![]() |
|
Plagegeister aller Art und deren Bekämpfung: GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? Guten abend alle zusammen. Also mein PC ist mit einem Trojaner befallen der auch GUV-oder Gema Trojaner genannt wird oder auch unter Ransomware bekannt! Ich möchte alle darauf hinweisen die diesen Beitrag lesen das die Polizei dazu auffordert Anzeige zu erstatten, da bei diesem Trojaner eine Erpressung vorliegt! (Auch nachzulesen beim "Bundesamt für Sicherheit in der Informationtechnik") Es sieht wie folgt aus das ich den PC mit Internet garnicht nutzen kann, ich schalte ihn an (er fährt ganz normal hoch) und innerhalb von Sekunden erscheint dann der Bilderschirm des Trojaners. Ab hier geht dann garnichts mehr ausser Ausschalten! Der Polizist meinte ich hätte Glück gehabt da ich den PC ganz normal nutzen kann sobald ich vom Netz bin. Wenn ich , so wie jetzt das Netz mit meinem PC nutzen möchte muss ich in den gesicherten Modus gehen. Dies ging das erste mal noch über die F-Taste aber als ich das zweite mal in den Sicheren Modus wollte ging es nicht mehr, ich musste über "msconfig" handeln. Meine Maßnahmen waren bis jetzt nur das ich AVIRA habe durchlaufen lassen und versucht habe die Datein zu finden. Der Trojaner heisst bei AVIRA TR/Ransom.EJ.70. Diese Datei (C:\Users\***\AppData\Roaming\Ekpo\hiesy.exe) ist auch schon in der Quarantäne, löschen nicht möglich. So nun habe ich eure Anweisungen befolgt. Beim ersten bin ich gleich gescheitert! defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:27 on 10/11/2012 (Soeckchen) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- So der OTL hat ausgespuckt, folgendes: OTL Extras logfile created on: 11/10/2012 6:32:02 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.98 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 72.07% Memory free 7.96 Gb Paging File | 6.75 Gb Available in Paging File | 84.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917.66 Gb Total Space | 810.12 Gb Free Space | 88.28% Space Free | Partition Type: NTFS Drive D: | 13.75 Gb Total Space | 1.70 Gb Free Space | 12.33% Space Free | Partition Type: NTFS Computer Name: ***-HP | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{088BC8EB-E445-46B1-9019-EA20299D3292}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0D438AF3-0927-4A43-8B26-78BE3DD6BAAA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{11CDD3D7-0AA7-477D-9CC9-4EF90F90ABC0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1AD6921E-41D5-450D-8A3E-607BE60860BA}" = rport=445 | protocol=6 | dir=out | app=system | "{29D04C26-7B9D-4F62-9DAA-CA77263FA9EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{38A58DDF-5654-480E-8C3B-79FDC15B4832}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{38CF978F-E7B7-44B0-97FA-CD7D008E8062}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{39E4E1DE-FEB2-4F28-A160-5236E8036587}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{42338B3B-EBDD-461A-8053-1A751201844A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{45748602-8AB1-4FCC-87E3-F535BB735957}" = rport=138 | protocol=17 | dir=out | app=system | "{48A68B40-8F31-4F3E-B0C0-A0CEEE96AE97}" = rport=2869 | protocol=6 | dir=out | app=system | "{55BF2003-04E7-4FC7-B5E8-F6EA368B726A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5737A277-EA75-401D-8BC5-1BF783B7F2DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{57FFCC51-3F90-4C49-BDD9-7F1EBB9811FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5E97CC99-2058-4263-AFF2-341CD801CAF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{64F71F4B-12A8-4B15-B5A3-AC6239632944}" = rport=137 | protocol=17 | dir=out | app=system | "{7E26D384-C41A-479A-9E16-022E44A950F9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{83BF155D-A8E5-4331-9FD4-466741EF9405}" = rport=10243 | protocol=6 | dir=out | app=system | "{8437C4D3-3B8D-40AF-9D3F-C52CFD284147}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{983CC683-6C71-4A25-8371-CAB42BA5FB6C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{993D046E-4914-410D-A306-950045273D58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{99813F12-78E5-4FDE-97BF-65CFAE388065}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A3A6A2AB-A41B-4BA9-9364-E374413B924C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe | "{A72BB5B6-CF04-4EF1-8C62-B3A4CCB67D35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ADAAC832-2A7D-46B5-8FD3-2CEB18C76CB1}" = lport=2869 | protocol=6 | dir=in | app=system | "{AFAFE7E2-21D9-4706-8C93-D19321693F51}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B4828F12-E774-4FAD-B1A3-0D8ED49DD552}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B680B7F7-8420-41C1-99C4-AE10C427996C}" = lport=137 | protocol=17 | dir=in | app=system | "{BC2B3387-2884-4399-9450-E4B96FCD7DFD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BF19A4F6-4737-47F0-A14F-4FE8DFB7D93E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C1AF9BFB-35E4-4B48-9307-7CCAC182D632}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D1CF44CC-DC86-4548-A117-5C2343AB8D16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D1DBE127-8928-44D4-86A7-99E4BC76FB68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D30FD398-ACB9-4E3C-8EDA-38125155D195}" = lport=10243 | protocol=6 | dir=in | app=system | "{D34462F8-7E76-47EC-9981-C2EC3DFE38BD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{DD3DA42F-F729-4E22-B363-9DBE12EFB48A}" = lport=2869 | protocol=6 | dir=in | app=system | "{E52CEB52-5A05-4B72-B7E2-204A59A1C9D2}" = rport=139 | protocol=6 | dir=out | app=system | "{E5C26075-D4F6-4967-86A3-AC373251B268}" = lport=445 | protocol=6 | dir=in | app=system | "{E6B89ABB-AADC-4EA2-9BEA-D4711820A902}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F16DD9C0-E930-40F8-879B-9DF4BC720DF4}" = lport=139 | protocol=6 | dir=in | app=system | "{FB28BE23-4A5D-4EA4-82BB-4C92ACF3886F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FF48BFFC-C95A-4658-ADCA-2F353606E893}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{087420CF-A062-4BFB-B393-530227800FC5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0E5077E6-9451-46E6-A753-15109D51810A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{10A1F0AA-AD6C-4FC2-9D79-F07EE9242516}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1420735F-8768-4C58-A984-9557E68E4C0F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{14F2D97B-368B-4CA7-8E6C-7410D5A9A138}" = protocol=6 | dir=in | app=c:\games\anno1404\addon.exe | "{18265780-C178-4619-9195-D9828E3C3843}" = protocol=6 | dir=in | app=c:\games\anno1404\tools\anno4web.exe | "{1863D8D4-DD40-469E-9A41-B6A03C828A9B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{18A57AC6-FEA3-4FCB-8499-E6B38D1B7789}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{19650A75-B31F-46C2-9F11-5070B12CCFA2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{19DB321B-313F-4FEF-BA6F-C3D029AD2B26}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1A95FCC8-F4DA-409D-8592-B7FA7A8E3F45}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1E4D70A1-7E2F-46A3-B9C6-8BA2AD98C41E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2E0265E7-F790-4311-8BB8-5F8A1C9A7BF0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{35E9A5A8-74A6-4A41-835C-3FF0503E29BB}" = protocol=17 | dir=in | app=c:\games\cod\codwawmp.exe | "{37FEF040-3925-4CE3-8A39-8D77A3E22275}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{3C5620D5-AB56-4A42-8B82-D2D9350F31FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4013B1AD-E85E-4D71-B3FF-0FD71C4E82E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{43C30EB9-40F3-4F29-A4C9-8F48FFC82580}" = protocol=17 | dir=in | app=c:\games\waw\codwawmp.exe | "{4A10E55D-39ED-46F0-9668-A0B8BC36297B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{4C3EA378-CF6D-47EF-889C-3C595257CF8F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{4D498632-E40A-480C-836B-53EB05300D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{5076D06E-88CA-4D99-B017-114FD5EC972A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{5138DA01-0E41-468F-A719-2E44FE1BF969}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{53BCA8C7-C90D-4A3F-B052-36C78435E7B7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{5F13E220-96D5-4F85-8169-2195F9993DEB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{627E0C5E-D18F-46BD-BEA0-7B41066ACBB1}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{6D0A087F-78BC-4BB1-A137-33B5F4C270E7}" = protocol=6 | dir=out | app=system | "{70F068D2-2AE0-4AB1-9CBD-749BC81E23DE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{75C4D662-6DDE-4D92-95C9-8686C2D633F8}" = protocol=6 | dir=in | app=c:\games\cod\codwaw.exe | "{7771C619-46D0-47E7-BE1F-DC17E117239A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{781FFEE5-1BE8-48CD-8054-EE5DE6A34A99}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{7B099638-838E-49C9-8B1D-38AD4AA84073}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{7BEF8799-54D1-4216-8E61-78925794F45C}" = protocol=17 | dir=in | app=c:\games\anno1404\tools\addonweb.exe | "{7D0ECDF8-CB66-4E3A-964D-CECC864D679B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7E218905-6CAE-48E4-A0D7-9D055BC9E8D3}" = protocol=17 | dir=in | app=c:\games\cod\codwaw.exe | "{805FDB85-7028-49B8-8736-B26A9A4BC54C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8381AA8F-B441-43A0-8CC1-B1AEACF08C34}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{8467DB41-0BF8-4196-88EB-CFAB9154015C}" = protocol=6 | dir=in | app=c:\games\waw\codwaw.exe | "{86782333-5A71-45F6-B7A7-D5C42E1BC178}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{8D1A6676-B870-40D7-A9E6-3CEBF44D02B5}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{8DBAFC67-3DCB-44B2-8F43-80E80530E8CB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{920D9888-BFCD-4503-9F9D-8DF37016FAA4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{9227F85C-66C5-485C-BB86-01352E2AD204}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe | "{9625230D-C685-4C7B-A4A6-4B623B5B300B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9AAE5674-804D-4096-A98F-AA6C420A83D5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{9D9FD501-7CB7-4001-9648-7B0B399E716E}" = protocol=17 | dir=in | app=c:\games\anno1404\addon.exe | "{A35D125F-6DF5-4030-9962-19F65F1FC9D8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{A8815FD3-BAF2-468E-95EA-B137F46AC5D5}" = protocol=6 | dir=in | app=c:\games\anno1404\addon.exe | "{AC456133-BCC1-4036-97C6-8C8F3088E69A}" = protocol=17 | dir=in | app=c:\games\anno1404\addon.exe | "{B27BB7D7-216C-473A-971D-4EA93BE8866E}" = protocol=17 | dir=in | app=c:\games\bg2\bgmain.exe | "{B2BCE2C8-E746-4DFA-80F5-C306814B927E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{B40E2062-ABAF-46F4-8B1A-72ECF748D6DB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{B46ADA91-D490-477E-91F6-C6620E3D6EF3}" = protocol=6 | dir=in | app=c:\games\anno1404\tools\addonweb.exe | "{B4F021AC-D4AB-4884-B5C6-E945D2A394A8}" = protocol=17 | dir=in | app=c:\games\anno1404\anno4.exe | "{B673E6BE-75CC-4593-BAF9-2D906C895630}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BB0EFA4E-6454-49DA-AF70-B8679E1A16EF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{BDD5C934-802C-4A37-A164-9DB04A1C266C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{BE4230FC-0DBB-4E67-BC00-732561D5843C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{C0953C51-D851-4ADA-B697-6FB1EDCEB8EC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{C0E53711-DFC5-4020-8527-D235F43E8A51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C59B3748-2C00-47C2-B908-0AB266EA4435}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C817F4CB-F7A6-475F-A488-E29B2E666F3F}" = protocol=6 | dir=in | app=c:\games\bg2\bgmain.exe | "{C84E007F-1CBC-416F-AA76-3F9B8CD19D15}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{C9E7A95A-186B-49C7-BD72-D6FF399D2658}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CC18D898-2FE2-49FE-B180-7C05FF36578B}" = protocol=6 | dir=in | app=c:\games\anno1404\anno4.exe | "{CF8A0D10-5C16-494F-B430-371C314E767A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D0111447-62A4-4B70-A108-BF4738988FC0}" = protocol=6 | dir=in | app=c:\games\anno1404\tools\addonweb.exe | "{D7D963CA-CF38-4CA9-8BA8-C5D3E22156BC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{DDF270EF-F495-4855-A95A-543599722195}" = protocol=6 | dir=in | app=c:\games\cod\codwawmp.exe | "{E293A829-5DDA-4C2F-857A-D46FC869A0B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E7BAE2A5-C56E-4F49-83BF-EB5B3C429167}" = protocol=6 | dir=in | app=c:\games\waw\codwawmp.exe | "{EAED5BB4-DAD5-4D17-9B9C-44DC9F8A9658}" = protocol=17 | dir=in | app=c:\games\anno1404\tools\addonweb.exe | "{F28DAE52-6975-4FB5-87A9-9AC4A3A0A9E0}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe | "{F72D4A1C-315B-4E28-B737-634234093924}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{F781BD55-9049-4DE7-98C8-474071351E70}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | "{FA30B048-CB1B-4C1F-AA76-93EAB8FA74B1}" = protocol=17 | dir=in | app=c:\games\waw\codwaw.exe | "{FBC0B1B5-56DE-46B7-B60B-69FC9CA042FB}" = protocol=17 | dir=in | app=c:\games\anno1404\tools\anno4web.exe | "TCP Query User{05FAB08D-4AA6-40C8-A0E0-ABA9160FB5F2}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{1D71FB44-D3D4-4E6C-B3D7-B54206279D90}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{45B8BFE5-47A0-4742-820B-F559A2B1B26E}C:\games\bg\bgmain.exe" = protocol=6 | dir=in | app=c:\games\bg\bgmain.exe | "TCP Query User{4954437F-D7D5-4ED6-9A77-936ED0BA1D8D}C:\games\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\games\diablo ii\game.exe | "TCP Query User{5220D17B-9790-43A6-B15A-0042B08DCBF6}C:\games\diablo ii\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\games\diablo ii\diablo ii\game.exe | "TCP Query User{5745CE4F-EB1E-441B-AFE9-C267E1BAA6AA}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{64A00E0A-AB62-4AEA-A0D2-7E5329A40129}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "TCP Query User{75103C1E-84AE-4957-8F8F-5BBB44F20B5F}C:\games\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\games\nwn\nwmain.exe | "TCP Query User{84641DB7-1F1A-4719-9EA5-29F39A800190}C:\games\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\games\diablo ii\game.exe | "TCP Query User{9F9EE686-AFF5-47A1-9D22-8AD8F4163A44}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{A200C1F8-415F-4F2E-9417-BBD4E1DC7E41}C:\games\anno1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\games\anno1404\tools\anno4web.exe | "TCP Query User{A8FC9226-7A85-4469-8371-66714F47E277}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{BD8E86E2-7D0E-45E8-B1D7-612B9D0ED9C4}C:\users\soeckchen\appdata\roaming\ekpo\hiesy.exe" = protocol=6 | dir=in | app=c:\users\soeckchen\appdata\roaming\ekpo\hiesy.exe | "TCP Query User{C6255958-D776-4E05-91A1-076E22A28964}C:\games\bg2\bgmain.exe" = protocol=6 | dir=in | app=c:\games\bg2\bgmain.exe | "TCP Query User{D838F4BB-DBF1-4316-A4A3-3CDDEC199EF7}C:\games\anno\1602.exe" = protocol=6 | dir=in | app=c:\games\anno\1602.exe | "TCP Query User{D9605EF3-3B50-403F-B200-A46CBFBB491F}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{F00541E8-7843-4E53-8EBC-4DBC0B171BFB}C:\users\soeckchen\appdata\roaming\ekpo\hiesy.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\ekpo\hiesy.exe | "UDP Query User{1ADF50AB-14DF-4A8F-B5BA-E60818FBE096}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{1F79E099-4B32-4C85-A0A7-A9B253876098}C:\games\diablo ii\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\games\diablo ii\diablo ii\game.exe | "UDP Query User{26B4F906-5FB2-4272-BA90-3015753AAA91}C:\users\***\appdata\roaming\ekpo\hiesy.exe" = protocol=17 | dir=in | app=c:\users\soeckchen\appdata\roaming\ekpo\hiesy.exe | "UDP Query User{29F520D2-9A7B-4654-99AC-6876F7735FF7}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{5629DCC2-2FD4-4A05-B7F2-F99F75DAC562}C:\games\bg\bgmain.exe" = protocol=17 | dir=in | app=c:\games\bg\bgmain.exe | "UDP Query User{61AED4BD-698B-42AB-9348-215F0CF2B75F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{62DD6346-DD72-4EE6-A237-E908CE239FC8}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{70E3CB89-88A8-4C06-B91E-1EEFFE7EB456}C:\users\soeckchen\appdata\roaming\ekpo\hiesy.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\ekpo\hiesy.exe | "UDP Query User{8790210F-7B29-4766-91DB-B4158B28EA93}C:\games\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\games\diablo ii\game.exe | "UDP Query User{9C7FE706-BDB4-40DF-8680-8BFD60948B49}C:\games\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\games\diablo ii\game.exe | "UDP Query User{A5AED3F3-A736-470C-AF52-01D92981DC7F}C:\games\anno\1602.exe" = protocol=17 | dir=in | app=c:\games\anno\1602.exe | "UDP Query User{A62F7840-183B-49CA-8415-104E6DCA101F}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "UDP Query User{BC2F23A7-DE05-44F5-9E61-57E449483AFD}C:\games\bg2\bgmain.exe" = protocol=17 | dir=in | app=c:\games\bg2\bgmain.exe | "UDP Query User{D66DCB00-18BE-42A5-9A73-AEC026FAB7AD}C:\games\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\games\nwn\nwmain.exe | "UDP Query User{E5C8D7F6-BF4E-42D9-B4CF-061C2BA9B38C}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{EFC4A957-4BCB-4814-971A-80949411BBBC}C:\games\anno1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\games\anno1404\tools\anno4web.exe | "UDP Query User{FF1BF362-C6DE-4389-A537-EE000102AD03}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}" = ATI Catalyst Install Manager "{3184267F-B0D9-0657-D705-0C700B481A18}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E59637F-DA32-E400-92F6-3E84DB1DFB8D}" = CCC Help Portuguese "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{13FED2DC-8185-351F-72B2-C1CAB3A8860B}" = CCC Help Turkish "{1826A2E3-22EE-ACC6-BB3A-80EEFF23167A}" = CCC Help Danish "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A66A9AD-7BC1-8E9C-25EE-A5C2B07FA59E}" = CCC Help Finnish "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4 "{28CD5009-54CA-ED14-6A17-47803585FF5F}" = Catalyst Control Center Localization All "{28D1AF2F-9574-DABC-BA08-72F3356960D2}" = CCC Help Polish "{2A41AD80-C9C8-3CD0-2BEA-05731A9483DF}" = ccc-core-static "{2C9CA30C-E2B7-0D3A-291D-4808973E6F8C}" = CCC Help Italian "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2F4C493B-28D8-5054-13E9-91F05903887B}" = CCC Help Dutch "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{38069E07-617C-8074-4F67-BAFFFBB7E7FA}" = CCC Help Spanish "{3D4C2961-3353-4C56-B0B8-82AC1923695F}" = Catalyst Control Center - Branding "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4 "{49DA021B-1C01-36D0-ABDF-3B9BED567EED}" = CCC Help Chinese Traditional "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BDC0530-445B-47F2-36A0-758DE8903B44}" = CCC Help German "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE "{5208F7DB-9DAA-E5CA-EEC3-1B004D66A8EB}" = CCC Help Chinese Standard "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58F095F8-3F66-528A-0BF6-DF1A7B304EC0}" = CCC Help Korean "{5E38ABC5-71C2-04D8-62F0-C44B53E7DED8}" = Catalyst Control Center Graphics Previews Vista "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "{751D221F-7C37-C83F-1973-A1F92A0F4DF6}" = HydraVision "{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{913E7600-FA3A-B125-1EA6-391D59C258F6}" = CCC Help Czech "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{959DFE5E-B55F-4A0A-9E71-2970C98C3164}" = CCC Help Russian "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AEDD629-A40E-5EB1-2E70-E84DDE915C16}" = CCC Help Norwegian "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{AEDDD2D4-0BE7-71D9-2091-9F8AA4A4806D}" = Catalyst Control Center InstallProxy "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}" = HP Support Assistant "{B31D9B68-A844-191A-C652-4EA715A8CD92}" = CCC Help French "{B3435D6A-B061-D8E5-C9AD-2D63C823C50C}" = CCC Help Swedish "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ "{BE05B1E6-3C47-32DC-113B-7DB85FD6BE75}" = CCC Help Hungarian "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C6FD5FE2-3635-0C15-6D3C-95FCAA51A3CE}" = CCC Help Greek "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{D9742D19-38EE-B2BE-5902-44130C4008FA}" = CCC Help Japanese "{DBF625A1-9F84-1533-E08E-D1EBBE5001DD}" = Catalyst Control Center Graphics Previews Common "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE6E96CA-AD23-BBD7-4304-B6D4EA0F1933}" = CCC Help Thai "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E141B1E0-BA8A-750F-4106-FC6AAB8950E0}" = CCC Help English "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX "Avira AntiVir Desktop" = Avira Internet Security "Diablo II" = Diablo II "Diablo III" = Diablo III "EADM" = EA Download Manager "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PDF Complete" = PDF Complete Special Edition "PunkBusterSvc" = PunkBuster Services "WinLiveSuite" = Windows Live Essentials "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/1/2012 1:37:16 AM | Computer Name = ***-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/2/2012 5:33:17 AM | Computer Name = ***-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/4/2012 2:25:01 AM | Computer Name = Soeckchen-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/5/2012 12:55:26 PM | Computer Name = ***-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/5/2012 12:55:58 PM | Computer Name = ***-HP | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 9/6/2012 1:04:35 PM | Computer Name = ***-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/8/2012 9:48:58 AM | Computer Name = ***-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/9/2012 2:07:47 AM | Computer Name = ***-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/9/2012 2:08:06 PM | Computer Name = ***-HP | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 9/11/2012 2:18:46 PM | Computer Name =***-HP | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. [ Hewlett-Packard Events ] Error - 9/20/2011 1:00:13 PM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091120070006.xml File not created by asset agent Error - 9/27/2011 10:38:32 AM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091127043824.xml File not created by asset agent Error - 11/23/2011 4:07:55 PM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111123090748.xml File not created by asset agent Error - 2/28/2012 1:24:34 PM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021228062426.xml File not created by asset agent Error - 3/13/2012 12:08:21 PM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031213050814.xml File not created by asset agent Error - 4/3/2012 10:32:48 AM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041203043241.xml File not created by asset agent Error - 6/14/2012 1:35:41 AM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = Error - 6/26/2012 10:27:30 AM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061226042723.xml File not created by asset agent Error - 8/28/2012 10:01:46 AM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081228040139.xml File not created by asset agent Error - 10/2/2012 10:13:38 AM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = [ System Events ] Error - 11/10/2012 1:20:35 PM | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11/10/2012 1:20:37 PM | Computer Name =***-HP | Source = DCOM | ID = 10005 Description = Error - 11/10/2012 1:20:35 PM | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11/10/2012 1:20:35 PM | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11/10/2012 1:20:35 PM | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11/10/2012 1:27:27 PM | Computer Name = ***-HP | Source = DCOM | ID = 10005 Description = Error - 11/10/2012 1:27:27 PM | Computer Name = ***-HP | Source = DCOM | ID = 10005 Description = Error - 11/10/2012 1:30:19 PM | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11/10/2012 1:30:19 PM | Computer Name =***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11/10/2012 1:30:19 PM | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Und der Zweite: OTL logfile created on: 11/10/2012 6:32:02 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.98 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 72.07% Memory free 7.96 Gb Paging File | 6.75 Gb Available in Paging File | 84.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917.66 Gb Total Space | 810.12 Gb Free Space | 88.28% Space Free | Partition Type: NTFS Drive D: | 13.75 Gb Total Space | 1.70 Gb Free Space | 12.33% Space Free | Partition Type: NTFS Computer Name: ***-HP | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/10 18:28:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012/11/10 17:53:02 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/11/10 17:52:33 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012/11/10 17:52:27 | 000,379,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012/11/10 17:52:26 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/11/10 17:52:26 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/11/10 17:52:25 | 000,633,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012/06/20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011/11/25 21:27:35 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010/11/23 17:55:08 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe PRC - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2010/08/21 01:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/02/22 10:44:20 | 000,577,792 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe PRC - [2010/02/22 10:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe PRC - [2009/06/30 20:24:36 | 000,762,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2008/09/29 17:37:44 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/11/23 18:21:52 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/09/27 21:10:00 | 000,270,336 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/03/01 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/11/10 17:53:02 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/11/10 17:52:33 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012/11/10 17:52:27 | 000,379,168 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012/11/10 17:52:26 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/11/10 17:52:25 | 000,633,632 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012/10/27 16:38:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011/11/25 21:27:35 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/05/11 18:06:00 | 004,330,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010/10/05 15:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/10/05 15:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2010/08/21 01:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/22 10:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/11/10 17:53:21 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/11/10 17:53:21 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/11/10 17:53:20 | 000,140,936 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2012/11/10 17:53:20 | 000,113,808 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012/11/10 17:53:20 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/22 13:36:03 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011/05/22 13:36:03 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/23 18:53:44 | 007,886,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/11/23 17:46:42 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/27 21:10:00 | 000,517,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/09/24 16:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/09/21 03:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/09/13 14:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/09/03 07:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/07/22 03:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2010/01/22 21:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/01/22 21:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/30 20:24:40 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2006/11/30 14:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005/01/04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.0.1 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://g.uk.msn.com/HPDSK/4" FF - prefs.js..extensions.enabledAddons: divxhiqplayer@divx.com:2.1.1.94 FF - prefs.js..extensions.enabledAddons: jsdeminifier@murphy.ben.name:1.0.7 FF - prefs.js..extensions.enabledAddons: noscript@giorgiomaone.com:2.1.0.2 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=a03fec5e-2f04-4844-ab6a-c4d285a2dcd0&apn_ptnrs=%5EABT&apn_sauid=42CEFFC0-9C43-45CB-AC55-5B7526EE2D22&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 16:38:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 16:38:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/26 13:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012/10/23 13:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***AppData\Roaming\mozilla\Firefox\Profiles\9mlplk3g.default\extensions [2011/05/19 19:29:29 | 000,000,000 | ---D | M] (DivX) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9mlplk3g.default\extensions\divxhiqplayer@divx.com [2011/05/19 19:29:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9mlplk3g.default\extensions\noscript@giorgiomaone.com [2012/01/16 15:37:53 | 000,013,780 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9mlplk3g.default\extensions\jsdeminifier@murphy.ben.name.xpi [2012/10/27 16:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/27 16:38:25 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/21 20:18:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/14 17:25:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/21 20:18:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/21 20:18:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/21 20:18:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/21 20:18:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX) - {1E37A1FF-843E-4627-A8C4-00279C4ACDC2} - C:\Users\Soeckchen\AppData\Roaming\DivX\IE\DivX.dll (DivX, LLC. Rovi Corporation) O2 - BHO: (NoScript) - {601369AE-97AF-4402-807D-7516155B484B} - C:\Users\***\AppData\Roaming\NoScript\IE\NoScript.dll (Giorgio Maone) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard ) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [{2C7710C4-580B-11E0-BCCA-806E6F6E6963}] C:\Users\Soeckchen\AppData\Roaming\Microsoft\loadhst.exe File not found O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - Startup: C:\Users\Soeckchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75DD66AE-0374-4CFD-B4A7-5B112F112E16}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/10 17:58:12 | 000,000,000 | ---D | C] -- C:\Users\Soeckchen\AppData\Roaming\Avira [2012/11/10 17:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/11/10 17:57:58 | 000,140,936 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2012/11/10 17:57:58 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/11/10 17:57:58 | 000,113,808 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2012/11/10 17:57:58 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/11/10 17:57:58 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012/11/10 17:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012/11/10 17:40:26 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/11/09 21:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NTIReg [2012/11/09 21:16:19 | 000,018,432 | ---- | C] (NewTech Infosystems, Inc.) -- C:\Windows\SysNative\drivers\NTIDrvr.sys [2012/11/09 21:16:19 | 000,016,896 | ---- | C] (NewTech Infosystems Corporation) -- C:\Windows\SysNative\drivers\UBHelper.sys [2012/11/09 21:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\Xp_x86 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\w2k_x86 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\Vista_x86 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\Vista_ia64 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\Vista_amd64 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\2003_x86 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\2003_ia64 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\2003_amd64 [2012/11/09 21:16:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti [2012/11/09 21:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewTech Infosystems [2012/11/09 21:12:10 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012/11/09 07:03:24 | 000,000,000 | ---D | C] -- C:\Users\Soeckchen\AppData\Local\AskToolbar [2012/11/09 07:03:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012/10/27 16:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/15 06:31:31 | 000,000,000 | ---D | C] -- C:\Users\Soeckchen\AppData\Local\Macromedia [2012/10/15 06:30:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/10 18:32:43 | 001,492,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/10 18:32:43 | 000,651,996 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/11/10 18:32:43 | 000,614,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/10 18:32:43 | 000,129,036 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/11/10 18:32:43 | 000,105,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/10 18:30:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/10 18:30:43 | 3207,495,680 | -HS- | M] () -- C:\hiberfil.sys [2012/11/10 18:26:39 | 000,000,000 | ---- | M] () -- C:\Users\Soeckchen\defogger_reenable [2012/11/10 18:11:08 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/10 18:11:08 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/10 17:58:10 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/11/10 17:53:21 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/11/10 17:53:21 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012/11/10 17:53:20 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2012/11/10 17:53:20 | 000,113,808 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2012/11/10 17:53:20 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/11/10 15:44:27 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/11/09 22:14:16 | 000,002,038 | ---- | M] () -- C:\Users\Soeckchen\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012/11/09 22:14:16 | 000,001,967 | ---- | M] () -- C:\Users\Soeckchen\Desktop\Avira DE-Cleaner.lnk [2012/11/09 21:16:07 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Backup Now EZ.lnk [2012/11/09 07:03:18 | 000,000,828 | ---- | M] () -- C:\Users\Soeckchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/11/07 07:13:54 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSoeckchen.job [2012/11/02 21:43:05 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSOECKCHEN-HP$.job [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/10 18:26:39 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012/11/10 17:58:10 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/11/09 22:14:16 | 000,002,038 | ---- | C] () -- C:\Users\***\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012/11/09 22:14:16 | 000,001,967 | ---- | C] () -- C:\Users\***\Desktop\Avira DE-Cleaner.lnk [2012/11/09 21:16:07 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Backup Now EZ.lnk [2012/11/09 07:03:18 | 000,000,828 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/11/09 07:03:17 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2011/11/25 21:27:37 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/11/25 21:27:35 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011/11/25 21:27:35 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/05/30 15:41:42 | 000,038,405 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011/05/30 15:22:47 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/25 15:15:07 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2011/05/08 17:27:40 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011/05/08 17:27:40 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011/05/08 17:27:40 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011/04/18 20:06:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/03/27 00:44:19 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/03/27 00:04:07 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/03/26 23:53:17 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011/03/26 23:52:30 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011/03/26 23:47:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/10 18:04:50 | 000,000,000 | ---D | M] -- C:\Users\Soeckchen\AppData\Roaming\Ekpo [2011/04/24 05:47:54 | 000,000,000 | ---D | M] -- C:\Users\Soeckchen\AppData\Roaming\Enjao [2011/04/18 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\Soeckchen\AppData\Roaming\PictureMover [2011/05/22 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\Soeckchen\AppData\Roaming\Ubisoft [2011/04/25 21:55:30 | 000,000,000 | ---D | M] -- C:\Users\Soeckchen\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1 [2011/04/24 15:02:53 | 000,000,000 | ---D | M] -- C:\Users\Soeckchen\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > So , falls ich was vergessen habe was helfen kann, bitte fragen. Würde das Problem gerne los werden ohne den PC platt zu machen. Meine Persönlichen Daten hab ich schon gesichert falls es nicht anders geht! Ich hoffe mir kann einer helfen, auch wenn es nur ein Tipp ist ![]() Und aufjedenfall schonmal im vorraus Danke, falls ich das vergessen sollte!!! Viele freundliche Grüße an Euch Eule |
Themen zu GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? |
autorun, avira, avira searchfree toolbar, battle.net, bho, browser, browser.exe, desktop, entfernen, error, erste mal, fehler, flash player, frage, home, install.exe, internet, logfile, mozilla, plug-in, problem, realtek, registry, richtlinie, scan, security, sekunden, server, software, svchost.exe, trojaner, windows |