| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.11.2012, 19:17
| #1 |
 |  GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? Guten abend alle zusammen. Also mein PC ist mit einem Trojaner befallen der auch GUV-oder Gema Trojaner genannt wird oder auch unter Ransomware bekannt! Ich möchte alle darauf hinweisen die diesen Beitrag lesen das die Polizei dazu auffordert Anzeige zu erstatten, da bei diesem Trojaner eine Erpressung vorliegt! (Auch nachzulesen beim "Bundesamt für Sicherheit in der Informationtechnik") Es sieht wie folgt aus das ich den PC mit Internet garnicht nutzen kann, ich schalte ihn an (er fährt ganz normal hoch) und innerhalb von Sekunden erscheint dann der Bilderschirm des Trojaners. Ab hier geht dann garnichts mehr ausser Ausschalten! Der Polizist meinte ich hätte Glück gehabt da ich den PC ganz normal nutzen kann sobald ich vom Netz bin. Wenn ich , so wie jetzt das Netz mit meinem PC nutzen möchte muss ich in den gesicherten Modus gehen. Dies ging das erste mal noch über die F-Taste aber als ich das zweite mal in den Sicheren Modus wollte ging es nicht mehr, ich musste über "msconfig" handeln. Meine Maßnahmen waren bis jetzt nur das ich AVIRA habe durchlaufen lassen und versucht habe die Datein zu finden. Der Trojaner heisst bei AVIRA TR/Ransom.EJ.70. Diese Datei (C:\Users\***\AppData\Roaming\Ekpo\hiesy.exe) ist auch schon in der Quarantäne, löschen nicht möglich. So nun habe ich eure Anweisungen befolgt. Beim ersten bin ich gleich gescheitert! defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:27 on 10/11/2012 (Soeckchen) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- So der OTL hat ausgespuckt, folgendes: OTL Extras logfile created on: 11/10/2012 6:32:02 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.98 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 72.07% Memory free 7.96 Gb Paging File | 6.75 Gb Available in Paging File | 84.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917.66 Gb Total Space | 810.12 Gb Free Space | 88.28% Space Free | Partition Type: NTFS Drive D: | 13.75 Gb Total Space | 1.70 Gb Free Space | 12.33% Space Free | Partition Type: NTFS Computer Name: ***-HP | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{088BC8EB-E445-46B1-9019-EA20299D3292}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0D438AF3-0927-4A43-8B26-78BE3DD6BAAA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{11CDD3D7-0AA7-477D-9CC9-4EF90F90ABC0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1AD6921E-41D5-450D-8A3E-607BE60860BA}" = rport=445 | protocol=6 | dir=out | app=system | "{29D04C26-7B9D-4F62-9DAA-CA77263FA9EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{38A58DDF-5654-480E-8C3B-79FDC15B4832}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{38CF978F-E7B7-44B0-97FA-CD7D008E8062}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{39E4E1DE-FEB2-4F28-A160-5236E8036587}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{42338B3B-EBDD-461A-8053-1A751201844A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{45748602-8AB1-4FCC-87E3-F535BB735957}" = rport=138 | protocol=17 | dir=out | app=system | "{48A68B40-8F31-4F3E-B0C0-A0CEEE96AE97}" = rport=2869 | protocol=6 | dir=out | app=system | "{55BF2003-04E7-4FC7-B5E8-F6EA368B726A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5737A277-EA75-401D-8BC5-1BF783B7F2DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{57FFCC51-3F90-4C49-BDD9-7F1EBB9811FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5E97CC99-2058-4263-AFF2-341CD801CAF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{64F71F4B-12A8-4B15-B5A3-AC6239632944}" = rport=137 | protocol=17 | dir=out | app=system | "{7E26D384-C41A-479A-9E16-022E44A950F9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{83BF155D-A8E5-4331-9FD4-466741EF9405}" = rport=10243 | protocol=6 | dir=out | app=system | "{8437C4D3-3B8D-40AF-9D3F-C52CFD284147}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{983CC683-6C71-4A25-8371-CAB42BA5FB6C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{993D046E-4914-410D-A306-950045273D58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{99813F12-78E5-4FDE-97BF-65CFAE388065}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A3A6A2AB-A41B-4BA9-9364-E374413B924C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe | "{A72BB5B6-CF04-4EF1-8C62-B3A4CCB67D35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ADAAC832-2A7D-46B5-8FD3-2CEB18C76CB1}" = lport=2869 | protocol=6 | dir=in | app=system | "{AFAFE7E2-21D9-4706-8C93-D19321693F51}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B4828F12-E774-4FAD-B1A3-0D8ED49DD552}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B680B7F7-8420-41C1-99C4-AE10C427996C}" = lport=137 | protocol=17 | dir=in | app=system | "{BC2B3387-2884-4399-9450-E4B96FCD7DFD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BF19A4F6-4737-47F0-A14F-4FE8DFB7D93E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C1AF9BFB-35E4-4B48-9307-7CCAC182D632}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D1CF44CC-DC86-4548-A117-5C2343AB8D16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D1DBE127-8928-44D4-86A7-99E4BC76FB68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D30FD398-ACB9-4E3C-8EDA-38125155D195}" = lport=10243 | protocol=6 | dir=in | app=system | "{D34462F8-7E76-47EC-9981-C2EC3DFE38BD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{DD3DA42F-F729-4E22-B363-9DBE12EFB48A}" = lport=2869 | protocol=6 | dir=in | app=system | "{E52CEB52-5A05-4B72-B7E2-204A59A1C9D2}" = rport=139 | protocol=6 | dir=out | app=system | "{E5C26075-D4F6-4967-86A3-AC373251B268}" = lport=445 | protocol=6 | dir=in | app=system | "{E6B89ABB-AADC-4EA2-9BEA-D4711820A902}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F16DD9C0-E930-40F8-879B-9DF4BC720DF4}" = lport=139 | protocol=6 | dir=in | app=system | "{FB28BE23-4A5D-4EA4-82BB-4C92ACF3886F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FF48BFFC-C95A-4658-ADCA-2F353606E893}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{087420CF-A062-4BFB-B393-530227800FC5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0E5077E6-9451-46E6-A753-15109D51810A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{10A1F0AA-AD6C-4FC2-9D79-F07EE9242516}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1420735F-8768-4C58-A984-9557E68E4C0F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{14F2D97B-368B-4CA7-8E6C-7410D5A9A138}" = protocol=6 | dir=in | app=c:\games\anno1404\addon.exe | "{18265780-C178-4619-9195-D9828E3C3843}" = protocol=6 | dir=in | app=c:\games\anno1404\tools\anno4web.exe | "{1863D8D4-DD40-469E-9A41-B6A03C828A9B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{18A57AC6-FEA3-4FCB-8499-E6B38D1B7789}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{19650A75-B31F-46C2-9F11-5070B12CCFA2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{19DB321B-313F-4FEF-BA6F-C3D029AD2B26}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1A95FCC8-F4DA-409D-8592-B7FA7A8E3F45}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1E4D70A1-7E2F-46A3-B9C6-8BA2AD98C41E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2E0265E7-F790-4311-8BB8-5F8A1C9A7BF0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{35E9A5A8-74A6-4A41-835C-3FF0503E29BB}" = protocol=17 | dir=in | app=c:\games\cod\codwawmp.exe | "{37FEF040-3925-4CE3-8A39-8D77A3E22275}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{3C5620D5-AB56-4A42-8B82-D2D9350F31FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4013B1AD-E85E-4D71-B3FF-0FD71C4E82E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{43C30EB9-40F3-4F29-A4C9-8F48FFC82580}" = protocol=17 | dir=in | app=c:\games\waw\codwawmp.exe | "{4A10E55D-39ED-46F0-9668-A0B8BC36297B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{4C3EA378-CF6D-47EF-889C-3C595257CF8F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{4D498632-E40A-480C-836B-53EB05300D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{5076D06E-88CA-4D99-B017-114FD5EC972A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{5138DA01-0E41-468F-A719-2E44FE1BF969}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{53BCA8C7-C90D-4A3F-B052-36C78435E7B7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{5F13E220-96D5-4F85-8169-2195F9993DEB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{627E0C5E-D18F-46BD-BEA0-7B41066ACBB1}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{6D0A087F-78BC-4BB1-A137-33B5F4C270E7}" = protocol=6 | dir=out | app=system | "{70F068D2-2AE0-4AB1-9CBD-749BC81E23DE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{75C4D662-6DDE-4D92-95C9-8686C2D633F8}" = protocol=6 | dir=in | app=c:\games\cod\codwaw.exe | "{7771C619-46D0-47E7-BE1F-DC17E117239A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{781FFEE5-1BE8-48CD-8054-EE5DE6A34A99}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{7B099638-838E-49C9-8B1D-38AD4AA84073}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{7BEF8799-54D1-4216-8E61-78925794F45C}" = protocol=17 | dir=in | app=c:\games\anno1404\tools\addonweb.exe | "{7D0ECDF8-CB66-4E3A-964D-CECC864D679B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7E218905-6CAE-48E4-A0D7-9D055BC9E8D3}" = protocol=17 | dir=in | app=c:\games\cod\codwaw.exe | "{805FDB85-7028-49B8-8736-B26A9A4BC54C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8381AA8F-B441-43A0-8CC1-B1AEACF08C34}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{8467DB41-0BF8-4196-88EB-CFAB9154015C}" = protocol=6 | dir=in | app=c:\games\waw\codwaw.exe | "{86782333-5A71-45F6-B7A7-D5C42E1BC178}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{8D1A6676-B870-40D7-A9E6-3CEBF44D02B5}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{8DBAFC67-3DCB-44B2-8F43-80E80530E8CB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{920D9888-BFCD-4503-9F9D-8DF37016FAA4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{9227F85C-66C5-485C-BB86-01352E2AD204}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe | "{9625230D-C685-4C7B-A4A6-4B623B5B300B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9AAE5674-804D-4096-A98F-AA6C420A83D5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{9D9FD501-7CB7-4001-9648-7B0B399E716E}" = protocol=17 | dir=in | app=c:\games\anno1404\addon.exe | "{A35D125F-6DF5-4030-9962-19F65F1FC9D8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{A8815FD3-BAF2-468E-95EA-B137F46AC5D5}" = protocol=6 | dir=in | app=c:\games\anno1404\addon.exe | "{AC456133-BCC1-4036-97C6-8C8F3088E69A}" = protocol=17 | dir=in | app=c:\games\anno1404\addon.exe | "{B27BB7D7-216C-473A-971D-4EA93BE8866E}" = protocol=17 | dir=in | app=c:\games\bg2\bgmain.exe | "{B2BCE2C8-E746-4DFA-80F5-C306814B927E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{B40E2062-ABAF-46F4-8B1A-72ECF748D6DB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{B46ADA91-D490-477E-91F6-C6620E3D6EF3}" = protocol=6 | dir=in | app=c:\games\anno1404\tools\addonweb.exe | "{B4F021AC-D4AB-4884-B5C6-E945D2A394A8}" = protocol=17 | dir=in | app=c:\games\anno1404\anno4.exe | "{B673E6BE-75CC-4593-BAF9-2D906C895630}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BB0EFA4E-6454-49DA-AF70-B8679E1A16EF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{BDD5C934-802C-4A37-A164-9DB04A1C266C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{BE4230FC-0DBB-4E67-BC00-732561D5843C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{C0953C51-D851-4ADA-B697-6FB1EDCEB8EC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{C0E53711-DFC5-4020-8527-D235F43E8A51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C59B3748-2C00-47C2-B908-0AB266EA4435}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C817F4CB-F7A6-475F-A488-E29B2E666F3F}" = protocol=6 | dir=in | app=c:\games\bg2\bgmain.exe | "{C84E007F-1CBC-416F-AA76-3F9B8CD19D15}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{C9E7A95A-186B-49C7-BD72-D6FF399D2658}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CC18D898-2FE2-49FE-B180-7C05FF36578B}" = protocol=6 | dir=in | app=c:\games\anno1404\anno4.exe | "{CF8A0D10-5C16-494F-B430-371C314E767A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D0111447-62A4-4B70-A108-BF4738988FC0}" = protocol=6 | dir=in | app=c:\games\anno1404\tools\addonweb.exe | "{D7D963CA-CF38-4CA9-8BA8-C5D3E22156BC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{DDF270EF-F495-4855-A95A-543599722195}" = protocol=6 | dir=in | app=c:\games\cod\codwawmp.exe | "{E293A829-5DDA-4C2F-857A-D46FC869A0B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E7BAE2A5-C56E-4F49-83BF-EB5B3C429167}" = protocol=6 | dir=in | app=c:\games\waw\codwawmp.exe | "{EAED5BB4-DAD5-4D17-9B9C-44DC9F8A9658}" = protocol=17 | dir=in | app=c:\games\anno1404\tools\addonweb.exe | "{F28DAE52-6975-4FB5-87A9-9AC4A3A0A9E0}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe | "{F72D4A1C-315B-4E28-B737-634234093924}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{F781BD55-9049-4DE7-98C8-474071351E70}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | "{FA30B048-CB1B-4C1F-AA76-93EAB8FA74B1}" = protocol=17 | dir=in | app=c:\games\waw\codwaw.exe | "{FBC0B1B5-56DE-46B7-B60B-69FC9CA042FB}" = protocol=17 | dir=in | app=c:\games\anno1404\tools\anno4web.exe | "TCP Query User{05FAB08D-4AA6-40C8-A0E0-ABA9160FB5F2}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{1D71FB44-D3D4-4E6C-B3D7-B54206279D90}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{45B8BFE5-47A0-4742-820B-F559A2B1B26E}C:\games\bg\bgmain.exe" = protocol=6 | dir=in | app=c:\games\bg\bgmain.exe | "TCP Query User{4954437F-D7D5-4ED6-9A77-936ED0BA1D8D}C:\games\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\games\diablo ii\game.exe | "TCP Query User{5220D17B-9790-43A6-B15A-0042B08DCBF6}C:\games\diablo ii\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\games\diablo ii\diablo ii\game.exe | "TCP Query User{5745CE4F-EB1E-441B-AFE9-C267E1BAA6AA}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{64A00E0A-AB62-4AEA-A0D2-7E5329A40129}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "TCP Query User{75103C1E-84AE-4957-8F8F-5BBB44F20B5F}C:\games\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\games\nwn\nwmain.exe | "TCP Query User{84641DB7-1F1A-4719-9EA5-29F39A800190}C:\games\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\games\diablo ii\game.exe | "TCP Query User{9F9EE686-AFF5-47A1-9D22-8AD8F4163A44}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{A200C1F8-415F-4F2E-9417-BBD4E1DC7E41}C:\games\anno1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\games\anno1404\tools\anno4web.exe | "TCP Query User{A8FC9226-7A85-4469-8371-66714F47E277}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{BD8E86E2-7D0E-45E8-B1D7-612B9D0ED9C4}C:\users\soeckchen\appdata\roaming\ekpo\hiesy.exe" = protocol=6 | dir=in | app=c:\users\soeckchen\appdata\roaming\ekpo\hiesy.exe | "TCP Query User{C6255958-D776-4E05-91A1-076E22A28964}C:\games\bg2\bgmain.exe" = protocol=6 | dir=in | app=c:\games\bg2\bgmain.exe | "TCP Query User{D838F4BB-DBF1-4316-A4A3-3CDDEC199EF7}C:\games\anno\1602.exe" = protocol=6 | dir=in | app=c:\games\anno\1602.exe | "TCP Query User{D9605EF3-3B50-403F-B200-A46CBFBB491F}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{F00541E8-7843-4E53-8EBC-4DBC0B171BFB}C:\users\soeckchen\appdata\roaming\ekpo\hiesy.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\ekpo\hiesy.exe | "UDP Query User{1ADF50AB-14DF-4A8F-B5BA-E60818FBE096}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{1F79E099-4B32-4C85-A0A7-A9B253876098}C:\games\diablo ii\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\games\diablo ii\diablo ii\game.exe | "UDP Query User{26B4F906-5FB2-4272-BA90-3015753AAA91}C:\users\***\appdata\roaming\ekpo\hiesy.exe" = protocol=17 | dir=in | app=c:\users\soeckchen\appdata\roaming\ekpo\hiesy.exe | "UDP Query User{29F520D2-9A7B-4654-99AC-6876F7735FF7}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{5629DCC2-2FD4-4A05-B7F2-F99F75DAC562}C:\games\bg\bgmain.exe" = protocol=17 | dir=in | app=c:\games\bg\bgmain.exe | "UDP Query User{61AED4BD-698B-42AB-9348-215F0CF2B75F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{62DD6346-DD72-4EE6-A237-E908CE239FC8}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{70E3CB89-88A8-4C06-B91E-1EEFFE7EB456}C:\users\soeckchen\appdata\roaming\ekpo\hiesy.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\ekpo\hiesy.exe | "UDP Query User{8790210F-7B29-4766-91DB-B4158B28EA93}C:\games\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\games\diablo ii\game.exe | "UDP Query User{9C7FE706-BDB4-40DF-8680-8BFD60948B49}C:\games\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\games\diablo ii\game.exe | "UDP Query User{A5AED3F3-A736-470C-AF52-01D92981DC7F}C:\games\anno\1602.exe" = protocol=17 | dir=in | app=c:\games\anno\1602.exe | "UDP Query User{A62F7840-183B-49CA-8415-104E6DCA101F}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "UDP Query User{BC2F23A7-DE05-44F5-9E61-57E449483AFD}C:\games\bg2\bgmain.exe" = protocol=17 | dir=in | app=c:\games\bg2\bgmain.exe | "UDP Query User{D66DCB00-18BE-42A5-9A73-AEC026FAB7AD}C:\games\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\games\nwn\nwmain.exe | "UDP Query User{E5C8D7F6-BF4E-42D9-B4CF-061C2BA9B38C}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{EFC4A957-4BCB-4814-971A-80949411BBBC}C:\games\anno1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\games\anno1404\tools\anno4web.exe | "UDP Query User{FF1BF362-C6DE-4389-A537-EE000102AD03}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}" = ATI Catalyst Install Manager "{3184267F-B0D9-0657-D705-0C700B481A18}" = ccc-utility64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E59637F-DA32-E400-92F6-3E84DB1DFB8D}" = CCC Help Portuguese "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{13FED2DC-8185-351F-72B2-C1CAB3A8860B}" = CCC Help Turkish "{1826A2E3-22EE-ACC6-BB3A-80EEFF23167A}" = CCC Help Danish "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A66A9AD-7BC1-8E9C-25EE-A5C2B07FA59E}" = CCC Help Finnish "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4 "{28CD5009-54CA-ED14-6A17-47803585FF5F}" = Catalyst Control Center Localization All "{28D1AF2F-9574-DABC-BA08-72F3356960D2}" = CCC Help Polish "{2A41AD80-C9C8-3CD0-2BEA-05731A9483DF}" = ccc-core-static "{2C9CA30C-E2B7-0D3A-291D-4808973E6F8C}" = CCC Help Italian "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2F4C493B-28D8-5054-13E9-91F05903887B}" = CCC Help Dutch "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{38069E07-617C-8074-4F67-BAFFFBB7E7FA}" = CCC Help Spanish "{3D4C2961-3353-4C56-B0B8-82AC1923695F}" = Catalyst Control Center - Branding "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4 "{49DA021B-1C01-36D0-ABDF-3B9BED567EED}" = CCC Help Chinese Traditional "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BDC0530-445B-47F2-36A0-758DE8903B44}" = CCC Help German "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE "{5208F7DB-9DAA-E5CA-EEC3-1B004D66A8EB}" = CCC Help Chinese Standard "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58F095F8-3F66-528A-0BF6-DF1A7B304EC0}" = CCC Help Korean "{5E38ABC5-71C2-04D8-62F0-C44B53E7DED8}" = Catalyst Control Center Graphics Previews Vista "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "{751D221F-7C37-C83F-1973-A1F92A0F4DF6}" = HydraVision "{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{913E7600-FA3A-B125-1EA6-391D59C258F6}" = CCC Help Czech "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{959DFE5E-B55F-4A0A-9E71-2970C98C3164}" = CCC Help Russian "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AEDD629-A40E-5EB1-2E70-E84DDE915C16}" = CCC Help Norwegian "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{AEDDD2D4-0BE7-71D9-2091-9F8AA4A4806D}" = Catalyst Control Center InstallProxy "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}" = HP Support Assistant "{B31D9B68-A844-191A-C652-4EA715A8CD92}" = CCC Help French "{B3435D6A-B061-D8E5-C9AD-2D63C823C50C}" = CCC Help Swedish "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ "{BE05B1E6-3C47-32DC-113B-7DB85FD6BE75}" = CCC Help Hungarian "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C6FD5FE2-3635-0C15-6D3C-95FCAA51A3CE}" = CCC Help Greek "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{D9742D19-38EE-B2BE-5902-44130C4008FA}" = CCC Help Japanese "{DBF625A1-9F84-1533-E08E-D1EBBE5001DD}" = Catalyst Control Center Graphics Previews Common "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE6E96CA-AD23-BBD7-4304-B6D4EA0F1933}" = CCC Help Thai "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E141B1E0-BA8A-750F-4106-FC6AAB8950E0}" = CCC Help English "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX "Avira AntiVir Desktop" = Avira Internet Security "Diablo II" = Diablo II "Diablo III" = Diablo III "EADM" = EA Download Manager "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PDF Complete" = PDF Complete Special Edition "PunkBusterSvc" = PunkBuster Services "WinLiveSuite" = Windows Live Essentials "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/1/2012 1:37:16 AM | Computer Name = ***-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/2/2012 5:33:17 AM | Computer Name = ***-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/4/2012 2:25:01 AM | Computer Name = Soeckchen-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/5/2012 12:55:26 PM | Computer Name = ***-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/5/2012 12:55:58 PM | Computer Name = ***-HP | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 9/6/2012 1:04:35 PM | Computer Name = ***-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/8/2012 9:48:58 AM | Computer Name = ***-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/9/2012 2:07:47 AM | Computer Name = ***-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 9/9/2012 2:08:06 PM | Computer Name = ***-HP | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 9/11/2012 2:18:46 PM | Computer Name =***-HP | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. [ Hewlett-Packard Events ] Error - 9/20/2011 1:00:13 PM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091120070006.xml File not created by asset agent Error - 9/27/2011 10:38:32 AM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091127043824.xml File not created by asset agent Error - 11/23/2011 4:07:55 PM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111123090748.xml File not created by asset agent Error - 2/28/2012 1:24:34 PM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021228062426.xml File not created by asset agent Error - 3/13/2012 12:08:21 PM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031213050814.xml File not created by asset agent Error - 4/3/2012 10:32:48 AM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041203043241.xml File not created by asset agent Error - 6/14/2012 1:35:41 AM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = Error - 6/26/2012 10:27:30 AM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061226042723.xml File not created by asset agent Error - 8/28/2012 10:01:46 AM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081228040139.xml File not created by asset agent Error - 10/2/2012 10:13:38 AM | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0 Description = [ System Events ] Error - 11/10/2012 1:20:35 PM | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11/10/2012 1:20:37 PM | Computer Name =***-HP | Source = DCOM | ID = 10005 Description = Error - 11/10/2012 1:20:35 PM | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11/10/2012 1:20:35 PM | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11/10/2012 1:20:35 PM | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11/10/2012 1:27:27 PM | Computer Name = ***-HP | Source = DCOM | ID = 10005 Description = Error - 11/10/2012 1:27:27 PM | Computer Name = ***-HP | Source = DCOM | ID = 10005 Description = Error - 11/10/2012 1:30:19 PM | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11/10/2012 1:30:19 PM | Computer Name =***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11/10/2012 1:30:19 PM | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Und der Zweite: OTL logfile created on: 11/10/2012 6:32:02 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.98 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 72.07% Memory free 7.96 Gb Paging File | 6.75 Gb Available in Paging File | 84.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917.66 Gb Total Space | 810.12 Gb Free Space | 88.28% Space Free | Partition Type: NTFS Drive D: | 13.75 Gb Total Space | 1.70 Gb Free Space | 12.33% Space Free | Partition Type: NTFS Computer Name: ***-HP | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/10 18:28:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012/11/10 17:53:02 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/11/10 17:52:33 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012/11/10 17:52:27 | 000,379,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012/11/10 17:52:26 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/11/10 17:52:26 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/11/10 17:52:25 | 000,633,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012/06/20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011/11/25 21:27:35 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010/11/23 17:55:08 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe PRC - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2010/08/21 01:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/02/22 10:44:20 | 000,577,792 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe PRC - [2010/02/22 10:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe PRC - [2009/06/30 20:24:36 | 000,762,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2008/09/29 17:37:44 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/11/23 18:21:52 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/09/27 21:10:00 | 000,270,336 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/03/01 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/11/10 17:53:02 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/11/10 17:52:33 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012/11/10 17:52:27 | 000,379,168 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012/11/10 17:52:26 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/11/10 17:52:25 | 000,633,632 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012/10/27 16:38:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011/11/25 21:27:35 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/05/11 18:06:00 | 004,330,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010/10/05 15:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/10/05 15:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2010/08/21 01:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/22 10:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/11/10 17:53:21 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/11/10 17:53:21 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/11/10 17:53:20 | 000,140,936 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2012/11/10 17:53:20 | 000,113,808 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012/11/10 17:53:20 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/22 13:36:03 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011/05/22 13:36:03 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/23 18:53:44 | 007,886,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/11/23 17:46:42 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/27 21:10:00 | 000,517,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/09/24 16:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/09/21 03:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/09/13 14:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/09/03 07:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/07/22 03:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2010/01/22 21:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/01/22 21:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/30 20:24:40 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2006/11/30 14:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005/01/04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.0.1 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://g.uk.msn.com/HPDSK/4" FF - prefs.js..extensions.enabledAddons: divxhiqplayer@divx.com:2.1.1.94 FF - prefs.js..extensions.enabledAddons: jsdeminifier@murphy.ben.name:1.0.7 FF - prefs.js..extensions.enabledAddons: noscript@giorgiomaone.com:2.1.0.2 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=a03fec5e-2f04-4844-ab6a-c4d285a2dcd0&apn_ptnrs=%5EABT&apn_sauid=42CEFFC0-9C43-45CB-AC55-5B7526EE2D22&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 16:38:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 16:38:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/26 13:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012/10/23 13:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***AppData\Roaming\mozilla\Firefox\Profiles\9mlplk3g.default\extensions [2011/05/19 19:29:29 | 000,000,000 | ---D | M] (DivX) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9mlplk3g.default\extensions\divxhiqplayer@divx.com [2011/05/19 19:29:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9mlplk3g.default\extensions\noscript@giorgiomaone.com [2012/01/16 15:37:53 | 000,013,780 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9mlplk3g.default\extensions\jsdeminifier@murphy.ben.name.xpi [2012/10/27 16:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/27 16:38:25 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/21 20:18:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/14 17:25:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/21 20:18:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/21 20:18:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/21 20:18:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/21 20:18:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX) - {1E37A1FF-843E-4627-A8C4-00279C4ACDC2} - C:\Users\Soeckchen\AppData\Roaming\DivX\IE\DivX.dll (DivX, LLC. Rovi Corporation) O2 - BHO: (NoScript) - {601369AE-97AF-4402-807D-7516155B484B} - C:\Users\***\AppData\Roaming\NoScript\IE\NoScript.dll (Giorgio Maone) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard ) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [{2C7710C4-580B-11E0-BCCA-806E6F6E6963}] C:\Users\Soeckchen\AppData\Roaming\Microsoft\loadhst.exe File not found O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - Startup: C:\Users\Soeckchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75DD66AE-0374-4CFD-B4A7-5B112F112E16}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/10 17:58:12 | 000,000,000 | ---D | C] -- C:\Users\Soeckchen\AppData\Roaming\Avira [2012/11/10 17:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/11/10 17:57:58 | 000,140,936 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2012/11/10 17:57:58 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/11/10 17:57:58 | 000,113,808 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2012/11/10 17:57:58 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/11/10 17:57:58 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012/11/10 17:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012/11/10 17:40:26 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/11/09 21:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NTIReg [2012/11/09 21:16:19 | 000,018,432 | ---- | C] (NewTech Infosystems, Inc.) -- C:\Windows\SysNative\drivers\NTIDrvr.sys [2012/11/09 21:16:19 | 000,016,896 | ---- | C] (NewTech Infosystems Corporation) -- C:\Windows\SysNative\drivers\UBHelper.sys [2012/11/09 21:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\Xp_x86 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\w2k_x86 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\Vista_x86 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\Vista_ia64 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\Vista_amd64 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\2003_x86 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\2003_ia64 [2012/11/09 21:16:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti\2003_amd64 [2012/11/09 21:16:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\nti [2012/11/09 21:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewTech Infosystems [2012/11/09 21:12:10 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012/11/09 07:03:24 | 000,000,000 | ---D | C] -- C:\Users\Soeckchen\AppData\Local\AskToolbar [2012/11/09 07:03:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012/10/27 16:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/15 06:31:31 | 000,000,000 | ---D | C] -- C:\Users\Soeckchen\AppData\Local\Macromedia [2012/10/15 06:30:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/10 18:32:43 | 001,492,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/10 18:32:43 | 000,651,996 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/11/10 18:32:43 | 000,614,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/10 18:32:43 | 000,129,036 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/11/10 18:32:43 | 000,105,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/10 18:30:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/10 18:30:43 | 3207,495,680 | -HS- | M] () -- C:\hiberfil.sys [2012/11/10 18:26:39 | 000,000,000 | ---- | M] () -- C:\Users\Soeckchen\defogger_reenable [2012/11/10 18:11:08 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/10 18:11:08 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/10 17:58:10 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/11/10 17:53:21 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/11/10 17:53:21 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012/11/10 17:53:20 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2012/11/10 17:53:20 | 000,113,808 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2012/11/10 17:53:20 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/11/10 15:44:27 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/11/09 22:14:16 | 000,002,038 | ---- | M] () -- C:\Users\Soeckchen\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012/11/09 22:14:16 | 000,001,967 | ---- | M] () -- C:\Users\Soeckchen\Desktop\Avira DE-Cleaner.lnk [2012/11/09 21:16:07 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Backup Now EZ.lnk [2012/11/09 07:03:18 | 000,000,828 | ---- | M] () -- C:\Users\Soeckchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/11/07 07:13:54 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSoeckchen.job [2012/11/02 21:43:05 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSOECKCHEN-HP$.job [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/10 18:26:39 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012/11/10 17:58:10 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/11/09 22:14:16 | 000,002,038 | ---- | C] () -- C:\Users\***\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012/11/09 22:14:16 | 000,001,967 | ---- | C] () -- C:\Users\***\Desktop\Avira DE-Cleaner.lnk [2012/11/09 21:16:07 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Backup Now EZ.lnk [2012/11/09 07:03:18 | 000,000,828 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/11/09 07:03:17 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2011/11/25 21:27:37 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/11/25 21:27:35 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011/11/25 21:27:35 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/05/30 15:41:42 | 000,038,405 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011/05/30 15:22:47 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/25 15:15:07 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2011/05/08 17:27:40 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011/05/08 17:27:40 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011/05/08 17:27:40 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011/04/18 20:06:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/03/27 00:44:19 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/03/27 00:04:07 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/03/26 23:53:17 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011/03/26 23:52:30 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011/03/26 23:47:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/10 18:04:50 | 000,000,000 | ---D | M] -- C:\Users\Soeckchen\AppData\Roaming\Ekpo [2011/04/24 05:47:54 | 000,000,000 | ---D | M] -- C:\Users\Soeckchen\AppData\Roaming\Enjao [2011/04/18 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\Soeckchen\AppData\Roaming\PictureMover [2011/05/22 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\Soeckchen\AppData\Roaming\Ubisoft [2011/04/25 21:55:30 | 000,000,000 | ---D | M] -- C:\Users\Soeckchen\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1 [2011/04/24 15:02:53 | 000,000,000 | ---D | M] -- C:\Users\Soeckchen\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > So , falls ich was vergessen habe was helfen kann, bitte fragen. Würde das Problem gerne los werden ohne den PC platt zu machen. Meine Persönlichen Daten hab ich schon gesichert falls es nicht anders geht! Ich hoffe mir kann einer helfen, auch wenn es nur ein Tipp ist  Und aufjedenfall schonmal im vorraus Danke, falls ich das vergessen sollte!!! Viele freundliche Grüße an Euch Eule |
|
10.11.2012, 20:20
| #2 |
| /// Malware-holic   |  GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? hi
__________________wir arbeiten auch mit einigen polizei dienststellen zusammen, und senden denen einiges an daten :-) dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - Startup: C:\Users\Soeckchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
:Files
:Commands
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel wenn dies erledigt ist, bittemelden.
__________________ |
|
10.11.2012, 22:14
| #3 |
| | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? Hey, das ging ja schnell
__________________So ich hoffe das ist so richtig! [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799 [LocalizedFileNames] Play HP Games.lnk=@C:\PROGRA~2\HPGAME~1\HPGAME~1\MUISTA~1.EXE,-105 [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183 Ordner "cache" kommt gleich! (Das mit der Polizei hatte ich nur geschrieben weil ich denke das es viele Leute gibt , mich eingeschlossen, die garnicht wissen das man damit zur Polizei gehen kann/soll) |
|
10.11.2012, 22:19
| #4 |
| /// Malware-holic | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? ja, hatte das schon so verstanden, hatte das nur noch mal als zusatz info gepostet :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2012, 22:22
| #5 |
| | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? Mh der Upload landet wo? hoffe er ist angekomm! Mir wurde gerade nichts angezeigt! |
|
10.11.2012, 23:11
| #6 |
| /// Malware-holic | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? hi warscheinlich war er zu groß File-Upload.net - Ihr kostenloser File Hoster! dort hochladen, Link als private Nachicht an mich.
__________________ --> GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? |
|
11.11.2012, 18:04
| #7 |
| | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? Nabend, ich hatte Dir heute Morgen die PN geschickt und hoffe die ist angekomm! Falls nicht sag bitte nochmal bescheid ! |
|
12.11.2012, 14:53
| #8 |
| /// Malware-holic | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? ja, danke download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.11.2012, 18:52
| #9 |
| | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? Nabend Markus, also erstmal wollte ich sagen das wenn ich etwas nicht im Abgesicherten Modus machen soll (z.B. den Scan, dann bitte sagen) und ich hab das jetzt fertig aber , ich kann den Report nicht Kopieren! Hab es gerade gefunden , Sorry! 18:48:11.0080 1612 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 18:48:11.0236 1612 ============================================================ 18:48:11.0236 1612 Current date / time: 2012/11/12 18:48:11.0236 18:48:11.0236 1612 SystemInfo: 18:48:11.0236 1612 18:48:11.0236 1612 OS Version: 6.1.7601 ServicePack: 1.0 18:48:11.0236 1612 Product type: Workstation 18:48:11.0236 1612 ComputerName: SOECKCHEN-HP 18:48:11.0236 1612 UserName: Soeckchen 18:48:11.0236 1612 Windows directory: C:\Windows 18:48:11.0236 1612 System windows directory: C:\Windows 18:48:11.0236 1612 Running under WOW64 18:48:11.0236 1612 Processor architecture: Intel x64 18:48:11.0236 1612 Number of processors: 4 18:48:11.0236 1612 Page size: 0x1000 18:48:11.0236 1612 Boot type: Safe boot with network 18:48:11.0236 1612 ============================================================ 18:48:11.0782 1612 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:48:11.0798 1612 ============================================================ 18:48:11.0798 1612 \Device\Harddisk0\DR0: 18:48:11.0798 1612 MBR partitions: 18:48:11.0798 1612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:48:11.0798 1612 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72B53000 18:48:11.0798 1612 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72B85800, BlocksNum 0x1B80800 18:48:11.0798 1612 ============================================================ 18:48:11.0813 1612 C: <-> \Device\Harddisk0\DR0\Partition2 18:48:11.0860 1612 D: <-> \Device\Harddisk0\DR0\Partition3 18:48:11.0860 1612 ============================================================ 18:48:11.0860 1612 Initialize success 18:48:11.0860 1612 ============================================================ 18:48:31.0501 1992 ============================================================ 18:48:31.0501 1992 Scan started 18:48:31.0501 1992 Mode: Manual; SigCheck; TDLFS; 18:48:31.0501 1992 ============================================================ 18:48:32.0093 1992 ================ Scan system memory ======================== 18:48:32.0093 1992 System memory - ok 18:48:32.0093 1992 ================ Scan services ============================= 18:48:32.0234 1992 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:48:32.0327 1992 1394ohci - ok 18:48:32.0374 1992 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:48:32.0374 1992 ACPI - ok 18:48:32.0390 1992 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:48:32.0452 1992 AcpiPmi - ok 18:48:32.0499 1992 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 18:48:32.0515 1992 adp94xx - ok 18:48:32.0515 1992 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 18:48:32.0530 1992 adpahci - ok 18:48:32.0546 1992 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 18:48:32.0561 1992 adpu320 - ok 18:48:32.0593 1992 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:48:32.0702 1992 AeLookupSvc - ok 18:48:32.0749 1992 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 18:48:32.0795 1992 AESTFilters - ok 18:48:32.0827 1992 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:48:32.0889 1992 AFD - ok 18:48:32.0920 1992 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:48:32.0936 1992 agp440 - ok 18:48:32.0951 1992 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:48:33.0014 1992 ALG - ok 18:48:33.0045 1992 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:48:33.0045 1992 aliide - ok 18:48:33.0076 1992 [ 694B7056F66A9DFFE18836655477589A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 18:48:33.0123 1992 AMD External Events Utility - ok 18:48:33.0123 1992 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:48:33.0123 1992 amdide - ok 18:48:33.0154 1992 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 18:48:33.0217 1992 AmdK8 - ok 18:48:33.0326 1992 [ 600C89344A1DC910E5AF3852A0BC86F4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 18:48:33.0451 1992 amdkmdag - ok 18:48:33.0482 1992 [ B191851B6FBF30532470D3541A104EEF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 18:48:33.0513 1992 amdkmdap - ok 18:48:33.0529 1992 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 18:48:33.0560 1992 AmdPPM - ok 18:48:33.0607 1992 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:48:33.0622 1992 amdsata - ok 18:48:33.0638 1992 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 18:48:33.0653 1992 amdsbs - ok 18:48:33.0653 1992 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:48:33.0669 1992 amdxata - ok 18:48:33.0794 1992 [ FE4E39D16C032F6D4CB1D57BA420D2AC ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe 18:48:33.0809 1992 AntiVirFirewallService - ok 18:48:33.0841 1992 [ 93F9164115D5AE3C39EA3CCE1C04ADB6 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 18:48:33.0856 1992 AntiVirMailService - ok 18:48:33.0903 1992 [ 280704E4458E4D0E4C4292A062F4E31C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 18:48:33.0919 1992 AntiVirSchedulerService - ok 18:48:33.0934 1992 [ 99CB78223FEAE9A51E53336C1304E62C ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 18:48:33.0934 1992 AntiVirService - ok 18:48:33.0950 1992 [ BC55F8B116B9F9CF26BEEBAC2AEDD2A9 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 18:48:33.0965 1992 AntiVirWebService - ok 18:48:34.0012 1992 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:48:34.0121 1992 AppID - ok 18:48:34.0137 1992 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:48:34.0184 1992 AppIDSvc - ok 18:48:34.0215 1992 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:48:34.0262 1992 Appinfo - ok 18:48:34.0293 1992 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 18:48:34.0293 1992 arc - ok 18:48:34.0309 1992 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 18:48:34.0309 1992 arcsas - ok 18:48:34.0324 1992 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:48:34.0371 1992 AsyncMac - ok 18:48:34.0418 1992 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:48:34.0433 1992 atapi - ok 18:48:34.0449 1992 [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 18:48:34.0465 1992 AtiHDAudioService - ok 18:48:34.0496 1992 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys 18:48:34.0511 1992 atksgt - ok 18:48:34.0558 1992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:48:34.0621 1992 AudioEndpointBuilder - ok 18:48:34.0621 1992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:48:34.0652 1992 AudioSrv - ok 18:48:34.0667 1992 [ C011DD26216BA7397B90BAD5F95A4A07 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys 18:48:34.0683 1992 avfwim - ok 18:48:34.0714 1992 [ DAD2DFAB3A76276CC2BEE3DB0EC4BADA ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys 18:48:34.0714 1992 avfwot - ok 18:48:34.0745 1992 [ 25B63A3C24A5E0223A35DE2F0D9E0FAF ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 18:48:34.0761 1992 avgntflt - ok 18:48:34.0777 1992 [ F702D64E64FF3AF7F4D9B7789D00DE27 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 18:48:34.0777 1992 avipbb - ok 18:48:34.0792 1992 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 18:48:34.0792 1992 avkmgr - ok 18:48:34.0823 1992 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:48:34.0870 1992 AxInstSV - ok 18:48:34.0901 1992 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 18:48:34.0933 1992 b06bdrv - ok 18:48:34.0948 1992 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:48:34.0995 1992 b57nd60a - ok 18:48:35.0042 1992 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:48:35.0073 1992 BDESVC - ok 18:48:35.0073 1992 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:48:35.0135 1992 Beep - ok 18:48:35.0182 1992 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:48:35.0213 1992 BFE - ok 18:48:35.0229 1992 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 18:48:35.0338 1992 BITS - ok 18:48:35.0369 1992 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:48:35.0385 1992 blbdrive - ok 18:48:35.0416 1992 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:48:35.0463 1992 bowser - ok 18:48:35.0494 1992 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:48:35.0572 1992 BrFiltLo - ok 18:48:35.0588 1992 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:48:35.0588 1992 BrFiltUp - ok 18:48:35.0619 1992 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:48:35.0650 1992 Browser - ok 18:48:35.0666 1992 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:48:35.0697 1992 Brserid - ok 18:48:35.0713 1992 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:48:35.0728 1992 BrSerWdm - ok 18:48:35.0728 1992 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:48:35.0728 1992 BrUsbMdm - ok 18:48:35.0728 1992 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:48:35.0744 1992 BrUsbSer - ok 18:48:35.0759 1992 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 18:48:35.0791 1992 BTHMODEM - ok 18:48:35.0822 1992 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:48:35.0853 1992 bthserv - ok 18:48:35.0900 1992 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:48:35.0931 1992 cdfs - ok 18:48:35.0978 1992 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 18:48:36.0009 1992 cdrom - ok 18:48:36.0056 1992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:48:36.0103 1992 CertPropSvc - ok 18:48:36.0134 1992 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 18:48:36.0149 1992 circlass - ok 18:48:36.0181 1992 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:48:36.0196 1992 CLFS - ok 18:48:36.0243 1992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:48:36.0259 1992 clr_optimization_v2.0.50727_32 - ok 18:48:36.0274 1992 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:48:36.0290 1992 clr_optimization_v2.0.50727_64 - ok 18:48:36.0368 1992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:48:36.0415 1992 clr_optimization_v4.0.30319_32 - ok 18:48:36.0430 1992 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:48:36.0461 1992 clr_optimization_v4.0.30319_64 - ok 18:48:36.0477 1992 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 18:48:36.0493 1992 CmBatt - ok 18:48:36.0539 1992 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:48:36.0539 1992 cmdide - ok 18:48:36.0571 1992 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 18:48:36.0586 1992 CNG - ok 18:48:36.0617 1992 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 18:48:36.0617 1992 Compbatt - ok 18:48:36.0633 1992 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:48:36.0664 1992 CompositeBus - ok 18:48:36.0680 1992 COMSysApp - ok 18:48:36.0695 1992 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 18:48:36.0695 1992 crcdisk - ok 18:48:36.0742 1992 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:48:36.0805 1992 CryptSvc - ok 18:48:36.0836 1992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:48:36.0883 1992 DcomLaunch - ok 18:48:36.0898 1992 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:48:36.0945 1992 defragsvc - ok 18:48:36.0976 1992 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:48:37.0023 1992 DfsC - ok 18:48:37.0039 1992 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:48:37.0085 1992 Dhcp - ok 18:48:37.0117 1992 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:48:37.0148 1992 discache - ok 18:48:37.0163 1992 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 18:48:37.0163 1992 Disk - ok 18:48:37.0195 1992 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:48:37.0226 1992 Dnscache - ok 18:48:37.0273 1992 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:48:37.0304 1992 dot3svc - ok 18:48:37.0319 1992 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:48:37.0351 1992 DPS - ok 18:48:37.0366 1992 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:48:37.0397 1992 drmkaud - ok 18:48:37.0460 1992 dump_wmimmc - ok 18:48:37.0491 1992 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:48:37.0522 1992 DXGKrnl - ok 18:48:37.0538 1992 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:48:37.0585 1992 EapHost - ok 18:48:37.0631 1992 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 18:48:37.0694 1992 ebdrv - ok 18:48:37.0709 1992 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:48:37.0725 1992 EFS - ok 18:48:37.0772 1992 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:48:37.0819 1992 ehRecvr - ok 18:48:37.0834 1992 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:48:37.0865 1992 ehSched - ok 18:48:37.0897 1992 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 18:48:37.0912 1992 elxstor - ok 18:48:37.0928 1992 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:48:37.0943 1992 ErrDev - ok 18:48:37.0975 1992 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:48:38.0006 1992 EventSystem - ok 18:48:38.0021 1992 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:48:38.0053 1992 exfat - ok 18:48:38.0068 1992 ezSharedSvc - ok 18:48:38.0084 1992 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:48:38.0131 1992 fastfat - ok 18:48:38.0193 1992 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:48:38.0240 1992 Fax - ok 18:48:38.0271 1992 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 18:48:38.0287 1992 fdc - ok 18:48:38.0302 1992 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:48:38.0333 1992 fdPHost - ok 18:48:38.0349 1992 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:48:38.0380 1992 FDResPub - ok 18:48:38.0396 1992 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:48:38.0396 1992 FileInfo - ok 18:48:38.0411 1992 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:48:38.0427 1992 Filetrace - ok 18:48:38.0443 1992 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 18:48:38.0458 1992 flpydisk - ok 18:48:38.0489 1992 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:48:38.0505 1992 FltMgr - ok 18:48:38.0536 1992 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 18:48:38.0567 1992 FontCache - ok 18:48:38.0614 1992 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:48:38.0614 1992 FontCache3.0.0.0 - ok 18:48:38.0645 1992 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:48:38.0645 1992 FsDepends - ok 18:48:38.0677 1992 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:48:38.0677 1992 Fs_Rec - ok 18:48:38.0692 1992 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:48:38.0708 1992 fvevol - ok 18:48:38.0723 1992 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 18:48:38.0739 1992 gagp30kx - ok 18:48:38.0770 1992 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:48:38.0817 1992 gpsvc - ok 18:48:38.0817 1992 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:48:38.0864 1992 hcw85cir - ok 18:48:38.0895 1992 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:48:38.0911 1992 HdAudAddService - ok 18:48:38.0942 1992 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:48:38.0957 1992 HDAudBus - ok 18:48:38.0973 1992 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 18:48:38.0989 1992 HidBatt - ok 18:48:39.0004 1992 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 18:48:39.0020 1992 HidBth - ok 18:48:39.0035 1992 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 18:48:39.0067 1992 HidIr - ok 18:48:39.0098 1992 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:48:39.0129 1992 hidserv - ok 18:48:39.0176 1992 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 18:48:39.0176 1992 HidUsb - ok 18:48:39.0207 1992 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:48:39.0269 1992 hkmsvc - ok 18:48:39.0301 1992 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:48:39.0347 1992 HomeGroupListener - ok 18:48:39.0379 1992 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:48:39.0394 1992 HomeGroupProvider - ok 18:48:39.0441 1992 [ 37965381364B2E106E1DD7D74CDCAA43 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 18:48:39.0457 1992 HP Health Check Service - ok 18:48:39.0519 1992 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 18:48:39.0535 1992 HPClientSvc - ok 18:48:39.0566 1992 [ A48A151D3FA7CB032A51453F087221C7 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 18:48:39.0581 1992 HPDrvMntSvc.exe - ok 18:48:39.0644 1992 [ 71BD8A611E0677175D3938C9CEA7339A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 18:48:39.0659 1992 hpqwmiex - ok 18:48:39.0722 1992 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:48:39.0722 1992 HpSAMD - ok 18:48:39.0784 1992 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:48:39.0831 1992 HTTP - ok 18:48:39.0878 1992 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:48:39.0878 1992 hwpolicy - ok 18:48:39.0909 1992 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:48:39.0909 1992 i8042prt - ok 18:48:39.0940 1992 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 18:48:39.0956 1992 iaStor - ok 18:48:39.0971 1992 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:48:39.0987 1992 iaStorV - ok 18:48:40.0018 1992 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:48:40.0049 1992 idsvc - ok 18:48:40.0081 1992 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 18:48:40.0096 1992 iirsp - ok 18:48:40.0127 1992 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:48:40.0159 1992 IKEEXT - ok 18:48:40.0174 1992 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:48:40.0174 1992 intelide - ok 18:48:40.0205 1992 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:48:40.0205 1992 intelppm - ok 18:48:40.0221 1992 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:48:40.0252 1992 IPBusEnum - ok 18:48:40.0283 1992 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:48:40.0299 1992 IpFilterDriver - ok 18:48:40.0315 1992 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:48:40.0346 1992 iphlpsvc - ok 18:48:40.0377 1992 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:48:40.0393 1992 IPMIDRV - ok 18:48:40.0424 1992 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:48:40.0455 1992 IPNAT - ok 18:48:40.0471 1992 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:48:40.0502 1992 IRENUM - ok 18:48:40.0517 1992 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:48:40.0517 1992 isapnp - ok 18:48:40.0533 1992 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:48:40.0549 1992 iScsiPrt - ok 18:48:40.0564 1992 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 18:48:40.0564 1992 kbdclass - ok 18:48:40.0595 1992 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 18:48:40.0627 1992 kbdhid - ok 18:48:40.0642 1992 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:48:40.0658 1992 KeyIso - ok 18:48:40.0689 1992 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:48:40.0689 1992 KSecDD - ok 18:48:40.0705 1992 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:48:40.0705 1992 KSecPkg - ok 18:48:40.0720 1992 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:48:40.0767 1992 ksthunk - ok 18:48:40.0783 1992 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:48:40.0829 1992 KtmRm - ok 18:48:40.0876 1992 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:48:40.0907 1992 LanmanServer - ok 18:48:40.0939 1992 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:48:41.0001 1992 LanmanWorkstation - ok 18:48:41.0048 1992 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 18:48:41.0048 1992 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 18:48:41.0048 1992 LightScribeService - detected UnsignedFile.Multi.Generic (1) 18:48:41.0079 1992 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys 18:48:41.0079 1992 lirsgt - ok 18:48:41.0095 1992 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:48:41.0126 1992 lltdio - ok 18:48:41.0141 1992 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:48:41.0188 1992 lltdsvc - ok 18:48:41.0204 1992 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:48:41.0235 1992 lmhosts - ok 18:48:41.0266 1992 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 18:48:41.0282 1992 LMS - ok 18:48:41.0313 1992 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 18:48:41.0313 1992 LSI_FC - ok 18:48:41.0329 1992 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 18:48:41.0329 1992 LSI_SAS - ok 18:48:41.0344 1992 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:48:41.0360 1992 LSI_SAS2 - ok 18:48:41.0360 1992 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:48:41.0375 1992 LSI_SCSI - ok 18:48:41.0391 1992 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:48:41.0438 1992 luafv - ok 18:48:41.0469 1992 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:48:41.0500 1992 Mcx2Svc - ok 18:48:41.0500 1992 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 18:48:41.0500 1992 megasas - ok 18:48:41.0531 1992 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 18:48:41.0531 1992 MegaSR - ok 18:48:41.0563 1992 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 18:48:41.0563 1992 MEIx64 - ok 18:48:41.0578 1992 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:48:41.0625 1992 MMCSS - ok 18:48:41.0656 1992 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:48:41.0687 1992 Modem - ok 18:48:41.0719 1992 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:48:41.0750 1992 monitor - ok 18:48:41.0781 1992 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 18:48:41.0797 1992 mouclass - ok 18:48:41.0797 1992 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:48:41.0812 1992 mouhid - ok 18:48:41.0843 1992 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:48:41.0843 1992 mountmgr - ok 18:48:41.0890 1992 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:48:41.0906 1992 MozillaMaintenance - ok 18:48:41.0906 1992 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:48:41.0921 1992 mpio - ok 18:48:41.0937 1992 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:48:41.0968 1992 mpsdrv - ok 18:48:42.0015 1992 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:48:42.0046 1992 MpsSvc - ok 18:48:42.0077 1992 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:48:42.0077 1992 MRxDAV - ok 18:48:42.0109 1992 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:48:42.0171 1992 mrxsmb - ok 18:48:42.0171 1992 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:48:42.0202 1992 mrxsmb10 - ok 18:48:42.0202 1992 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:48:42.0218 1992 mrxsmb20 - ok 18:48:42.0249 1992 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:48:42.0249 1992 msahci - ok 18:48:42.0249 1992 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:48:42.0265 1992 msdsm - ok 18:48:42.0280 1992 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:48:42.0311 1992 MSDTC - ok 18:48:42.0343 1992 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:48:42.0374 1992 Msfs - ok 18:48:42.0389 1992 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:48:42.0421 1992 mshidkmdf - ok 18:48:42.0436 1992 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:48:42.0452 1992 msisadrv - ok 18:48:42.0483 1992 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:48:42.0514 1992 MSiSCSI - ok 18:48:42.0514 1992 msiserver - ok 18:48:42.0530 1992 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:48:42.0561 1992 MSKSSRV - ok 18:48:42.0561 1992 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:48:42.0608 1992 MSPCLOCK - ok 18:48:42.0608 1992 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:48:42.0655 1992 MSPQM - ok 18:48:42.0686 1992 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:48:42.0701 1992 MsRPC - ok 18:48:42.0733 1992 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:48:42.0733 1992 mssmbios - ok 18:48:42.0748 1992 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:48:42.0779 1992 MSTEE - ok 18:48:42.0795 1992 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 18:48:42.0795 1992 MTConfig - ok 18:48:42.0826 1992 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:48:42.0826 1992 Mup - ok 18:48:42.0842 1992 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:48:42.0873 1992 napagent - ok 18:48:42.0889 1992 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:48:42.0920 1992 NativeWifiP - ok 18:48:42.0967 1992 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:48:42.0982 1992 NDIS - ok 18:48:42.0998 1992 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:48:43.0029 1992 NdisCap - ok 18:48:43.0045 1992 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:48:43.0060 1992 NdisTapi - ok 18:48:43.0091 1992 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:48:43.0107 1992 Ndisuio - ok 18:48:43.0138 1992 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:48:43.0169 1992 NdisWan - ok 18:48:43.0185 1992 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:48:43.0232 1992 NDProxy - ok 18:48:43.0263 1992 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:48:43.0310 1992 NetBIOS - ok 18:48:43.0325 1992 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:48:43.0357 1992 NetBT - ok 18:48:43.0372 1992 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:48:43.0372 1992 Netlogon - ok 18:48:43.0403 1992 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:48:43.0450 1992 Netman - ok 18:48:43.0481 1992 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:48:43.0481 1992 NetMsmqActivator - ok 18:48:43.0481 1992 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:48:43.0497 1992 NetPipeActivator - ok 18:48:43.0513 1992 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:48:43.0544 1992 netprofm - ok 18:48:43.0591 1992 [ 1982B291DF9833FB3ADC397EBD310A18 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 18:48:43.0606 1992 netr28x - ok 18:48:43.0622 1992 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:48:43.0622 1992 NetTcpActivator - ok 18:48:43.0637 1992 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:48:43.0637 1992 NetTcpPortSharing - ok 18:48:43.0669 1992 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 18:48:43.0669 1992 nfrd960 - ok 18:48:43.0700 1992 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:48:43.0747 1992 NlaSvc - ok 18:48:43.0778 1992 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:48:43.0793 1992 Npfs - ok 18:48:43.0809 1992 npggsvc - ok 18:48:43.0825 1992 NPPTNT2 - ok 18:48:43.0840 1992 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:48:43.0871 1992 nsi - ok 18:48:43.0887 1992 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:48:43.0918 1992 nsiproxy - ok 18:48:43.0965 1992 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:48:43.0996 1992 Ntfs - ok 18:48:44.0059 1992 [ 55FB9E77BF6DDC0013DDF5983DD8FE35 ] NTI BackupNowEZSvr C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe 18:48:44.0074 1992 NTI BackupNowEZSvr - ok 18:48:44.0105 1992 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys 18:48:44.0105 1992 NTIDrvr - ok 18:48:44.0121 1992 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:48:44.0168 1992 Null - ok 18:48:44.0199 1992 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 18:48:44.0230 1992 nusb3hub - ok 18:48:44.0246 1992 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 18:48:44.0261 1992 nusb3xhc - ok 18:48:44.0277 1992 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:48:44.0293 1992 nvraid - ok 18:48:44.0324 1992 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:48:44.0324 1992 nvstor - ok 18:48:44.0355 1992 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:48:44.0355 1992 nv_agp - ok 18:48:44.0371 1992 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:48:44.0371 1992 ohci1394 - ok 18:48:44.0402 1992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:48:44.0433 1992 p2pimsvc - ok 18:48:44.0449 1992 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:48:44.0464 1992 p2psvc - ok 18:48:44.0480 1992 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 18:48:44.0495 1992 Parport - ok 18:48:44.0527 1992 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:48:44.0527 1992 partmgr - ok 18:48:44.0542 1992 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:48:44.0558 1992 PcaSvc - ok 18:48:44.0573 1992 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:48:44.0589 1992 pci - ok 18:48:44.0620 1992 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:48:44.0620 1992 pciide - ok 18:48:44.0651 1992 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 18:48:44.0651 1992 pcmcia - ok 18:48:44.0667 1992 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:48:44.0667 1992 pcw - ok 18:48:44.0698 1992 pdfcDispatcher - ok 18:48:44.0714 1992 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:48:44.0761 1992 PEAUTH - ok 18:48:44.0823 1992 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:48:44.0839 1992 PerfHost - ok 18:48:44.0870 1992 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:48:44.0917 1992 pla - ok 18:48:44.0948 1992 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:48:44.0979 1992 PlugPlay - ok 18:48:44.0979 1992 PnkBstrA - ok 18:48:45.0010 1992 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:48:45.0041 1992 PNRPAutoReg - ok 18:48:45.0073 1992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:48:45.0073 1992 PNRPsvc - ok 18:48:45.0088 1992 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:48:45.0119 1992 PolicyAgent - ok 18:48:45.0151 1992 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:48:45.0182 1992 Power - ok 18:48:45.0213 1992 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:48:45.0244 1992 PptpMiniport - ok 18:48:45.0260 1992 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 18:48:45.0275 1992 Processor - ok 18:48:45.0307 1992 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:48:45.0353 1992 ProfSvc - ok 18:48:45.0369 1992 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:48:45.0369 1992 ProtectedStorage - ok 18:48:45.0400 1992 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:48:45.0431 1992 Psched - ok 18:48:45.0447 1992 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 18:48:45.0478 1992 ql2300 - ok 18:48:45.0494 1992 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 18:48:45.0494 1992 ql40xx - ok 18:48:45.0525 1992 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:48:45.0541 1992 QWAVE - ok 18:48:45.0556 1992 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:48:45.0572 1992 QWAVEdrv - ok 18:48:45.0603 1992 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:48:45.0650 1992 RasAcd - ok 18:48:45.0681 1992 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:48:45.0712 1992 RasAgileVpn - ok 18:48:45.0712 1992 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:48:45.0759 1992 RasAuto - ok 18:48:45.0790 1992 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:48:45.0821 1992 Rasl2tp - ok 18:48:45.0837 1992 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:48:45.0899 1992 RasMan - ok 18:48:45.0931 1992 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:48:45.0962 1992 RasPppoe - ok 18:48:45.0993 1992 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:48:46.0009 1992 RasSstp - ok 18:48:46.0040 1992 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:48:46.0087 1992 rdbss - ok 18:48:46.0087 1992 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 18:48:46.0102 1992 rdpbus - ok 18:48:46.0118 1992 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:48:46.0133 1992 RDPCDD - ok 18:48:46.0149 1992 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:48:46.0180 1992 RDPENCDD - ok 18:48:46.0196 1992 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:48:46.0227 1992 RDPREFMP - ok 18:48:46.0258 1992 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:48:46.0274 1992 RDPWD - ok 18:48:46.0321 1992 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:48:46.0321 1992 rdyboost - ok 18:48:46.0336 1992 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:48:46.0383 1992 RemoteAccess - ok 18:48:46.0414 1992 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:48:46.0445 1992 RemoteRegistry - ok 18:48:46.0461 1992 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:48:46.0477 1992 RpcEptMapper - ok 18:48:46.0477 1992 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:48:46.0508 1992 RpcLocator - ok 18:48:46.0555 1992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:48:46.0586 1992 RpcSs - ok 18:48:46.0601 1992 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:48:46.0648 1992 rspndr - ok 18:48:46.0679 1992 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 18:48:46.0695 1992 RTL8167 - ok 18:48:46.0711 1992 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:48:46.0711 1992 SamSs - ok 18:48:46.0742 1992 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:48:46.0757 1992 sbp2port - ok 18:48:46.0773 1992 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:48:46.0820 1992 SCardSvr - ok 18:48:46.0867 1992 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:48:46.0898 1992 scfilter - ok 18:48:46.0945 1992 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:48:46.0991 1992 Schedule - ok 18:48:47.0038 1992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:48:47.0054 1992 SCPolicySvc - ok 18:48:47.0085 1992 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:48:47.0101 1992 SDRSVC - ok 18:48:47.0116 1992 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:48:47.0163 1992 secdrv - ok 18:48:47.0163 1992 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:48:47.0194 1992 seclogon - ok 18:48:47.0210 1992 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:48:47.0241 1992 SENS - ok 18:48:47.0257 1992 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:48:47.0272 1992 SensrSvc - ok 18:48:47.0288 1992 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 18:48:47.0303 1992 Serenum - ok 18:48:47.0319 1992 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 18:48:47.0319 1992 Serial - ok 18:48:47.0335 1992 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 18:48:47.0366 1992 sermouse - ok 18:48:47.0397 1992 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:48:47.0428 1992 SessionEnv - ok 18:48:47.0444 1992 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:48:47.0475 1992 sffdisk - ok 18:48:47.0491 1992 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:48:47.0506 1992 sffp_mmc - ok 18:48:47.0506 1992 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:48:47.0522 1992 sffp_sd - ok 18:48:47.0522 1992 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 18:48:47.0537 1992 sfloppy - ok 18:48:47.0569 1992 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:48:47.0600 1992 SharedAccess - ok 18:48:47.0647 1992 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:48:47.0678 1992 ShellHWDetection - ok 18:48:47.0693 1992 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:48:47.0693 1992 SiSRaid2 - ok 18:48:47.0709 1992 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 18:48:47.0725 1992 SiSRaid4 - ok 18:48:47.0740 1992 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:48:47.0771 1992 Smb - ok 18:48:47.0803 1992 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:48:47.0803 1992 SNMPTRAP - ok 18:48:47.0818 1992 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:48:47.0834 1992 spldr - ok 18:48:47.0865 1992 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 18:48:47.0896 1992 Spooler - ok 18:48:47.0959 1992 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:48:48.0037 1992 sppsvc - ok 18:48:48.0068 1992 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:48:48.0083 1992 sppuinotify - ok 18:48:48.0115 1992 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:48:48.0146 1992 srv - ok 18:48:48.0161 1992 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:48:48.0177 1992 srv2 - ok 18:48:48.0193 1992 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:48:48.0208 1992 srvnet - ok 18:48:48.0239 1992 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:48:48.0271 1992 SSDPSRV - ok 18:48:48.0286 1992 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:48:48.0317 1992 SstpSvc - ok 18:48:48.0364 1992 [ BACF09A6426AA666F9BDB7D1A7BD1BA7 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 18:48:48.0395 1992 STacSV - ok 18:48:48.0427 1992 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 18:48:48.0427 1992 stexstor - ok 18:48:48.0442 1992 [ 84311D693857D5AE2E397B43C91F7B41 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 18:48:48.0458 1992 STHDA - ok 18:48:48.0505 1992 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:48:48.0520 1992 stisvc - ok 18:48:48.0536 1992 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 18:48:48.0536 1992 swenum - ok 18:48:48.0567 1992 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:48:48.0598 1992 swprv - ok 18:48:48.0645 1992 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:48:48.0692 1992 SysMain - ok 18:48:48.0723 1992 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:48:48.0739 1992 TabletInputService - ok 18:48:48.0754 1992 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:48:48.0785 1992 TapiSrv - ok 18:48:48.0801 1992 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:48:48.0832 1992 TBS - ok 18:48:48.0879 1992 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:48:48.0910 1992 Tcpip - ok 18:48:48.0941 1992 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:48:48.0973 1992 TCPIP6 - ok 18:48:48.0988 1992 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:48:49.0035 1992 tcpipreg - ok 18:48:49.0066 1992 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:48:49.0113 1992 TDPIPE - ok 18:48:49.0129 1992 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:48:49.0144 1992 TDTCP - ok 18:48:49.0175 1992 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:48:49.0222 1992 tdx - ok 18:48:49.0222 1992 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:48:49.0238 1992 TermDD - ok 18:48:49.0253 1992 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:48:49.0300 1992 TermService - ok 18:48:49.0331 1992 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:48:49.0347 1992 Themes - ok 18:48:49.0363 1992 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:48:49.0378 1992 THREADORDER - ok 18:48:49.0394 1992 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:48:49.0441 1992 TrkWks - ok 18:48:49.0472 1992 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:48:49.0503 1992 TrustedInstaller - ok 18:48:49.0534 1992 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:48:49.0550 1992 tssecsrv - ok 18:48:49.0597 1992 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:48:49.0612 1992 TsUsbFlt - ok 18:48:49.0659 1992 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:48:49.0690 1992 tunnel - ok 18:48:49.0721 1992 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 18:48:49.0721 1992 uagp35 - ok 18:48:49.0737 1992 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 18:48:49.0753 1992 UBHelper - ok 18:48:49.0784 1992 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:48:49.0815 1992 udfs - ok 18:48:49.0831 1992 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:48:49.0846 1992 UI0Detect - ok 18:48:49.0862 1992 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:48:49.0877 1992 uliagpkx - ok 18:48:49.0909 1992 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 18:48:49.0924 1992 umbus - ok 18:48:49.0940 1992 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 18:48:49.0955 1992 UmPass - ok 18:48:50.0018 1992 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 18:48:50.0065 1992 UNS - ok 18:48:50.0080 1992 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:48:50.0111 1992 upnphost - ok 18:48:50.0158 1992 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 18:48:50.0174 1992 usbaudio - ok 18:48:50.0189 1992 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:48:50.0205 1992 usbccgp - ok 18:48:50.0221 1992 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:48:50.0252 1992 usbcir - ok 18:48:50.0283 1992 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 18:48:50.0299 1992 usbehci - ok 18:48:50.0330 1992 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:48:50.0330 1992 usbhub - ok 18:48:50.0345 1992 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:48:50.0361 1992 usbohci - ok 18:48:50.0392 1992 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:48:50.0392 1992 usbprint - ok 18:48:50.0423 1992 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 18:48:50.0423 1992 usbscan - ok 18:48:50.0439 1992 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:48:50.0470 1992 USBSTOR - ok 18:48:50.0486 1992 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:48:50.0486 1992 usbuhci - ok 18:48:50.0501 1992 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:48:50.0533 1992 UxSms - ok 18:48:50.0548 1992 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:48:50.0548 1992 VaultSvc - ok 18:48:50.0595 1992 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:48:50.0595 1992 vdrvroot - ok 18:48:50.0642 1992 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:48:50.0673 1992 vds - ok 18:48:50.0689 1992 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:48:50.0689 1992 vga - ok 18:48:50.0704 1992 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:48:50.0735 1992 VgaSave - ok 18:48:50.0751 1992 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:48:50.0751 1992 vhdmp - ok 18:48:50.0767 1992 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:48:50.0767 1992 viaide - ok 18:48:50.0782 1992 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:48:50.0798 1992 volmgr - ok 18:48:50.0829 1992 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:48:50.0829 1992 volmgrx - ok 18:48:50.0860 1992 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:48:50.0860 1992 volsnap - ok 18:48:50.0876 1992 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 18:48:50.0891 1992 vsmraid - ok 18:48:50.0938 1992 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:48:50.0985 1992 VSS - ok 18:48:51.0001 1992 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:48:51.0032 1992 vwifibus - ok 18:48:51.0063 1992 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:48:51.0063 1992 vwififlt - ok 18:48:51.0110 1992 [ 7959EA6EADC1AAF7FB40678F0BAB4C0E ] VX1000 C:\Windows\system32\DRIVERS\VX1000.sys 18:48:51.0157 1992 VX1000 - ok 18:48:51.0172 1992 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:48:51.0203 1992 W32Time - ok 18:48:51.0219 1992 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 18:48:51.0219 1992 WacomPen - ok 18:48:51.0266 1992 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:48:51.0297 1992 WANARP - ok 18:48:51.0297 1992 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:48:51.0313 1992 Wanarpv6 - ok 18:48:51.0359 1992 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:48:51.0391 1992 wbengine - ok 18:48:51.0406 1992 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:48:51.0422 1992 WbioSrvc - ok 18:48:51.0453 1992 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:48:51.0469 1992 wcncsvc - ok 18:48:51.0484 1992 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:48:51.0500 1992 WcsPlugInService - ok 18:48:51.0515 1992 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 18:48:51.0531 1992 Wd - ok 18:48:51.0547 1992 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:48:51.0562 1992 Wdf01000 - ok 18:48:51.0578 1992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:48:51.0656 1992 WdiServiceHost - ok 18:48:51.0656 1992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:48:51.0656 1992 WdiSystemHost - ok 18:48:51.0703 1992 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:48:51.0718 1992 WebClient - ok 18:48:51.0749 1992 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:48:51.0781 1992 Wecsvc - ok 18:48:51.0812 1992 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:48:51.0859 1992 wercplsupport - ok 18:48:51.0874 1992 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:48:51.0921 1992 WerSvc - ok 18:48:51.0937 1992 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:48:51.0968 1992 WfpLwf - ok 18:48:51.0983 1992 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:48:51.0999 1992 WIMMount - ok 18:48:52.0015 1992 WinDefend - ok 18:48:52.0015 1992 WinHttpAutoProxySvc - ok 18:48:52.0046 1992 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:48:52.0093 1992 Winmgmt - ok 18:48:52.0139 1992 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:48:52.0186 1992 WinRM - ok 18:48:52.0217 1992 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:48:52.0249 1992 Wlansvc - ok 18:48:52.0327 1992 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:48:52.0373 1992 wlidsvc - ok 18:48:52.0420 1992 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:48:52.0451 1992 WmiAcpi - ok 18:48:52.0467 1992 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:48:52.0483 1992 wmiApSrv - ok 18:48:52.0498 1992 WMPNetworkSvc - ok 18:48:52.0514 1992 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:48:52.0529 1992 WPCSvc - ok 18:48:52.0561 1992 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:48:52.0576 1992 WPDBusEnum - ok 18:48:52.0592 1992 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:48:52.0623 1992 ws2ifsl - ok 18:48:52.0623 1992 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 18:48:52.0654 1992 wscsvc - ok 18:48:52.0654 1992 WSearch - ok 18:48:52.0701 1992 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:48:52.0748 1992 wuauserv - ok 18:48:52.0763 1992 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:48:52.0795 1992 WudfPf - ok 18:48:52.0826 1992 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:48:52.0857 1992 WUDFRd - ok 18:48:52.0888 1992 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:48:52.0904 1992 wudfsvc - ok 18:48:52.0935 1992 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:48:52.0982 1992 WwanSvc - ok 18:48:53.0029 1992 [ 6533F30045B0A234783BD8B4069F0433 ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys 18:48:53.0044 1992 XUIF - ok 18:48:53.0044 1992 ================ Scan global =============================== 18:48:53.0060 1992 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:48:53.0091 1992 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 18:48:53.0091 1992 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 18:48:53.0122 1992 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:48:53.0138 1992 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:48:53.0138 1992 [Global] - ok 18:48:53.0138 1992 ================ Scan MBR ================================== 18:48:53.0153 1992 [ 2BD849EB2119DACECBF2A38BD98F573E ] \Device\Harddisk0\DR0 18:48:53.0403 1992 \Device\Harddisk0\DR0 - ok 18:48:53.0403 1992 ================ Scan VBR ================================== 18:48:53.0403 1992 [ 341B2E825C4CD8A8A3A24036263146D5 ] \Device\Harddisk0\DR0\Partition1 18:48:53.0403 1992 \Device\Harddisk0\DR0\Partition1 - ok 18:48:53.0450 1992 [ 7376EA34799D489FBA2F4AFC4A4A1210 ] \Device\Harddisk0\DR0\Partition2 18:48:53.0450 1992 \Device\Harddisk0\DR0\Partition2 - ok 18:48:53.0481 1992 [ 8D4104115E619EA784B7D225D2B01FF2 ] \Device\Harddisk0\DR0\Partition3 18:48:53.0481 1992 \Device\Harddisk0\DR0\Partition3 - ok 18:48:53.0481 1992 ============================================================ 18:48:53.0481 1992 Scan finished 18:48:53.0481 1992 ============================================================ 18:48:53.0481 1384 Detected object count: 1 18:48:53.0481 1384 Actual detected object count: 1 18:49:04.0916 1384 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 18:49:04.0916 1384 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:49:37.0458 1764 Deinitialize success |
|
12.11.2012, 19:32
| #10 | |
| /// Malware-holic | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? der normale modus sollte gehen, teste es. und arbeite dort. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.11.2012, 21:01
| #11 |
| | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? Das hättest du mir auch früher sagen können xD  er läuft, aber sehr lahm!Na dann mal an die nächste aufgabe! So auch erledigt! Code:
ATTFilter ComboFix 12-11-12.03 - Soeckchen 12.11.2012 21:07:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4079.2473 [GMT 1:00]
ausgeführt von:: c:\users\Soeckchen\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
C:\Thumbs.db
c:\users\Soeckchen\AppData\Roaming\Enjao
c:\users\Soeckchen\AppData\Roaming\Enjao\eceg.exe
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-12 bis 2012-11-12 ))))))))))))))))))))))))))))))
.
.
2012-11-12 20:15 . 2012-11-12 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-10 21:05 . 2012-11-10 21:05 -------- d-----w- C:\_OTL
2012-11-10 16:58 . 2012-11-10 16:58 -------- d-----w- c:\users\Soeckchen\AppData\Roaming\Avira
2012-11-10 16:57 . 2012-11-10 16:57 -------- d-----w- c:\program files (x86)\Avira
2012-11-10 16:57 . 2012-11-10 16:53 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-10 16:57 . 2012-11-10 16:53 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-10 16:57 . 2012-11-10 16:53 99248 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-10 16:57 . 2012-11-10 16:53 140936 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-11-10 16:57 . 2012-11-10 16:53 113808 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-11-09 20:18 . 2012-11-09 20:18 -------- d-----w- c:\programdata\NTIReg
2012-11-09 20:16 . 2009-05-05 15:46 18432 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2012-11-09 20:16 . 2009-05-05 15:46 16896 ----a-w- c:\windows\system32\drivers\UBHelper.sys
2012-11-09 20:16 . 2012-11-09 20:16 -------- d-----w- c:\windows\SysWow64\drivers\nti
2012-11-09 20:16 . 2012-11-09 20:16 -------- d-----w- c:\program files (x86)\NewTech Infosystems
2012-11-09 20:12 . 2012-11-09 20:12 -------- d-----w- c:\windows\Downloaded Installations
2012-11-09 19:30 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6249B19F-FFD6-46D7-AAB7-8634FF5A3135}\mpengine.dll
2012-11-09 06:03 . 2012-11-09 06:03 -------- d-----w- c:\users\Soeckchen\AppData\Local\AskToolbar
2012-10-24 05:40 . 2012-10-24 05:40 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-15 05:31 . 2012-10-15 05:31 -------- d-----w- c:\users\Soeckchen\AppData\Local\Macromedia
2012-10-15 05:30 . 2012-10-15 05:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-15 05:30 . 2012-10-15 05:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-15 05:30 . 2012-10-15 05:30 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 17:54 . 2011-05-08 16:06 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-28 05:11 . 2012-09-28 05:11 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-28 05:11 . 2012-09-28 05:11 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-28 05:11 . 2012-09-28 05:11 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-28 05:11 . 2012-09-28 05:11 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-28 05:11 . 2012-09-28 05:11 188904 ----a-w- c:\windows\system32\java.exe
2012-09-28 05:11 . 2012-09-28 05:11 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-14 19:19 . 2012-10-10 16:47 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 16:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 16:47 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 16:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 16:47 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 16:47 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 16:47 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 18:05 . 2012-09-22 02:31 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-22 02:31 1494528 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-22 02:31 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-22 02:31 9056256 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:03 . 2012-09-22 02:31 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:03 . 2012-09-22 02:31 735744 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:03 . 2012-09-22 02:31 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:02 . 2012-09-22 02:31 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:02 . 2012-09-22 02:31 12295680 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:02 . 2012-09-22 02:31 2453504 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 16:57 . 2012-10-10 16:47 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 16:57 . 2012-09-22 02:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 15:59 . 2012-09-22 02:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 15:20 . 2012-09-22 02:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 05:14 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 05:14 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 05:14 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 05:14 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 18:33 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 16:47 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 16:47 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 16:47 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 16:47 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 16:47 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 16:47 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 16:47 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 16:47 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 16:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 16:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 16:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 16:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 16:47 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 16:47 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 16:47 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:38 . 2012-10-10 16:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-08-20 15:38 . 2012-10-10 16:47 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1E37A1FF-843E-4627-A8C4-00279C4ACDC2}]
2011-04-29 13:49 202240 ----a-w- c:\users\Soeckchen\AppData\Roaming\DivX\IE\DivX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{601369AE-97AF-4402-807D-7516155B484B}]
2011-04-29 13:54 543232 ----a-w- c:\users\Soeckchen\AppData\Roaming\NoScript\IE\NoScript.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 11:18 1519824 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-23 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-10 384800]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"BackupNowEZtray"="c:\program files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2010-02-22 577792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;c:\games\FlyFF\FlyFF\GameGuard\dump_wmimmc.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-11-10 140936]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-10 27800]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-23 203264]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-11-10 633632]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-11-10 379168]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-10 84256]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-11-10 560416]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-02-22 45312]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-11-10 113808]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-02 c:\windows\Tasks\HPCeeScheduleForSOECKCHEN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-11-07 c:\windows\Tasks\HPCeeScheduleForSoeckchen.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-08-15 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-27 489472]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-30 762224]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75DD66AE-0374-4CFD-B4A7-5B112F112E16}: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Soeckchen\AppData\Roaming\Mozilla\Firefox\Profiles\9mlplk3g.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://g.uk.msn.com/HPDSK/4
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=a03fec5e-2f04-4844-ab6a-c4d285a2dcd0&apn_ptnrs=%5EABT&apn_sauid=42CEFFC0-9C43-45CB-AC55-5B7526EE2D22&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-{2C7710C4-580B-11E0-BCCA-806E6F6E6963} - c:\users\Soeckchen\AppData\Roaming\Microsoft\loadhst.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-12 21:17:56
ComboFix-quarantined-files.txt 2012-11-12 20:17
.
Vor Suchlauf: 10 Verzeichnis(se), 870.038.695.936 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 871.574.597.632 Bytes frei
.
- - End Of File - - 648B905219512CE11E95433E5E0074FF
|
|
13.11.2012, 18:28
| #12 |
| /// Malware-holic | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? hi öffne computer, c: qoobox rechtsklick quarantain, mit winrar oder zip packen, und dann hochladen: Trojaner-Board Upload Channel wenn fertig, bitte melden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.11.2012, 18:44
| #13 |
| | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? Sicherheitshinweis von AVIRA Der Zugriff auf dei Datei c\qoobox\c..\users\eceg.exe,vir', die ein Virus oder unerwünschtes Programm TR\Injector.ace enthält, wurde verweigert. Sie können die Datei entfernen oder weitere Information über das Problem abrufen. Was soll ich tun? Entfernen höchstwahrscheinlich nicht?? Bze AVIRA ausschalten um die Datei zu packen? |
|
13.11.2012, 19:23
| #14 |
| /// Malware-holic | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.11.2012, 19:25
| #15 |
| | GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? ich mache online banking und zahle auch über internet. wieso? die frage macht mir angst |
|
| Themen zu GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen? |
| autorun, avira, avira searchfree toolbar, battle.net, bho, browser, browser.exe, desktop, entfernen, error, erste mal, fehler, flash player, frage, home, install.exe, internet, logfile, mozilla, plug-in, problem, realtek, registry, richtlinie, scan, security, sekunden, server, software, svchost.exe, trojaner, windows |
Linear-Darstellung
