isis ™ (HKLM-x32\...\BFG-Die Schlange der Isis) (Version: - )
Die Wiege Olympias 2 (HKLM-x32\...\Die Wiege Olympias 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
Eldorado (HKLM-x32\...\{6540D6AD-4218-444D-84EC-E6C85F35EE31}) (Version: 1.00.0000 - Purplehills)
Emily Archer und der Fluch des Tutanchamun (HKLM-x32\...\{D09BA721-DF68-4149-883C-F2AE7A808962}_is1) (Version: - rondomedia Marketing & Vertriebs GmbH)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape from Lost Island (HKLM-x32\...\Escape from Lost Island) (Version: 1.0.0.0 - INTENIUM GmbH)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Fallen Shadows - Schatten der Kindheit (HKLM-x32\...\{AE2893E9-145A-41AC-85C6-ED046B13572E}) (Version: 1.0.0 - Happy Muffin Top)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Fiona Finch (HKLM-x32\...\Fiona Finch) (Version: 1.0.0.0 - INTENIUM GmbH)
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Frankenstein (HKLM-x32\...\{610B773E-3183-43D5-B01D-862EFF276B81}) (Version: 1.00.0000 - Ihr Firmenname)
freundin - Big City Mystery (HKLM-x32\...\{1F9A14A2-BC64-40D2-9241-4470345298C7}_is1) (Version: - cerasus.media GmbH)
freundin - Goldenes Prag (HKLM-x32\...\{9E8AA698-979E-4694-A2C3-10591194328A}_is1) (Version: - cerasus.media GmbH)
freundin - Romance of Rome (HKLM-x32\...\{5E70B619-B3D0-4B50-B57E-5CEBE0201248}_is1) (Version: - cerasus.media GmbH)
freundin - The Lost Inca Prophecy (HKLM-x32\...\{BE0DFE33-C23B-4111-A63D-ED0994DF3B2C}_is1) (Version: - cerasus.media GmbH)
Garten-Glück (HKLM-x32\...\Garten-Glück) (Version: 1.0.0.0 - INTENIUM GmbH)
Geheime Fälle: Die gestohlene Venus (HKLM-x32\...\Geheime Fälle: Die gestohlene Venus) (Version: - )
Geheime Fälle: Die gestohlene Venus 2 (HKLM-x32\...\Geheime Fälle: Die gestohlene Venus 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Geheime Fälle: Vermisst in Rom (HKLM-x32\...\Geheime Fälle: Vermisst in Rom) (Version: 1.0.0.0 - INTENIUM GmbH)
Geheimnis von Montezuma 2 (HKLM-x32\...\Geheimnis von Montezuma 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Green Moon (HKLM-x32\...\Green Moon_is1) (Version: - )
Haunting Mysteries (HKLM-x32\...\{9613E073-00BB-4244-AC06-BAC3DAF7B197}) (Version: 1.00.0000 - PurpleHills)
Heroes of Hellas 2 (HKLM-x32\...\{6E67E70D-606A-4EB0-8094-EFF064431435}) (Version: 1.00.0000 - Purplehills)
Herr des Wetters (HKLM-x32\...\Herr des Wetters) (Version: 1.0.0.0 - INTENIUM GmbH)
Hidden Expedition: Amazon ™ (HKLM-x32\...\BFG-Hidden Expedition Amazon) (Version: - )
Hidden Magic (HKLM-x32\...\Hidden Magic) (Version: 1.0.0.0 - INTENIUM GmbH)
Hidden Object Crosswords (HKLM-x32\...\Hidden Object Crosswords) (Version: 1.0.0.0 - INTENIUM GmbH)
Hide And Secret 3 (HKLM-x32\...\Hide And Secret 3) (Version: 1.0.0.0 - INTENIUM GmbH)
Holly - Ein Weihnachtsmärchen (HKLM-x32\...\{8F08E12A-363F-4F69-8BC8-0E0EA502A6ED}) (Version: 1.00.0000 - Purplehills)
Holly im Wunderland (HKLM-x32\...\Holly im Wunderland) (Version: - )
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Software Framework (HKLM-x32\...\{CE4551E8-8D09-4126-A39B-B7DF82C5EB83}) (Version: 4.0.110.1 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6319.0 - IDT)
Insaniquarium Deluxe (HKLM-x32\...\Insaniquarium Deluxe) (Version: - )
Insel der Feen - Fairy Island (HKLM-x32\...\Insel der Feen - Fairy Island) (Version: 1.0.0.0 - INTENIUM GmbH)
Jane Lucky (HKLM-x32\...\Jane Lucky) (Version: 1.0.0.0 - INTENIUM GmbH)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Jewel Mystery: Die Villa (HKLM-x32\...\Jewel Mystery: Die Villa) (Version: 1.0.0.0 - INTENIUM GmbH)
Jewel Quest Mysteries 2: Trail of the Midnight Heart (nur deinstallation) (HKLM-x32\...\Jewel Quest Mysteries 2: Trail of the Midnight Heart) (Version: - )
Jewel Quest Mysteries Curse Of The Emerald Tear (nur deinstallation) (HKLM-x32\...\Jewel Quest Mysteries Curse Of The Emerald Tear) (Version: - )
Jewel Quest Mysteries: The Oracle of Ur CE (HKLM-x32\...\Jewel Quest Mysteries: The Oracle of Ur CE) (Version: 3.32.0.0 - iWin.com)
Jewel Quest Mysteries: The Seventh Gate (HKLM-x32\...\BFG-Jewel Quest Mysteries - The Seventh Gate) (Version: - )
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest: Der Saphirdrache (HKLM-x32\...\BFG-Jewel Quest - Der Saphirdrache) (Version: - )
Jewels of Atlantis (HKLM-x32\...\Jewels of Atlantis/DE-German_is1) (Version: - City Interactive)
Jules Vernes: Das Abenteuer Jangada (HKLM-x32\...\Jules Vernes: Das Abenteuer Jangada) (Version: 1.0.0.0 - INTENIUM GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kochprofi (HKLM-x32\...\Kochprofi) (Version: 1.0.0.0 - INTENIUM GmbH)
Kuros (HKLM-x32\...\Kuros) (Version: 1.0.0.0 - INTENIUM GmbH)
Laura Jones 2 (HKLM-x32\...\Laura Jones 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Legends of the Wild West: Golden Hill (HKLM-x32\...\Legends of the Wild West/DE-German_is1) (Version: - City Interactive)
Lost Realms: Der Fluch von Babylon (HKLM-x32\...\BFG-Lost Realms - Der Fluch von Babylon) (Version: - )
Lost Secrets - Bermuda Dreieck (HKLM-x32\...\Lost Secrets - Bermuda Dreieck) (Version: 1.0 - Astragon)
Lyrics Seeker (HKLM-x32\...\{dea87efb-043e-4206-8b34-616fb4677a57}) (Version: - Lyris Seeker Addon) <==== ATTENTION
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Magic Encyclopedia (HKLM-x32\...\Magic Encyclopedia) (Version: - )
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjong Escape – Ancient China (HKLM-x32\...\Mahjong Escape – Ancient China) (Version: - )
Mahjongg Artifacts 2 (HKLM-x32\...\Mahjongg Artifacts 2) (Version: - )
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Master Wu (HKLM-x32\...\Master Wu) (Version: - )
Maya - Fight for Jewels (HKLM-x32\...\Maya - Fight for Jewels_is1) (Version: - Contendo Media GmbH)
Meine kleine Farm 2 (HKLM-x32\...\Meine kleine Farm 2) (Version: - )
Meine kleine Farm 3 (HKLM-x32\...\Meine kleine Farm 3) (Version: 1.0.0.0 - INTENIUM GmbH)
Meine kleine Farm 3: Ice Age (HKLM-x32\...\Meine kleine Farm 3: Ice Age) (Version: 1.0.0.0 - INTENIUM GmbH)
Meine kleine Farm 3: Russisches Roulette (HKLM-x32\...\Meine kleine Farm 3: Russisches Roulette) (Version: 1.0.0.0 - INTENIUM GmbH)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Mysterious City: Cairo (nur deinstallation) (HKLM-x32\...\Mysterious City: Cairo) (Version: - )
Mystery Case Files®: Dire Grove™ (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove) (Version: - )
Mystery Case Files: 13th Skull (HKLM-x32\...\BFG-Mystery Case Files - 13th Skull) (Version: - )
Mystery Case Files: Huntsville ™ (HKLM-x32\...\BFG-Mystery Case Files - Huntsville) (Version: - )
Mystery Case Files: Madame Fate ® (HKLM-x32\...\BFG-Mystery Case Files - Madame Fate) (Version: - )
Mystery Case Files: Prime Suspects ™ (HKLM-x32\...\BFG-Mystery Case Files - Prime Suspects) (Version: - )
Mystery of Montezuma (HKLM-x32\...\Mystery of Montezuma/DE-German_is1) (Version: - City Interactive)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mystery P.I. - The Lottery Ticket 1.0.0.5 (HKLM-x32\...\Mystery P.I. - The Lottery Ticket 1.0.0.5) (Version: - )
Mystery P.I. – The Vegas Heist (HKLM-x32\...\Mystery P.I. – The Vegas Heist) (Version: - )
Mystery Tales - Insel der Träume (HKLM-x32\...\{2C0AC9A4-3FA8-4B71-848E-9BB9D492BC2E}_is1) (Version: - cerasus.media GmbH)
Mystery Tales - Insel der Träume (HKLM-x32\...\{F6856F9B-881C-4BAF-8602-1E2DBA0EA8A7}_is1) (Version: - cerasus.media GmbH)
Mysteryville 2 (HKLM-x32\...\{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}) (Version: 1.00.0000 - Mysteryville 2)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Natalie Brooks (HKLM-x32\...\Natalie Brooks) (Version: - )
Natalie Brooks 2 (HKLM-x32\...\Natalie Brooks 2) (Version: - )
Natalie Brooks 3 (HKLM-x32\...\Natalie Brooks 3) (Version: 1.0.0.0 - INTENIUM GmbH)
National Geographic: Herod's Lost Tomb (HKLM-x32\...\National Geographic - Herod's Lost Tomb/DE-German_is1) (Version: - City Interactive)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nightfall Mysteries - Die Ashburg Verschwörung (HKLM-x32\...\Nightfall Mysteries - Die Ashburg Verschwörung_is1) (Version: - rondomedia)
Nightmares from the Deep (HKLM-x32\...\Nightmares from the Deep_is1) (Version: - rondomedia Marketing & Vertriebs GmbH)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Odyssee ins Ungewisse (HKLM-x32\...\Odyssee ins Ungewisse) (Version: 1.0.0.0 - INTENIUM GmbH)
Open It! (HKLM-x32\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PirateVille (HKLM-x32\...\PirateVille) (Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Profiler (HKLM-x32\...\{164B5A9F-D9BD-4EC3-880E-61A4E6935EEB}) (Version: 1.00.0000 - Purplehills)
Real Crimes - Jack The Ripper (HKLM-x32\...\Real Crimes - Jack The Ripper) (Version: 1.00 - phenomedia publishing gmbh)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.10.0416 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Redemption Cemetery: Der Fluch des Raben (HKLM-x32\...\BFG-Redemption Cemetery - Der Fluch des Raben) (Version: - )
Ritter Arthur (HKLM-x32\...\Ritter Arthur) (Version: - )
Robinson Crusoe (HKLM-x32\...\{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1) (Version: - cerasus.media GmbH)
Romance of Rome (HKLM-x32\...\{02CF7793-9F94-45E9-BB0F-E0E5FAB463E6}_is1) (Version: - cerasus.media GmbH)
Samantha Swift and the Fountains of Fate (HKLM-x32\...\Samantha Swift and the Fountains of Fate) (Version: 1.1.0.0 - MumboJumbo)
Samantha Swift and the Golden Touch (HKLM-x32\...\Samantha Swift and the Golden Touch) (Version: 1.1.0.0 - MumboJumbo)
Samantha Swift and the Hidden Roses of Athena (HKLM-x32\...\Samantha Swift and the Hidden Roses of Athena) (Version: 1.1.0.0 - MumboJumbo)
Samantha Swift and the Mystery from Atlantis (HKLM-x32\...\Samantha Swift and the Mystery from Atlantis) (Version: 1.1.0.0 - MumboJumbo)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Schatz der Azteken (HKLM-x32\...\Schatz der Azteken) (Version: - )
Secrets of Vatican (HKLM-x32\...\{66B76A83-4B3A-4218-82A4-862E26B745CA}) (Version: 1.00.0000 - Purplehills)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Snark Busters - Willkommen im Club (HKLM-x32\...\Snark Busters - Willkommen im Club) (Version: - )
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.10.201308300830 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
Spannende Abenteuer Die verschollene Grabkammer (HKLM-x32\...\Spannende Abenteuer Die verschollene Grabkammer) (Version: - )
Sprill && Ritchie (HKLM-x32\...\Sprill && Ritchie) (Version: - )
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
StoneLoops of Jurassica (HKLM-x32\...\StoneLoops of Jurassica/DE-German_is1) (Version: - City Interactive)
Strike Ball 3 (HKLM-x32\...\Strike Ball 3) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
Tatort Museum (HKLM-x32\...\Tatort Museum) (Version: 1.0.0.0 - INTENIUM GmbH)
Tatort Museum 2 (HKLM-x32\...\Tatort Museum 2) (Version: 1.0.0.0 - INTENIUM GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
The Magicians Handbook 2 (HKLM-x32\...\{85225E9A-0292-4CF4-93AC-05C2559D4A6D}) (Version: 1.00.0000 - Purplehills)
The Mystery of Meane Manor (HKLM-x32\...\The Mystery of Meane Manor) (Version: 1.1.0.0 - MumboJumbo)
Time Machine (HKLM-x32\...\{9F9D845C-A5F0-423B-9820-240771C7645D}) (Version: 1.00.0000 - Purplehills)
TomTom HOME 2.8.2.2264 (HKLM-x32\...\TomTom HOME) (Version: 2.8.2.2264 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Treasure Island (HKLM-x32\...\{68EB8188-55D4-4BFA-9F37-F8167B095B17}) (Version: 1.00.0000 - Purplehills)
Treasure Masters, Inc. (HKLM-x32\...\Treasure Masters, Inc.) (Version: - )
Treasures Of Mystery Island (HKLM-x32\...\Treasures Of Mystery Island) (Version: - )
Tropical Lost Island (HKLM-x32\...\Tropical Lost Island/DE-German_is1) (Version: - City Interactive)
Um die Welt in 80 Tagen - Wimmelbild (HKLM-x32\...\{4DE19B10-BF0A-40E4-85D7-C5CE09D83D92}) (Version: 1.00.0000 - Purplehills)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Unsolved Mystery Club - Amelia Earhart (HKLM-x32\...\Unsolved Mystery Club - Amelia Earhart) (Version: - )
Update for Microsoft Office 2010 (KB2202188) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{86B7A074-265D-420C-9E1E-7A920EF0ECA7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{556146F7-74AE-4E0A-B64F-5B8B93469F61}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B5516874-E926-4BFD-B412-D0E70112F244}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D6CE7280-6EE3-419A-8F47-DB111C040B1B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2523113) (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2523113) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2493983) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{309EEC22-83CE-4109-B019-BA9392FAA322}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector (KB2583935) (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{EDED840F-DD92-47ED-A2E4-63F6AC745B92}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector (KB2583935) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EDF9874C-9E37-4110-9FC3-094247E114DF}) (Version: - Microsoft)
Update for Zip Opener (HKCU\...\DSite) (Version: - ) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Walsingham‘s Manor - Verlies der Seelen (HKLM-x32\...\Walsingham‘s Manor - Verlies der Seelen_is1) (Version: - rondomedia Marketing & Vertriebs GmbH)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10740 - WinZip International LLC)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
World of Wimmelbild 2 (HKLM-x32\...\World of Wimmelbild 2) (Version: - )
Youda Legend (HKLM-x32\...\Youda Legend) (Version: - )
Youda Legend Der goldene Paradiesvogel (HKLM-x32\...\Youda Legend Der goldene Paradiesvogel) (Version: - )
Zip Opener Packages (HKCU\...\Zip Opener Packages) (Version: - ) <==== ATTENTION
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
22-11-2012 19:14:01 Geplanter Prüfpunkt
03-12-2012 17:06:59 Geplanter Prüfpunkt
18-12-2012 22:07:31 Geplanter Prüfpunkt
28-12-2012 08:41:52 Geplanter Prüfpunkt
14-01-2013 20:30:48 Geplanter Prüfpunkt
11-02-2013 13:06:09 Installed Java 7 Update 13
27-02-2013 18:59:48 Geplanter Prüfpunkt
07-03-2013 17:22:40 Installed Java 7 Update 17
24-03-2013 22:30:15 Geplanter Prüfpunkt
12-05-2013 19:30:41 Geplanter Prüfpunkt
10-06-2013 22:27:15 Geplanter Prüfpunkt
20-06-2013 20:18:43 Geplanter Prüfpunkt
03-07-2013 20:35:10 Installed Java 7 Update 25
14-07-2013 18:42:27 Windows Update
07-08-2013 20:58:01 Geplanter Prüfpunkt
13-08-2013 21:01:19 Installiert REALTEK PCIE Wireless LAN Driver
25-08-2013 17:45:17 Geplanter Prüfpunkt
07-09-2013 20:20:17 Installiert REALTEK PCIE Wireless LAN Driver
15-09-2013 09:48:53 Sony PC Companion
15-09-2013 09:57:23 Sony PC Companion
15-09-2013 10:00:53 Uninstalled Sony Ericsson Drivers
15-09-2013 10:01:26 Installed Sony Ericsson Drivers
20-09-2013 08:06:18 Installed Samsung Kies
06-10-2013 19:20:11 DirectX wurde installiert
06-10-2013 20:04:46 Haunting Mysteries wurde installiert.
17-11-2013 21:24:56 Geplanter Prüfpunkt
05-12-2013 22:47:11 Geplanter Prüfpunkt
15-12-2013 20:12:02 Geplanter Prüfpunkt
18-12-2013 20:49:58 DirectX wurde installiert
26-12-2013 13:38:26 Installed Java 7 Update 45
19-01-2014 14:00:11 Geplanter Prüfpunkt
22-01-2014 13:41:01 Sony PC Companion
31-01-2014 08:30:26 Installed Java 7 Update 51
07-02-2014 15:19:13 Sony PC Companion
24-02-2014 17:17:11 Sony PC Companion
17-03-2014 13:00:43 Geplanter Prüfpunkt
27-03-2014 23:06:06 WinZip Malware Protector
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0179FA9F-05A8-4799-A238-D16C528A3315} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-03-26] (Nico Mak Computing)
Task: {12C54320-026B-4E61-B504-0E96FC00E05B} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-05-04] () <==== ATTENTION
Task: {2028D30E-633D-410D-830D-981298550799} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {262902C5-9376-4E7F-BC8A-D0BC75CB83D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {33078020-8F6E-4D32-9436-737053F96DCE} - System32\Tasks\HPCeeScheduleForBesitzer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {37CB5728-2BEC-453C-B7FF-D37DAC817765} - System32\Tasks\Digital Sites => C:\Users\Besitzer\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {5B13AA26-741E-4D6C-A585-23ECF5DB0BA5} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {5B20CC1D-E3D5-47E0-9312-457D594BCC0D} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {5ECC2806-A0FD-4E5A-96F5-0B9D3353E436} - System32\Tasks\Lyrics Seeker Update => C:\Program Files (x86)\LyricsSeeker\Lupdate.exe <==== ATTENTION
Task: {6461CFE0-9ABD-441B-AEBA-9D242E5F39B7} - System32\Tasks\WinZip Malware Protector => C:\Program Files (x86)\WinZip Malware Protector\AppManager.exe [2013-03-26] (Nico Mak Computing)
Task: {6722B961-5E5A-4BE6-80DB-D39902A54C6D} - System32\Tasks\EPUpdater => C:\Users\Besitzer\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () <==== ATTENTION
Task: {7A06B9E5-76A1-4208-BB0A-14DD979239FE} - System32\Tasks\DSite => C:\Users\Besitzer\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {977DB76C-E699-44C3-A351-4C9E0DDD0314} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {99607DA1-AB39-474C-BD4A-AEB4B72E42A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {EC16804A-65EF-42BB-A6B7-E958C29679F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-03-12] (Microsoft)
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Besitzer\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Besitzer\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\HPCeeScheduleForBesitzer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Lyrics Seeker Update.job => C:\Program Files (x86)\LyricsSeeker\Lupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{0907793A-4E41-4A92-B5ED-210692D155D0}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2013-11-21 23:19 - 2013-11-18 15:32 - 01958880 ____N () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll
2011-02-28 11:01 - 2011-02-28 11:01 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2011-02-28 11:01 - 2011-02-28 11:01 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-06-24 01:21 - 2010-06-24 01:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-03-28 09:21 - 2014-03-28 09:21 - 00380416 _____ () C:\Users\Besitzer\Desktop\Gmer-19357.exe
2013-04-12 15:10 - 2013-04-12 15:10 - 00111104 _____ () C:\Users\Besitzer\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
2013-11-05 22:23 - 2013-11-05 22:21 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-27 22:52 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2014-03-27 22:52 - 2013-03-26 12:16 - 01718648 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2013-12-26 14:35 - 2014-02-15 22:38 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 23:17 - 2014-03-12 23:17 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2010-06-24 01:19 - 2010-06-24 01:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:09629F6E
AlternateDataStreams: C:\ProgramData\Temp:0AC32449
AlternateDataStreams: C:\ProgramData\Temp:2495D97A
AlternateDataStreams: C:\ProgramData\Temp:2B1EA607
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:3E06C78F
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA
AlternateDataStreams: C:\ProgramData\Temp:4CA05B44
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9
AlternateDataStreams: C:\ProgramData\Temp:6FB48139
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
AlternateDataStreams: C:\ProgramData\Temp:9BAC4211
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A
AlternateDataStreams: C:\ProgramData\Temp:B88DC997
AlternateDataStreams: C:\ProgramData\Temp:D31BE97C
AlternateDataStreams: C:\ProgramData\Temp:D48500F8
AlternateDataStreams: C:\ProgramData\Temp:F13867C6
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/28/2014 09:00:40 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
Error: (03/28/2014 08:59:52 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
Error: (03/28/2014 08:59:28 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
Error: (03/28/2014 08:57:41 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a1c7
Name des fehlerhaften Moduls: mshtml.dll, Version: 0.0.0.0, Zeitstempel: 0x4e5f1784
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000002f0f6b
ID des fehlerhaften Prozesses: 0x101c
Startzeit der fehlerhaften Anwendung: 0xsidebar.exe0
Pfad der fehlerhaften Anwendung: sidebar.exe1
Pfad des fehlerhaften Moduls: sidebar.exe2
Berichtskennung: sidebar.exe3
Error: (03/28/2014 08:57:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 08:35:25 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
Error: (03/28/2014 08:33:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 08:33:35 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a1c7
Name des fehlerhaften Moduls: mshtml.dll, Version: 0.0.0.0, Zeitstempel: 0x4e5f1784
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000002f0f6b
ID des fehlerhaften Prozesses: 0x12dc
Startzeit der fehlerhaften Anwendung: 0xsidebar.exe0
Pfad der fehlerhaften Anwendung: sidebar.exe1
Pfad des fehlerhaften Moduls: sidebar.exe2
Berichtskennung: sidebar.exe3
Error: (03/28/2014 07:59:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 00:51:12 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC
System errors:
=============
Error: (03/28/2014 08:57:32 AM) (Source: ipnathlp) (User: )
Description: 0
Error: (03/28/2014 08:56:31 AM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa80067eeb30, 0xfffffa80067eee10, 0xfffff80003b8b8b0)C:\Windows\MEMORY.DMP032814-32073-01
Error: (03/28/2014 08:56:29 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 28.03.2014 um 08:54:05 unerwartet heruntergefahren.
Error: (03/28/2014 08:29:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/28/2014 08:29:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/28/2014 08:29:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/28/2014 08:28:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/28/2014 08:28:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/28/2014 08:28:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/28/2014 08:27:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (03/28/2014 09:00:40 AM) (Source: ATIeRecord)(User: )
Description:
Error: (03/28/2014 08:59:52 AM) (Source: ATIeRecord)(User: )
Description:
Error: (03/28/2014 08:59:28 AM) (Source: ATIeRecord)(User: )
Description:
Error: (03/28/2014 08:57:41 AM) (Source: Application Error)(User: )
Description: sidebar.exe6.1.7601.175144ce7a1c7mshtml.dll0.0.0.04e5f1784c000000500000000002f0f6b101c01cf4a5b5a5806fcC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\mshtml.dlla2dea750-b64e-11e3-9e2b-984be1b1002d
Error: (03/28/2014 08:57:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 08:35:25 AM) (Source: ATIeRecord)(User: )
Description:
Error: (03/28/2014 08:33:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 08:33:35 AM) (Source: Application Error)(User: )
Description: sidebar.exe6.1.7601.175144ce7a1c7mshtml.dll0.0.0.04e5f1784c000000500000000002f0f6b12dc01cf4a5801a3cf34C:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\mshtml.dll43e841db-b64b-11e3-995a-984be1b1002d
Error: (03/28/2014 07:59:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 00:51:12 AM) (Source: ATIeRecord)(User: )
Description:
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 5882.9 MB
Available physical RAM: 3098.08 MB
Total Pagefile: 11764 MB
Available Pagefile: 8629.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:684.19 GB) (Free:343.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.16 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: B58C26AE)
Partition: GPT Partition Type.
==================== End Of Log ============================
und da ist noch GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-28 10:11:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005e WDC_WD75 rev.01.0 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Besitzer\AppData\Local\Temp\fxldqpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763e1465 2 bytes [3E, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763e14bb 2 bytes [3E, 76]
.text ... * 2
? C:\Windows\system32\iertutil.dll [2412] entry point in ".rdata" section 0000000074e14791
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763e1465 2 bytes [3E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763e14bb 2 bytes [3E, 76]
.text ... * 2
.text C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763e1465 2 bytes [3E, 76]
.text C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763e14bb 2 bytes [3E, 76]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763e1465 2 bytes [3E, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763e14bb 2 bytes [3E, 76]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4204] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007713000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4204] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000771bf7ea 5 bytes JMP 0000000177178e79
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763e1465 2 bytes [3E, 76]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763e14bb 2 bytes [3E, 76]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763e1465 2 bytes [3E, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763e14bb 2 bytes [3E, 76]
.text ... * 2
.text C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763e1465 2 bytes [3E, 76]
.text C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763e14bb 2 bytes [3E, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [588](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [652](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [676](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [808](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [892](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\atiesrxx.exe [952](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [992](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [128](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [456](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [644](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\IDT\WDM\STacSV64.exe [612](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1284](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\atieclxx.exe [1352](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1392](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1572](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\taskeng.exe [1584](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1668](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [1816](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [1996](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1420](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1948](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2380](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2540](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2564](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe [2924](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [3220](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\Dwm.exe [3280](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\taskeng.exe [3288](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3328](2013-11-21 22:19:01) 000007fefd1a0000
Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\wbem\wmiprvse.exe [3532](2013-11-21 22:19:01 000007fefd1a0000
---- EOF - GMER 2.1 ----
Puuuhh ,warte dann auf das Resultat  |
| Themen zu Windows7 Avira/WinzipMalware melden sich mit TR/BProtevtoe.gen |
| .com, administrator, adobe, antivir, besitzer, bingbar, branding, device driver, download, explorer, firefox, homepage, icreinstall, iexplore.exe, install.exe, launch, malware, minidump, monte, mozilla, neustart, newtab, ntdll.dll, officejet, programm, realtek, rundll, secrets, software, tr/bprotector.gen, tr/bprotevtoe.gen, trojan, virus, wildtangent games, win32/adware.addlyrics.t, winlogon.exe |
Baum-Darstellung