| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mein PC verschickt e-mailsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.03.2013, 20:42
| #1 |
| |  Mein PC verschickt e-mails Hallo, Von meiner e-mail Adresse wurden seit dem 12.3.2013 Mahnungen für eine Groupon-Mitgliedschaft mit folgendem oder ähnlichem Inhalt verschickt: <xxx@aol.com> --- The header of the original message is following. --- Received: from mailout-de.gmx.net ([10.1.76.4]) by mrigmx.server.lan (mrigmx002) with ESMTP (Nemesis) id 0Lyxby-1UkkoR1CBU-014Ca5 for <xxx@aol.com>; Thu, 14 Mar 2013 15:25:19 +0100 Received: (qmail invoked by alias); 14 Mar 2013 14:25:13 -0000 Received: from p4FF3DF46.dip.t-dialin.net (EHLO lexa1979-PC) [79.243.223.70] by mail.gmx.net (mp004) with SMTP; 14 Mar 2013 15:25:13 +0100 X-Authenticated: #33423885 X-Provags-ID: V01U2FsdGVkX1+a8ElR/JKaRPcy/nuu0jhjsA30MpNO8A/wGYv2/V PsND/WOd8SLHVA From: <yyy yyy@gmx.de> To: "xxx xxx" <xxx@aol.com> Subject: xxx xxxMahnung Ihrer Groupon.de Mitgliedschaft xxx xxx Date: Thu, 14 Mar 2013 14:24:47 GMT MIME-Version: 1.0 X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-Priority: 3 Content-Type: multipart/mixed; boundary="=-XC66EB7797" X-Y-GMX-Trusted: 0 Festgestellt habe ich dies nur durch Rückläufer, die offenbar wegen einer falschen e-mail Adresse nicht angekommen sind. Ich habe nun mein Passwort geändert. Seit dem habe ich auch keine Rückläufer mehr bekommen. Ich habe auch einen Nortonscan gemacht, der findet keine Viren. Die Polizei, bei der ich Anzeige gegen unbekannt erstattet habe, meinte jedoch, es wäre ratsam den PC neu zu installieren. Ist das wirklich nötig?  Ich weiß nicht ob der Rechner zu hause infiziert ist, weil ich mich auch zb in der Uni an anderen PCs mit meiner e-mail angemeldet habe. (Die Namen in der oben angeführten e-mail habe ich durch xxx, bzw yyy geändert) Ich hoffe ihr könnt mir helfen. Liebe Grüße Simone Geändert von boesel (18.03.2013 um 21:06 Uhr) |
|
19.03.2013, 12:53
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Mein PC verschickt e-mails Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
19.03.2013, 15:11
| #3 |
| | Mein PC verschickt e-mails OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 19.03.2013 15:01:38 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Juergen\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,79% Memory free
7,96 Gb Paging File | 6,25 Gb Available in Paging File | 78,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1356,17 Gb Total Space | 1205,58 Gb Free Space | 88,90% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 20,94 Gb Free Space | 52,35% Space Free | Partition Type: NTFS
Computer Name: JUERGEN-PC | User Name: Juergen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1295584570-3174185841-2463311283-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A63AE0B-9ED0-425D-8535-214AAC3DB2B4}" = rport=138 | protocol=17 | dir=out | app=system |
"{312895AC-BE74-44B2-B791-1CFBF10D80F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E5C6A75-9DE6-42E3-A609-25DCE8AF501B}" = lport=138 | protocol=17 | dir=in | app=system |
"{7AC7DCB4-EFDE-4DCB-A4D9-BC17FE1855DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{83A7B532-4A8C-4918-B91B-56FFB8586E94}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8443EE03-82EC-4A9A-A544-380F33E07B3E}" = lport=445 | protocol=6 | dir=in | app=system |
"{941F9459-19D5-45CF-97D8-D61A28A20C07}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA3CA0A3-4539-42C5-95E8-74E973CC7E31}" = rport=137 | protocol=17 | dir=out | app=system |
"{B4D78521-55EF-458E-A331-944583F53EE4}" = lport=139 | protocol=6 | dir=in | app=system |
"{B54133AB-036A-4831-AE02-E3CBA5136515}" = rport=139 | protocol=6 | dir=out | app=system |
"{B9F3473E-66B5-4C14-B1AF-84E4F888E2EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CFBD7986-8CB3-4668-825E-A63D856215B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2D9D8C4-A4B1-440B-AE4F-75ECB8917417}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA7E14F0-FE8C-4012-9F26-D77FB8B346D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E99F4BB4-EE6F-494E-B87F-D9C6F14F4AE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEC0F9B2-8ACD-428D-816C-01EEEB15F5D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10111547-2723-4BF4-8CA9-A9FAB1B9A843}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{144500F2-BDCF-4803-91F6-810265314748}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{16207F27-E370-4AFD-A963-EEA943D13737}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{345E38AE-BA99-4BC6-BA68-8ACA810A27A6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{58C9E47F-9B78-4AB5-875C-80C7E3AB6E6A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{59BD562F-E71D-47E7-BC4F-6ADD19E99D4B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6AF6008D-9CEB-45CE-BB76-7F569DCDC53E}" = protocol=6 | dir=in | app=c:\users\juergen\appdata\roaming\dropbox\bin\dropbox.exe |
"{74398BB2-F4AE-40A9-BFC7-6C0B9766F6F9}" = protocol=17 | dir=in | app=c:\users\juergen\appdata\roaming\dropbox\bin\dropbox.exe |
"{788BA632-EBBF-447B-B8C9-06DA4AB3AA57}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{86D0475D-C161-4D37-8BDA-F7F1B27C7710}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B59B287-E311-4C64-974A-98D6FE2C3C2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E7B04EA-E483-4AE3-A04A-16BCCDD83B88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8EE03C28-68F7-4422-8F68-1613884A2F2C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9488A41D-99DE-439A-9712-3BB62F439433}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{95177C8B-1886-4628-AB16-207D1A05BABC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{9AF5704F-3461-4333-B4A5-CEDCB877B388}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5D02DFB-D2D3-476D-B3BF-42996628F632}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AF9B560E-1155-4411-95A3-BED36F2E675B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{C6B33866-807B-4BB9-B2F2-32D9198EE32D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7CF622A-FC64-4C9D-AF1D-81E690CA0F49}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{F8BA434F-3751-4264-BB64-81A691281D5C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"TCP Query User{B5F08DFC-9F7F-49D0-9A3F-F3BAD221FAC5}C:\users\juergen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\juergen\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{F1CFA92D-6F86-4C82-9E60-34EA8C3A538D}C:\users\juergen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\juergen\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D587747C-370E-E29D-250C-079703113FF0}" = ATI Catalyst Install Manager
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FB2E135E-6189-7608-4EDD-DC783BEC480C}" = ccc-utility64
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{1761C93A-5ACC-C65C-3926-C157345E800A}" = CCC Help Spanish
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19FB599E-070D-6A0F-0139-EF2348BAB108}" = CCC Help English
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{2000D0AC-65F6-05F7-4C47-B2F0BB7DEC24}" = CCC Help Dutch
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C5D751A-0EFB-4EFB-B2E0-86EA580E3180}" = CCC Help Japanese
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4F45EE37-41B8-4228-A0BC-D7633632D692}" = Duden Korrektor kompakt
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58DE8215-740D-109B-C7AE-9CB4D37EE2AC}" = CCC Help Swedish
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{614B82E8-8DC2-8F12-3986-F8B76ECE1A9E}" = ccc-core-static
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E554A6F-7BA1-4FCE-ABFA-430A24631111}" = Duden Korrektor Patch 022010
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76651FD7-2B71-4B61-9F3A-E82F52F08D92}" = Konz 2013
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7DF95FC3-D6A2-8CFA-39F3-ABD3EE2EA542}" = CCC Help French
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E1807A9-AA8B-4541-9D22-ADB579051031}" = Steganos Privacy Suite 11
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82817D55-8A4B-F8FC-2A34-4A054C722FC4}" = CCC Help Italian
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{91DCFF5C-6FF9-A16C-6274-788121661298}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A68575CE-050E-4E1F-A053-58BE8D9DE7AB}" = ArcSoft MediaImpression 2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8BFA0D1-5196-2297-5559-9C5714BEDEB5}" = CCC Help German
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB27FA31-596C-47EB-2361-727D0EB0B21D}" = CCC Help Danish
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF8244F5-FDD0-482D-B680-B1D16ABB96EB}" = Fritz 8 SE Plus
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B2077E-527A-20FA-F5EE-74A4FDA58E25}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A021C2-3EB9-CB16-C0A3-9244200623C1}" = Catalyst Control Center InstallProxy
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA6D16E9-9669-9A50-019A-0508AD15BF92}" = Catalyst Control Center Localization All
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Deep Fritz 12 DL" = Deep Fritz 12 DL
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Elektro-Installationstechnik" = Elektro-Installationstechnik
"Finale NotePad 2008" = Finale NotePad 2008
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}" = Konz 2013
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MyTomTom" = MyTomTom 3.2.0.802
"N360" = Norton 360
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"SmartToolsAdressfenster-Assistentv2.50" = SmartTools Publishing • Word Adressfenster-Assistent
"SmartToolsFalz & Lochmarken-Assistentv6.50" = SmartTools Publishing • Word Falz & Lochmarken-Assistent
"SmartToolsSpalten-Assistentv1.50" = SmartTools Publishing • Excel Spalten-Assistent
"TeamViewer 6" = TeamViewer 6
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.11
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1295584570-3174185841-2463311283-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2012 16:08:13 | Computer Name = Juergen-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile
2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 14.08.2012 07:15:35 | Computer Name = Juergen-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.08.2012 09:55:19 | Computer Name = Juergen-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.08.2012 14:09:48 | Computer Name = Juergen-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.08.2012 14:44:53 | Computer Name = Juergen-PC | Source = VSS | ID = 8194
Description =
Error - 15.08.2012 02:41:55 | Computer Name = Juergen-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.08.2012 04:00:51 | Computer Name = Juergen-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.08.2012 05:37:50 | Computer Name = Juergen-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.08.2012 08:58:15 | Computer Name = Juergen-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.08.2012 09:24:01 | Computer Name = Juergen-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 16.09.2011 10:35:43 | Computer Name = Juergen-PC | Source = MCUpdate | ID = 0
Description = 16:35:43 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)
[ System Events ]
Error - 02.03.2013 06:10:00 | Computer Name = Juergen-PC | Source = DCOM | ID = 10010
Description =
Error - 05.03.2013 18:15:23 | Computer Name = Juergen-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?03.?2013 um 22:54:58 unerwartet heruntergefahren.
Error - 06.03.2013 14:11:45 | Computer Name = Juergen-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 15.03.2013 14:21:51 | Computer Name = Juergen-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.03.2013 15:01:38 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Juergen\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,79% Memory free 7,96 Gb Paging File | 6,25 Gb Available in Paging File | 78,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1356,17 Gb Total Space | 1205,58 Gb Free Space | 88,90% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 20,94 Gb Free Space | 52,35% Space Free | Partition Type: NTFS Computer Name: JUERGEN-PC | User Name: Juergen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Juergen\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files (x86)\Steganos Privacy Suite 11\SteganosHotKeyService.exe (Steganos GmbH) PRC - C:\Program Files (x86)\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe (Steganos GmbH) PRC - C:\Program Files (x86)\Steganos Privacy Suite 11\fredirstarter.exe (Steganos GmbH) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) PRC - C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Duden\Duden Korrektor\MBControls.dll () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130318.025\ex64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130318.025\eng64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130316.002\IDSviA64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SLEE_17_DRIVER) -- C:\Windows\SleeN1764.sys (Softwareentwicklung Remus - ArchiCrypt - ) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A C2 9A 19 44 DE CB 01 [binary data] IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\..\SearchScopes,DefaultScope = {A3A10BC2-7C83-4BDD-A1E0-DF160D839783} IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\..\SearchScopes\{A3A10BC2-7C83-4BDD-A1E0-DF160D839783}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_de IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=&geo=DE&ver=5 IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\..\SearchScopes\{FE35B43B-D949-4497-8F44-F1EA58B66BE1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393 IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B09F060FA-566D-42D7-BF79-97AB30863433%7D:11.1.8.9700 FF - prefs.js..extensions.enabledAddons: %7B00F0643E-B367-4779-B45D-7046EBA37A88%7D:11.1.8.9700 FF - prefs.js..extensions.enabledAddons: %7B8b86149f-01fb-4842-9dd8-4d7eb02fd055%7D:0.25.1 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%203 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.0.26 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{09F060FA-566D-42D7-BF79-97AB30863433}: C:\Program Files (x86)\Steganos Privacy Suite 11\pfplugin [2011.08.13 13:19:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Privacy Suite 11\spmplugin3 [2011.08.13 13:19:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn\ [2013.03.19 14:50:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn\ [2012.09.26 10:56:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.09 14:29:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 20:46:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 20:46:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.02 21:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juergen\AppData\Roaming\mozilla\Extensions [2012.03.02 21:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juergen\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.02.14 09:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juergen\AppData\Roaming\mozilla\Firefox\Profiles\we0fn9ju.default\extensions [2013.01.23 17:23:49 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Juergen\AppData\Roaming\mozilla\Firefox\Profiles\we0fn9ju.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2012.11.17 22:23:41 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\Juergen\AppData\Roaming\mozilla\firefox\profiles\we0fn9ju.default\extensions\compatibility@addons.mozilla.org.xpi [2012.12.11 23:24:52 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Juergen\AppData\Roaming\mozilla\firefox\profiles\we0fn9ju.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.14 09:28:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Juergen\AppData\Roaming\mozilla\firefox\profiles\we0fn9ju.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.08.12 16:32:21 | 000,002,442 | ---- | M] () -- C:\Users\Juergen\AppData\Roaming\mozilla\firefox\profiles\we0fn9ju.default\searchplugins\safesearch.xml [2013.03.08 20:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.08.13 13:19:07 | 000,000,000 | ---D | M] (Steganos Private Favorites) -- C:\PROGRAM FILES (X86)\STEGANOS PRIVACY SUITE 11\PFPLUGIN [2011.08.13 13:19:16 | 000,000,000 | ---D | M] (Steganos Password Manager) -- C:\PROGRAM FILES (X86)\STEGANOS PRIVACY SUITE 11\SPMPLUGIN3 [2013.03.19 14:50:26 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\COFFPLGN [2012.09.26 10:56:03 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPLGN [2013.03.08 20:46:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.22 11:44:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.28 22:23:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.22 11:44:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.22 11:44:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.22 11:44:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.22 11:44:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 11\SPMIEToolbar.dll (Steganos GmbH) O3 - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [SSS2009 File Redirection Starter] C:\Program Files (x86)\Steganos Privacy Suite 11\fredirstarter.exe (Steganos GmbH) O4 - HKLM..\Run: [SSS2009 HotKeys] C:\Program Files (x86)\Steganos Privacy Suite 11\SteganosHotKeyService.exe (Steganos GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden Korrektor\DKtray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-1295584570-3174185841-2463311283-1001..\Run: [SSS2009 Browser Monitor] C:\Program Files (x86)\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe (Steganos GmbH) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Juergen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Juergen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Privacy Suite 11\SPMIEToolbar.dll (Steganos GmbH) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{765A1CCB-65BB-445F-B8E5-2A5AA6604FBC}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.18 19:55:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.03.13 10:35:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 10:35:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 10:35:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 10:35:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 10:35:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 10:35:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 10:35:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 10:35:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 10:35:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 10:35:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 10:35:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 10:35:52 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 10:35:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.13 10:35:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 10:35:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 10:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.13 10:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.13 10:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.10 12:06:36 | 000,000,000 | ---D | C] -- C:\Users\Juergen\AppData\Local\{2FDD59C6-71D9-4B9E-89F8-885FBE5BD3EA} [2013.03.08 20:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.27 22:20:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.27 22:20:50 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.27 22:20:50 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.27 22:20:50 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.27 22:20:48 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.27 22:20:48 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.27 22:20:46 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 22:20:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 22:20:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 22:20:45 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.27 22:20:45 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.27 22:20:45 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.27 22:20:45 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.27 22:20:45 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.27 22:20:45 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.27 22:20:45 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.27 22:20:45 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.27 22:20:45 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.27 22:20:45 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.27 22:20:45 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 22:20:45 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 22:20:45 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 22:20:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 22:20:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 22:20:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 22:20:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 22:20:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 22:20:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 22:20:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 22:20:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 22:20:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 22:20:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 22:20:45 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 22:20:45 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 22:20:44 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.27 22:20:44 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.27 22:20:44 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.27 22:20:43 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.27 22:20:43 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.27 22:20:43 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 22:20:43 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.24 19:14:03 | 000,000,000 | ---D | C] -- C:\Users\Juergen\AppData\Local\{5EF242BD-C6B2-4659-A71E-FB312BDE47A2} [2013.02.20 18:59:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Konz2013 [2009.02.26 10:43:03 | 000,357,768 | ---- | C] (Symantec Corporation) -- C:\Users\Juergen\SymXPep2.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.19 14:56:47 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 14:56:47 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 14:49:39 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.19 14:49:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.19 14:49:28 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys [2013.03.19 13:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.19 12:32:33 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.19 12:32:33 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.19 12:32:33 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.19 12:32:33 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.19 12:32:33 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.19 12:07:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.14 17:04:29 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.14 17:04:29 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.14 17:01:58 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.13 12:01:01 | 001,959,870 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB [2013.03.10 12:07:29 | 000,092,766 | ---- | M] () -- C:\Users\Juergen\Documents\img007.jpg [2013.03.05 23:14:50 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021 [2013.02.22 19:36:00 | 014,561,280 | ---- | M] () -- C:\Users\Juergen\Documents\FRITZ.Box_Fon_WLAN_7240.73.05.22.image [2013.02.21 13:14:33 | 000,007,661 | ---- | M] () -- C:\Users\Juergen\AppData\Local\Resmon.ResmonCfg [2013.02.21 13:13:40 | 000,091,508 | ---- | M] () -- C:\Users\Juergen\Documents\cc_20130221_131316.reg [2013.02.20 23:38:40 | 000,000,169 | ---- | M] () -- C:\Windows\ChssBase.ini [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.14 17:01:58 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.14 17:01:58 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.10 12:07:29 | 000,092,766 | ---- | C] () -- C:\Users\Juergen\Documents\img007.jpg [2013.02.25 15:29:51 | 000,276,494 | ---- | C] () -- C:\Users\Juergen\Documents\FRITZ.Box Fon WLAN 7240 (UI) 73.05.05_06.12.11_0811.export [2013.02.22 19:37:30 | 014,561,280 | ---- | C] () -- C:\Users\Juergen\Documents\FRITZ.Box_Fon_WLAN_7240.73.05.22.image [2013.02.21 13:13:22 | 000,091,508 | ---- | C] () -- C:\Users\Juergen\Documents\cc_20130221_131316.reg [2012.07.19 13:34:33 | 000,581,803 | ---- | C] () -- C:\Users\Juergen\xtention_xtention.jar [2012.07.19 13:34:32 | 000,946,804 | ---- | C] () -- C:\Users\Juergen\xtention_AnchorsShelf.xml [2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.04.17 17:37:18 | 000,000,001 | R--- | C] () -- C:\Users\Juergen\serverport [2012.03.06 22:11:08 | 000,000,156 | ---- | C] () -- C:\Windows\bfe_prog.ini [2012.02.04 12:12:14 | 000,007,661 | ---- | C] () -- C:\Users\Juergen\AppData\Local\Resmon.ResmonCfg [2012.01.22 22:00:35 | 000,000,608 | ---- | C] () -- C:\Windows\wiso.ini [2011.12.06 19:35:05 | 000,000,169 | ---- | C] () -- C:\Windows\ChssBase.ini [2011.10.20 18:05:07 | 011,946,407 | ---- | C] () -- C:\Windows\SysWow64\meinfotoalbum_meinfotoalbum_uninstaller.exe [2011.08.30 17:43:23 | 000,004,096 | -H-- | C] () -- C:\Users\Juergen\AppData\Local\keyfile3.drm [2011.08.12 09:25:47 | 000,000,102 | ---- | C] () -- C:\Windows\wincmd.ini [2011.08.06 11:42:38 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.08.06 11:26:12 | 001,532,996 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.20 15:53:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2006.06.17 13:57:54 | 000,000,253 | ---- | C] () -- C:\Users\Juergen\.java.policy ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.09.19 12:48:55 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Ashampoo [2012.01.22 22:00:42 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Buhl Data Service [2011.12.29 18:00:40 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Canon [2012.12.03 22:42:49 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\ChessBase [2013.03.19 14:50:24 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Dropbox [2012.02.06 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Duden [2013.01.09 14:29:27 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\DVDVideoSoft [2013.01.09 14:29:33 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.11 07:59:09 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\FRITZ! [2012.01.09 15:14:58 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.08.12 09:26:27 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\GHISLER [2012.12.09 20:10:43 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Samsung [2012.08.14 20:30:58 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\SmartTools [2012.09.26 17:10:13 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\SoftGrid Client [2013.02.22 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Steganos [2012.05.30 09:58:53 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\TeamViewer [2011.11.09 08:46:42 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Tific [2012.03.02 21:53:46 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\TomTom [2011.08.16 21:58:31 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\TP [2012.03.07 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Ich hoffe das war so richtig?!?!?!  Soll ich das OTL Ding nun wieder vom PC runter löschen? In diesen beiden Logfiles steht sehr oft der Name Juergen (Benutzername)...das ist aber nicht mein Name, deshalb hab ich ihn jetzt nicht mit *** ersetzt. Ist das Ok? Und was nun?? :-S |
|
19.03.2013, 15:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC verschickt e-mails Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.03.2013, 15:46
| #5 |
| | Mein PC verschickt e-mails Ok stopp! also wenn ich Norton deaktiviere, kann ich das dann anschließend ganz normal wieder starten?? Aber wie? Ich habe das von einem Techniker alles anschließen und einrichten lassen...hab nun Angst, dass ich das allein nicht mehr ans laufen kriege... Soll ich das trotzdem machen? |
|
19.03.2013, 15:49
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC verschickt e-mails Du sollst es doch nur deaktivieren und nicht deinstallieren
__________________ --> Mein PC verschickt e-mails |
|
19.03.2013, 15:54
| #7 |
| | Mein PC verschickt e-mails Ok nächste blöde Frage... wie deaktiviere ich das denn?? Sorry, aber bin ein Computer-Legastheniker. Bin schon exrem stolz, dass ich das mit OTL geschafft hab  Hab jetzt mal schnell geguckt... aber ich finde auch gar nichts zum deaktivieren von Norton... ich kann es nur deinstallieren.. auch auf der Internetseite auf die man kommt, wenn man auf Hilfe klickt steht nichts dazu!! Un was nun? Geändert von boesel (19.03.2013 um 16:00 Uhr) |
|
19.03.2013, 16:22
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC verschickt e-mails Ist aus der Ferne leider nicht mal eben so zu beantworten, ich kenn diese Software bzw. deren Bedienung nicht und wir können auch nicht mal eben zu jedem der zig Virenscanner die es gibt eine bebilderte Anleitung aus dem Ärmel schütteln. Bevor du stundenlang suchst, deinstallier es einfach und mach weiter
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 17:08
| #9 |
| | Mein PC verschickt e-mails Habe nun den GMER- scan durchgeführt und Norton geht auch wieder Soll ich denn die GMER.txt- Datei auch hier posten? bis du antwortest mach ich mal weiter mit der MAlewarebytes- Geschichte Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.03.19.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Juergen :: JUERGEN-PC [administrator] 19.03.2013 17:31:13 mbar-log-2013-03-19 (17-31-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29803 Time elapsed: 7 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Also, da wurde, wie du siehst, nichts gefunden. Dann brauch ich mir keine Sorgen machen? Was ist denn mit meinem e-mail Postfach? Da ich mein Passwort geändert habe, nach dem diese mails verschickt wurden, fühle ich mich nun zwar sicherer, aber gibt es noch was, was ich beachten muss? Sollte ich vielleicht sogar eine neue e-mail Adresse erstellen müssen, oder denkst du die Gefahr ist gebannt?? Ich danke schon mal bis hier hin! So, ich füge aber trotzdem noch das Ergebnis von dem GMER ein : GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-19 16:51:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0 1397,27GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Juergen\AppData\Local\Temp\axlirfob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3016] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007755000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3016] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000775df85a 5 bytes JMP 000000017758d571
.text C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Users\Juergen\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von boesel (19.03.2013 um 17:41 Uhr) |
|
19.03.2013, 23:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC verschickt e-mails aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2013, 16:28
| #11 |
| | Mein PC verschickt e-mails Hey Cosinus, ich wollte nur Bescheid geben, dass ich im Moment nicht an dem besagten Rechner arbeiten kann. Vielleicht schaffe ich es morgen deine neuen Anweisungen zu befolgen, aber wahrscheinlich erst nach dem Wochenende. Aber sobald es geht, werde ich weiter machen und die gewünschten Sachen posten! LG Simone |
|
21.03.2013, 17:18
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC verschickt e-mails Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2013, 18:57
| #13 |
| | Mein PC verschickt e-mails Hey, hier sind die nächsten Logs...der Rest kommt noch leider weiß ich nicht wie ich das mit diesen CODE-TAgs machen muss...Das sind diese Kästchen, oder? Ich hab ds ja sogar mal gemacht, aber das habe ich nicht bewusst hinbekommen...also sorry, oder du erklärst es kurz, falls das so gar nicht geht... 18:53:57.0075 3964 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:53:57.0495 3964 ============================================================ 18:53:57.0495 3964 Current date / time: 2013/03/26 18:53:57.0495 18:53:57.0495 3964 SystemInfo: 18:53:57.0496 3964 18:53:57.0496 3964 OS Version: 6.1.7601 ServicePack: 1.0 18:53:57.0496 3964 Product type: Workstation 18:53:57.0496 3964 ComputerName: JUERGEN-PC 18:53:57.0496 3964 UserName: Juergen 18:53:57.0496 3964 Windows directory: C:\Windows 18:53:57.0496 3964 System windows directory: C:\Windows 18:53:57.0496 3964 Running under WOW64 18:53:57.0496 3964 Processor architecture: Intel x64 18:53:57.0496 3964 Number of processors: 4 18:53:57.0496 3964 Page size: 0x1000 18:53:57.0496 3964 Boot type: Normal boot 18:53:57.0496 3964 ============================================================ 18:53:58.0082 3964 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:53:58.0097 3964 ============================================================ 18:53:58.0097 3964 \Device\Harddisk0\DR0: 18:53:58.0097 3964 MBR partitions: 18:53:58.0097 3964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:53:58.0097 3964 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA9854800 18:53:58.0097 3964 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA9887000, BlocksNum 0x5000000 18:53:58.0097 3964 ============================================================ 18:53:58.0115 3964 C: <-> \Device\Harddisk0\DR0\Partition2 18:53:58.0153 3964 D: <-> \Device\Harddisk0\DR0\Partition3 18:53:58.0153 3964 ============================================================ 18:53:58.0153 3964 Initialize success 18:53:58.0153 3964 ============================================================ 18:54:01.0944 1456 ============================================================ 18:54:01.0944 1456 Scan started 18:54:01.0944 1456 Mode: Manual; 18:54:01.0944 1456 ============================================================ 18:54:02.0508 1456 ================ Scan system memory ======================== 18:54:02.0508 1456 System memory - ok 18:54:02.0510 1456 ================ Scan services ============================= 18:54:02.0642 1456 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:54:02.0646 1456 1394ohci - ok 18:54:02.0669 1456 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:54:02.0674 1456 ACPI - ok 18:54:02.0702 1456 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:54:02.0703 1456 AcpiPmi - ok 18:54:02.0809 1456 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:54:02.0810 1456 AdobeARMservice - ok 18:54:02.0921 1456 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 18:54:02.0925 1456 AdobeFlashPlayerUpdateSvc - ok 18:54:02.0962 1456 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 18:54:02.0970 1456 adp94xx - ok 18:54:02.0996 1456 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 18:54:03.0002 1456 adpahci - ok 18:54:03.0019 1456 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 18:54:03.0023 1456 adpu320 - ok 18:54:03.0039 1456 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:54:03.0041 1456 AeLookupSvc - ok 18:54:03.0082 1456 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:54:03.0088 1456 AFD - ok 18:54:03.0119 1456 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:54:03.0120 1456 agp440 - ok 18:54:03.0135 1456 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:54:03.0137 1456 ALG - ok 18:54:03.0163 1456 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:54:03.0164 1456 aliide - ok 18:54:03.0208 1456 [ 5EBA5E837D6635AEA999BAE47E186C6F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 18:54:03.0211 1456 AMD External Events Utility - ok 18:54:03.0226 1456 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:54:03.0228 1456 amdide - ok 18:54:03.0246 1456 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 18:54:03.0247 1456 AmdK8 - ok 18:54:03.0423 1456 [ DCC8177244FE79C61C4E73C65E63922A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 18:54:03.0574 1456 amdkmdag - ok 18:54:03.0597 1456 [ 7FE67D107329DC2CF89136A8E19BCEB7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 18:54:03.0600 1456 amdkmdap - ok 18:54:03.0611 1456 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 18:54:03.0612 1456 AmdPPM - ok 18:54:03.0634 1456 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:54:03.0636 1456 amdsata - ok 18:54:03.0656 1456 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 18:54:03.0659 1456 amdsbs - ok 18:54:03.0688 1456 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:54:03.0689 1456 amdxata - ok 18:54:03.0721 1456 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys 18:54:03.0723 1456 androidusb - ok 18:54:03.0740 1456 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:54:03.0741 1456 AppID - ok 18:54:03.0751 1456 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:54:03.0765 1456 AppIDSvc - ok 18:54:03.0788 1456 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:54:03.0790 1456 Appinfo - ok 18:54:03.0808 1456 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 18:54:03.0810 1456 arc - ok 18:54:03.0828 1456 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 18:54:03.0830 1456 arcsas - ok 18:54:03.0860 1456 [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys 18:54:03.0862 1456 asmthub3 - ok 18:54:03.0891 1456 [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys 18:54:03.0897 1456 asmtxhci - ok 18:54:03.0927 1456 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:54:03.0928 1456 AsyncMac - ok 18:54:03.0985 1456 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:54:03.0986 1456 atapi - ok 18:54:04.0019 1456 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 18:54:04.0021 1456 AtiHDAudioService - ok 18:54:04.0043 1456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:54:04.0051 1456 AudioEndpointBuilder - ok 18:54:04.0063 1456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:54:04.0068 1456 AudioSrv - ok 18:54:04.0115 1456 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:54:04.0117 1456 AxInstSV - ok 18:54:04.0140 1456 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 18:54:04.0147 1456 b06bdrv - ok 18:54:04.0197 1456 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:54:04.0201 1456 b57nd60a - ok 18:54:04.0213 1456 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:54:04.0216 1456 BDESVC - ok 18:54:04.0233 1456 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:54:04.0234 1456 Beep - ok 18:54:04.0298 1456 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:54:04.0308 1456 BFE - ok 18:54:04.0625 1456 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130301.001\BHDrvx64.sys 18:54:04.0641 1456 BHDrvx64 - ok 18:54:04.0675 1456 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 18:54:04.0684 1456 BITS - ok 18:54:04.0706 1456 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:54:04.0707 1456 blbdrive - ok 18:54:04.0731 1456 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:54:04.0733 1456 bowser - ok 18:54:04.0751 1456 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 18:54:04.0752 1456 BrFiltLo - ok 18:54:04.0785 1456 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 18:54:04.0786 1456 BrFiltUp - ok 18:54:04.0804 1456 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:54:04.0807 1456 Browser - ok 18:54:04.0837 1456 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:54:04.0841 1456 Brserid - ok 18:54:04.0863 1456 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:54:04.0865 1456 BrSerWdm - ok 18:54:04.0888 1456 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:54:04.0890 1456 BrUsbMdm - ok 18:54:04.0905 1456 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:54:04.0906 1456 BrUsbSer - ok 18:54:04.0920 1456 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 18:54:04.0921 1456 BTHMODEM - ok 18:54:04.0930 1456 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:54:04.0932 1456 bthserv - ok 18:54:04.0988 1456 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys 18:54:04.0991 1456 ccSet_N360 - ok 18:54:05.0004 1456 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:54:05.0006 1456 cdfs - ok 18:54:05.0026 1456 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:54:05.0028 1456 cdrom - ok 18:54:05.0039 1456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:54:05.0041 1456 CertPropSvc - ok 18:54:05.0062 1456 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 18:54:05.0063 1456 circlass - ok 18:54:05.0084 1456 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:54:05.0087 1456 CLFS - ok 18:54:05.0156 1456 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:54:05.0158 1456 clr_optimization_v2.0.50727_32 - ok 18:54:05.0192 1456 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:54:05.0194 1456 clr_optimization_v2.0.50727_64 - ok 18:54:05.0263 1456 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:54:05.0281 1456 clr_optimization_v4.0.30319_32 - ok 18:54:05.0305 1456 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:54:05.0307 1456 clr_optimization_v4.0.30319_64 - ok 18:54:05.0326 1456 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 18:54:05.0327 1456 CmBatt - ok 18:54:05.0343 1456 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:54:05.0344 1456 cmdide - ok 18:54:05.0368 1456 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 18:54:05.0374 1456 CNG - ok 18:54:05.0405 1456 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 18:54:05.0406 1456 Compbatt - ok 18:54:05.0440 1456 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 18:54:05.0442 1456 CompositeBus - ok 18:54:05.0446 1456 COMSysApp - ok 18:54:05.0474 1456 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 18:54:05.0475 1456 crcdisk - ok 18:54:05.0505 1456 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:54:05.0509 1456 CryptSvc - ok 18:54:05.0602 1456 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 18:54:05.0612 1456 cvhsvc - ok 18:54:05.0660 1456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:54:05.0668 1456 DcomLaunch - ok 18:54:05.0690 1456 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:54:05.0695 1456 defragsvc - ok 18:54:05.0707 1456 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:54:05.0709 1456 DfsC - ok 18:54:05.0732 1456 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:54:05.0737 1456 Dhcp - ok 18:54:05.0773 1456 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:54:05.0774 1456 discache - ok 18:54:05.0779 1456 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 18:54:05.0781 1456 Disk - ok 18:54:05.0798 1456 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:54:05.0801 1456 Dnscache - ok 18:54:05.0830 1456 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:54:05.0834 1456 dot3svc - ok 18:54:05.0845 1456 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:54:05.0848 1456 DPS - ok 18:54:05.0882 1456 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:54:05.0883 1456 drmkaud - ok 18:54:05.0915 1456 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:54:05.0928 1456 DXGKrnl - ok 18:54:05.0954 1456 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:54:05.0956 1456 EapHost - ok 18:54:06.0036 1456 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 18:54:06.0146 1456 ebdrv - ok 18:54:06.0235 1456 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 18:54:06.0241 1456 eeCtrl - ok 18:54:06.0257 1456 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:54:06.0259 1456 EFS - ok 18:54:06.0296 1456 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:54:06.0305 1456 ehRecvr - ok 18:54:06.0315 1456 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:54:06.0318 1456 ehSched - ok 18:54:06.0338 1456 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 18:54:06.0345 1456 elxstor - ok 18:54:06.0374 1456 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 18:54:06.0376 1456 EraserUtilRebootDrv - ok 18:54:06.0406 1456 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:54:06.0407 1456 ErrDev - ok 18:54:06.0434 1456 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:54:06.0439 1456 EventSystem - ok 18:54:06.0449 1456 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:54:06.0452 1456 exfat - ok 18:54:06.0468 1456 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:54:06.0472 1456 fastfat - ok 18:54:06.0491 1456 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:54:06.0500 1456 Fax - ok 18:54:06.0511 1456 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 18:54:06.0513 1456 fdc - ok 18:54:06.0528 1456 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:54:06.0529 1456 fdPHost - ok 18:54:06.0540 1456 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:54:06.0542 1456 FDResPub - ok 18:54:06.0550 1456 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:54:06.0551 1456 FileInfo - ok 18:54:06.0563 1456 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:54:06.0565 1456 Filetrace - ok 18:54:06.0591 1456 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 18:54:06.0592 1456 flpydisk - ok 18:54:06.0609 1456 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:54:06.0614 1456 FltMgr - ok 18:54:06.0659 1456 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 18:54:06.0675 1456 FontCache - ok 18:54:06.0719 1456 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:54:06.0720 1456 FontCache3.0.0.0 - ok 18:54:06.0731 1456 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:54:06.0733 1456 FsDepends - ok 18:54:06.0754 1456 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:54:06.0755 1456 Fs_Rec - ok 18:54:06.0776 1456 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:54:06.0779 1456 fvevol - ok 18:54:06.0797 1456 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 18:54:06.0799 1456 gagp30kx - ok 18:54:06.0828 1456 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:54:06.0838 1456 gpsvc - ok 18:54:06.0905 1456 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:54:06.0908 1456 gupdate - ok 18:54:06.0921 1456 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:54:06.0922 1456 gupdatem - ok 18:54:06.0938 1456 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:54:06.0940 1456 hcw85cir - ok 18:54:06.0992 1456 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:54:07.0002 1456 HdAudAddService - ok 18:54:07.0020 1456 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 18:54:07.0022 1456 HDAudBus - ok 18:54:07.0037 1456 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 18:54:07.0038 1456 HidBatt - ok 18:54:07.0050 1456 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 18:54:07.0052 1456 HidBth - ok 18:54:07.0069 1456 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 18:54:07.0071 1456 HidIr - ok 18:54:07.0085 1456 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:54:07.0086 1456 hidserv - ok 18:54:07.0098 1456 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:54:07.0100 1456 HidUsb - ok 18:54:07.0113 1456 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:54:07.0116 1456 hkmsvc - ok 18:54:07.0134 1456 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:54:07.0139 1456 HomeGroupListener - ok 18:54:07.0148 1456 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:54:07.0152 1456 HomeGroupProvider - ok 18:54:07.0170 1456 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:54:07.0172 1456 HpSAMD - ok 18:54:07.0207 1456 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:54:07.0216 1456 HTTP - ok 18:54:07.0232 1456 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:54:07.0233 1456 hwpolicy - ok 18:54:07.0252 1456 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 18:54:07.0254 1456 i8042prt - ok 18:54:07.0269 1456 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys 18:54:07.0273 1456 iaStor - ok 18:54:07.0342 1456 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 18:54:07.0344 1456 IAStorDataMgrSvc - ok 18:54:07.0375 1456 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:54:07.0381 1456 iaStorV - ok 18:54:07.0430 1456 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:54:07.0442 1456 idsvc - ok 18:54:07.0507 1456 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130323.001\IDSvia64.sys 18:54:07.0514 1456 IDSVia64 - ok 18:54:07.0539 1456 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 18:54:07.0540 1456 iirsp - ok 18:54:07.0610 1456 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 18:54:07.0612 1456 IJPLMSVC - ok 18:54:07.0644 1456 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:54:07.0655 1456 IKEEXT - ok 18:54:07.0727 1456 [ 3E49DAC8EEFA6016AA2A6331BEC866AE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 18:54:07.0776 1456 IntcAzAudAddService - ok 18:54:07.0830 1456 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:54:07.0832 1456 intelide - ok 18:54:07.0864 1456 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:54:07.0866 1456 intelppm - ok 18:54:07.0882 1456 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:54:07.0884 1456 IPBusEnum - ok 18:54:07.0895 1456 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:54:07.0897 1456 IpFilterDriver - ok 18:54:07.0928 1456 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:54:07.0936 1456 iphlpsvc - ok 18:54:07.0962 1456 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:54:07.0964 1456 IPMIDRV - ok 18:54:07.0969 1456 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:54:07.0972 1456 IPNAT - ok 18:54:07.0984 1456 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:54:07.0986 1456 IRENUM - ok 18:54:08.0004 1456 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:54:08.0005 1456 isapnp - ok 18:54:08.0025 1456 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:54:08.0029 1456 iScsiPrt - ok 18:54:08.0055 1456 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:54:08.0056 1456 kbdclass - ok 18:54:08.0068 1456 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 18:54:08.0069 1456 kbdhid - ok 18:54:08.0081 1456 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:54:08.0083 1456 KeyIso - ok 18:54:08.0096 1456 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:54:08.0098 1456 KSecDD - ok 18:54:08.0108 1456 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:54:08.0111 1456 KSecPkg - ok 18:54:08.0119 1456 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:54:08.0120 1456 ksthunk - ok 18:54:08.0135 1456 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:54:08.0140 1456 KtmRm - ok 18:54:08.0161 1456 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:54:08.0166 1456 LanmanServer - ok 18:54:08.0181 1456 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:54:08.0185 1456 LanmanWorkstation - ok 18:54:08.0208 1456 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:54:08.0210 1456 lltdio - ok 18:54:08.0230 1456 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:54:08.0235 1456 lltdsvc - ok 18:54:08.0244 1456 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:54:08.0245 1456 lmhosts - ok 18:54:08.0284 1456 [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 18:54:08.0288 1456 LMS - ok 18:54:08.0310 1456 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 18:54:08.0313 1456 LSI_FC - ok 18:54:08.0329 1456 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 18:54:08.0331 1456 LSI_SAS - ok 18:54:08.0339 1456 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 18:54:08.0341 1456 LSI_SAS2 - ok 18:54:08.0351 1456 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 18:54:08.0353 1456 LSI_SCSI - ok 18:54:08.0365 1456 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:54:08.0367 1456 luafv - ok 18:54:08.0385 1456 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:54:08.0387 1456 Mcx2Svc - ok 18:54:08.0402 1456 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 18:54:08.0404 1456 megasas - ok 18:54:08.0426 1456 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 18:54:08.0430 1456 MegaSR - ok 18:54:08.0447 1456 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 18:54:08.0449 1456 MEIx64 - ok 18:54:08.0465 1456 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:54:08.0467 1456 MMCSS - ok 18:54:08.0476 1456 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:54:08.0477 1456 Modem - ok 18:54:08.0490 1456 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:54:08.0491 1456 monitor - ok 18:54:08.0510 1456 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:54:08.0511 1456 mouclass - ok 18:54:08.0525 1456 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:54:08.0526 1456 mouhid - ok 18:54:08.0554 1456 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:54:08.0556 1456 mountmgr - ok 18:54:08.0607 1456 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:54:08.0610 1456 MozillaMaintenance - ok 18:54:08.0630 1456 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:54:08.0634 1456 mpio - ok 18:54:08.0653 1456 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:54:08.0655 1456 mpsdrv - ok 18:54:08.0684 1456 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:54:08.0695 1456 MpsSvc - ok 18:54:08.0708 1456 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:54:08.0711 1456 MRxDAV - ok 18:54:08.0743 1456 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:54:08.0746 1456 mrxsmb - ok 18:54:08.0782 1456 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:54:08.0788 1456 mrxsmb10 - ok 18:54:08.0803 1456 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:54:08.0805 1456 mrxsmb20 - ok 18:54:08.0818 1456 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:54:08.0819 1456 msahci - ok 18:54:08.0836 1456 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:54:08.0839 1456 msdsm - ok 18:54:08.0853 1456 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:54:08.0857 1456 MSDTC - ok 18:54:08.0879 1456 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:54:08.0881 1456 Msfs - ok 18:54:08.0894 1456 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:54:08.0895 1456 mshidkmdf - ok 18:54:08.0899 1456 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:54:08.0901 1456 msisadrv - ok 18:54:08.0922 1456 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:54:08.0926 1456 MSiSCSI - ok 18:54:08.0930 1456 msiserver - ok 18:54:08.0954 1456 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:54:08.0956 1456 MSKSSRV - ok 18:54:08.0971 1456 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:54:08.0973 1456 MSPCLOCK - ok 18:54:08.0987 1456 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:54:08.0988 1456 MSPQM - ok 18:54:09.0008 1456 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:54:09.0013 1456 MsRPC - ok 18:54:09.0039 1456 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 18:54:09.0040 1456 mssmbios - ok 18:54:09.0047 1456 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:54:09.0048 1456 MSTEE - ok 18:54:09.0063 1456 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 18:54:09.0065 1456 MTConfig - ok 18:54:09.0078 1456 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:54:09.0080 1456 Mup - ok 18:54:09.0222 1456 [ 241BD3019FB31E812A51B31B06906335 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe 18:54:09.0224 1456 N360 - ok 18:54:09.0248 1456 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:54:09.0255 1456 napagent - ok 18:54:09.0286 1456 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:54:09.0291 1456 NativeWifiP - ok 18:54:09.0363 1456 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130325.024\ENG64.SYS 18:54:09.0365 1456 NAVENG - ok 18:54:09.0418 1456 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130325.024\EX64.SYS 18:54:09.0456 1456 NAVEX15 - ok 18:54:09.0495 1456 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:54:09.0504 1456 NDIS - ok 18:54:09.0515 1456 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:54:09.0516 1456 NdisCap - ok 18:54:09.0528 1456 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:54:09.0529 1456 NdisTapi - ok 18:54:09.0538 1456 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:54:09.0539 1456 Ndisuio - ok 18:54:09.0549 1456 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:54:09.0551 1456 NdisWan - ok 18:54:09.0568 1456 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:54:09.0569 1456 NDProxy - ok 18:54:09.0574 1456 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:54:09.0575 1456 NetBIOS - ok 18:54:09.0590 1456 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:54:09.0593 1456 NetBT - ok 18:54:09.0618 1456 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:54:09.0619 1456 Netlogon - ok 18:54:09.0637 1456 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:54:09.0642 1456 Netman - ok 18:54:09.0658 1456 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:54:09.0663 1456 netprofm - ok 18:54:09.0688 1456 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:54:09.0690 1456 NetTcpPortSharing - ok 18:54:09.0721 1456 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 18:54:09.0722 1456 nfrd960 - ok 18:54:09.0737 1456 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:54:09.0741 1456 NlaSvc - ok 18:54:09.0749 1456 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:54:09.0750 1456 Npfs - ok 18:54:09.0755 1456 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:54:09.0757 1456 nsi - ok 18:54:09.0767 1456 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:54:09.0768 1456 nsiproxy - ok 18:54:09.0816 1456 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:54:09.0854 1456 Ntfs - ok 18:54:09.0895 1456 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:54:09.0896 1456 Null - ok 18:54:10.0069 1456 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 18:54:10.0220 1456 nvlddmkm - ok 18:54:10.0248 1456 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:54:10.0250 1456 nvraid - ok 18:54:10.0266 1456 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:54:10.0268 1456 nvstor - ok 18:54:10.0288 1456 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:54:10.0290 1456 nv_agp - ok 18:54:10.0306 1456 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:54:10.0307 1456 ohci1394 - ok 18:54:10.0336 1456 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:54:10.0339 1456 ose - ok 18:54:10.0466 1456 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:54:10.0555 1456 osppsvc - ok 18:54:10.0576 1456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:54:10.0580 1456 p2pimsvc - ok 18:54:10.0596 1456 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:54:10.0601 1456 p2psvc - ok 18:54:10.0616 1456 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 18:54:10.0618 1456 Parport - ok 18:54:10.0629 1456 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:54:10.0630 1456 partmgr - ok 18:54:10.0644 1456 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:54:10.0647 1456 PcaSvc - ok 18:54:10.0677 1456 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:54:10.0680 1456 pci - ok 18:54:10.0692 1456 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:54:10.0694 1456 pciide - ok 18:54:10.0707 1456 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 18:54:10.0710 1456 pcmcia - ok 18:54:10.0723 1456 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:54:10.0724 1456 pcw - ok 18:54:10.0743 1456 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:54:10.0750 1456 PEAUTH - ok 18:54:10.0825 1456 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:54:10.0828 1456 PerfHost - ok 18:54:10.0867 1456 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:54:10.0890 1456 pla - ok 18:54:10.0931 1456 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:54:10.0937 1456 PlugPlay - ok 18:54:10.0952 1456 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:54:10.0955 1456 PNRPAutoReg - ok 18:54:10.0973 1456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:54:10.0977 1456 PNRPsvc - ok 18:54:10.0993 1456 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:54:11.0000 1456 PolicyAgent - ok 18:54:11.0020 1456 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:54:11.0024 1456 Power - ok 18:54:11.0035 1456 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:54:11.0037 1456 PptpMiniport - ok 18:54:11.0049 1456 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 18:54:11.0050 1456 Processor - ok 18:54:11.0075 1456 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:54:11.0079 1456 ProfSvc - ok 18:54:11.0094 1456 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:54:11.0096 1456 ProtectedStorage - ok 18:54:11.0105 1456 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:54:11.0108 1456 Psched - ok 18:54:11.0162 1456 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 18:54:11.0165 1456 PSI_SVC_2 - ok 18:54:11.0212 1456 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 18:54:11.0235 1456 ql2300 - ok 18:54:11.0260 1456 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 18:54:11.0263 1456 ql40xx - ok 18:54:11.0278 1456 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:54:11.0283 1456 QWAVE - ok 18:54:11.0301 1456 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:54:11.0303 1456 QWAVEdrv - ok 18:54:11.0318 1456 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:54:11.0319 1456 RasAcd - ok 18:54:11.0332 1456 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:54:11.0333 1456 RasAgileVpn - ok 18:54:11.0351 1456 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:54:11.0354 1456 RasAuto - ok 18:54:11.0374 1456 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:54:11.0377 1456 Rasl2tp - ok 18:54:11.0402 1456 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:54:11.0408 1456 RasMan - ok 18:54:11.0419 1456 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:54:11.0421 1456 RasPppoe - ok 18:54:11.0432 1456 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:54:11.0434 1456 RasSstp - ok 18:54:11.0449 1456 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:54:11.0454 1456 rdbss - ok 18:54:11.0471 1456 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 18:54:11.0473 1456 rdpbus - ok 18:54:11.0486 1456 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:54:11.0487 1456 RDPCDD - ok 18:54:11.0509 1456 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:54:11.0510 1456 RDPENCDD - ok 18:54:11.0525 1456 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:54:11.0526 1456 RDPREFMP - ok 18:54:11.0551 1456 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:54:11.0554 1456 RDPWD - ok 18:54:11.0571 1456 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:54:11.0575 1456 rdyboost - ok 18:54:11.0590 1456 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:54:11.0593 1456 RemoteAccess - ok 18:54:11.0605 1456 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:54:11.0609 1456 RemoteRegistry - ok 18:54:11.0623 1456 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:54:11.0626 1456 RpcEptMapper - ok 18:54:11.0640 1456 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:54:11.0642 1456 RpcLocator - ok 18:54:11.0661 1456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:54:11.0666 1456 RpcSs - ok 18:54:11.0685 1456 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:54:11.0687 1456 rspndr - ok 18:54:11.0726 1456 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 18:54:11.0732 1456 RTL8167 - ok 18:54:11.0781 1456 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys 18:54:11.0791 1456 RTL8192su - ok 18:54:11.0795 1456 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:54:11.0796 1456 SamSs - ok 18:54:11.0826 1456 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:54:11.0829 1456 sbp2port - ok 18:54:11.0841 1456 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:54:11.0845 1456 SCardSvr - ok 18:54:11.0865 1456 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:54:11.0867 1456 scfilter - ok 18:54:11.0892 1456 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:54:11.0909 1456 Schedule - ok 18:54:11.0928 1456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:54:11.0929 1456 SCPolicySvc - ok 18:54:11.0947 1456 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:54:11.0951 1456 SDRSVC - ok 18:54:11.0967 1456 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:54:11.0968 1456 secdrv - ok 18:54:11.0976 1456 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:54:11.0979 1456 seclogon - ok 18:54:11.0983 1456 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:54:11.0986 1456 SENS - ok 18:54:12.0006 1456 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:54:12.0008 1456 SensrSvc - ok 18:54:12.0030 1456 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 18:54:12.0031 1456 Serenum - ok 18:54:12.0040 1456 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 18:54:12.0043 1456 Serial - ok 18:54:12.0060 1456 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 18:54:12.0061 1456 sermouse - ok 18:54:12.0080 1456 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:54:12.0084 1456 SessionEnv - ok 18:54:12.0093 1456 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:54:12.0094 1456 sffdisk - ok 18:54:12.0111 1456 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:54:12.0112 1456 sffp_mmc - ok 18:54:12.0128 1456 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:54:12.0129 1456 sffp_sd - ok 18:54:12.0144 1456 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 18:54:12.0145 1456 sfloppy - ok 18:54:12.0186 1456 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 18:54:12.0195 1456 Sftfs - ok 18:54:12.0244 1456 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 18:54:12.0250 1456 sftlist - ok 18:54:12.0262 1456 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 18:54:12.0266 1456 Sftplay - ok 18:54:12.0281 1456 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 18:54:12.0282 1456 Sftredir - ok 18:54:12.0286 1456 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 18:54:12.0288 1456 Sftvol - ok 18:54:12.0307 1456 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 18:54:12.0310 1456 sftvsa - ok 18:54:12.0335 1456 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:54:12.0341 1456 SharedAccess - ok 18:54:12.0361 1456 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:54:12.0368 1456 ShellHWDetection - ok 18:54:12.0394 1456 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 18:54:12.0395 1456 SiSRaid2 - ok 18:54:12.0411 1456 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 18:54:12.0413 1456 SiSRaid4 - ok 18:54:12.0478 1456 [ 544788D536087DAF32B846F10D8392F5 ] SLEE_17_DRIVER C:\Windows\Sleen1764.sys 18:54:12.0480 1456 SLEE_17_DRIVER - ok 18:54:12.0505 1456 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:54:12.0507 1456 Smb - ok 18:54:12.0522 1456 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:54:12.0524 1456 SNMPTRAP - ok 18:54:12.0539 1456 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:54:12.0540 1456 spldr - ok 18:54:12.0568 1456 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 18:54:12.0576 1456 Spooler - ok 18:54:12.0648 1456 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:54:12.0710 1456 sppsvc - ok 18:54:12.0729 1456 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:54:12.0731 1456 sppuinotify - ok 18:54:12.0827 1456 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\System32\Drivers\N360x64\1403000.024\SRTSP64.SYS 18:54:12.0836 1456 SRTSP - ok 18:54:12.0850 1456 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS 18:54:12.0851 1456 SRTSPX - ok 18:54:12.0879 1456 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:54:12.0885 1456 srv - ok 18:54:12.0903 1456 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:54:12.0909 1456 srv2 - ok 18:54:12.0920 1456 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:54:12.0923 1456 srvnet - ok 18:54:12.0939 1456 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys 18:54:12.0942 1456 ssadbus - ok 18:54:12.0978 1456 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys 18:54:12.0979 1456 ssadmdfl - ok 18:54:12.0996 1456 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys 18:54:12.0999 1456 ssadmdm - ok 18:54:13.0030 1456 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys 18:54:13.0032 1456 ssadserd - ok 18:54:13.0062 1456 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys 18:54:13.0065 1456 sscdbus - ok 18:54:13.0075 1456 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys 18:54:13.0076 1456 sscdmdfl - ok 18:54:13.0096 1456 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys 18:54:13.0100 1456 sscdmdm - ok 18:54:13.0118 1456 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:54:13.0122 1456 SSDPSRV - ok 18:54:13.0135 1456 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:54:13.0138 1456 SstpSvc - ok 18:54:13.0157 1456 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 18:54:13.0158 1456 stexstor - ok 18:54:13.0181 1456 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:54:13.0189 1456 stisvc - ok 18:54:13.0202 1456 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 18:54:13.0203 1456 swenum - ok 18:54:13.0223 1456 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:54:13.0230 1456 swprv - ok 18:54:13.0250 1456 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\N360x64\1403000.024\SYMDS64.SYS 18:54:13.0256 1456 SymDS - ok 18:54:13.0299 1456 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS 18:54:13.0312 1456 SymEFA - ok 18:54:13.0349 1456 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 18:54:13.0352 1456 SymEvent - ok 18:54:13.0382 1456 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS 18:54:13.0385 1456 SymIRON - ok 18:54:13.0407 1456 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1403000.024\SYMNETS.SYS 18:54:13.0413 1456 SymNetS - ok 18:54:13.0456 1456 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:54:13.0492 1456 SysMain - ok 18:54:13.0508 1456 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:54:13.0511 1456 TabletInputService - ok 18:54:13.0525 1456 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:54:13.0530 1456 TapiSrv - ok 18:54:13.0543 1456 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:54:13.0546 1456 TBS - ok 18:54:13.0603 1456 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:54:13.0640 1456 Tcpip - ok 18:54:13.0669 1456 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:54:13.0678 1456 TCPIP6 - ok 18:54:13.0707 1456 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:54:13.0709 1456 tcpipreg - ok 18:54:13.0728 1456 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:54:13.0729 1456 TDPIPE - ok 18:54:13.0762 1456 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:54:13.0763 1456 TDTCP - ok 18:54:13.0780 1456 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:54:13.0782 1456 tdx - ok 18:54:13.0858 1456 [ CB2BAE47B5B74BF8185C1F9FB01EAA4E ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe 18:54:13.0906 1456 TeamViewer6 - ok 18:54:13.0950 1456 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 18:54:13.0952 1456 TermDD - ok 18:54:13.0978 1456 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:54:13.0988 1456 TermService - ok 18:54:14.0005 1456 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:54:14.0008 1456 Themes - ok 18:54:14.0022 1456 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:54:14.0024 1456 THREADORDER - ok 18:54:14.0050 1456 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe 18:54:14.0052 1456 TomTomHOMEService - ok 18:54:14.0067 1456 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:54:14.0070 1456 TrkWks - ok 18:54:14.0113 1456 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:54:14.0116 1456 TrustedInstaller - ok 18:54:14.0126 1456 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:54:14.0128 1456 tssecsrv - ok 18:54:14.0136 1456 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:54:14.0138 1456 TsUsbFlt - ok 18:54:14.0147 1456 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 18:54:14.0148 1456 TsUsbGD - ok 18:54:14.0159 1456 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:54:14.0162 1456 tunnel - ok 18:54:14.0172 1456 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 18:54:14.0174 1456 uagp35 - ok 18:54:14.0190 1456 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:54:14.0195 1456 udfs - ok 18:54:14.0214 1456 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:54:14.0216 1456 UI0Detect - ok 18:54:14.0232 1456 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:54:14.0234 1456 uliagpkx - ok 18:54:14.0251 1456 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:54:14.0253 1456 umbus - ok 18:54:14.0275 1456 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 18:54:14.0277 1456 UmPass - ok 18:54:14.0378 1456 [ FC43877B4625F6EB773C98233EB625C5 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 18:54:14.0421 1456 UNS - ok 18:54:14.0439 1456 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:54:14.0443 1456 upnphost - ok 18:54:14.0472 1456 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:54:14.0473 1456 usbccgp - ok 18:54:14.0483 1456 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:54:14.0485 1456 usbcir - ok 18:54:14.0504 1456 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 18:54:14.0506 1456 usbehci - ok 18:54:14.0523 1456 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:54:14.0528 1456 usbhub - ok 18:54:14.0544 1456 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:54:14.0545 1456 usbohci - ok 18:54:14.0567 1456 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:54:14.0569 1456 usbprint - ok 18:54:14.0602 1456 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 18:54:14.0604 1456 usbscan - ok 18:54:14.0619 1456 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:54:14.0621 1456 USBSTOR - ok 18:54:14.0637 1456 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:54:14.0639 1456 usbuhci - ok 18:54:14.0683 1456 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 18:54:14.0686 1456 usbvideo - ok 18:54:14.0712 1456 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys 18:54:14.0713 1456 usb_rndisx - ok 18:54:14.0720 1456 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:54:14.0723 1456 UxSms - ok 18:54:14.0730 1456 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:54:14.0731 1456 VaultSvc - ok 18:54:14.0743 1456 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:54:14.0745 1456 vdrvroot - ok 18:54:14.0764 1456 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:54:14.0772 1456 vds - ok 18:54:14.0798 1456 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:54:14.0800 1456 vga - ok 18:54:14.0803 1456 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:54:14.0805 1456 VgaSave - ok 18:54:14.0820 1456 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:54:14.0823 1456 vhdmp - ok 18:54:14.0845 1456 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:54:14.0846 1456 viaide - ok 18:54:14.0855 1456 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:54:14.0857 1456 volmgr - ok 18:54:14.0872 1456 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:54:14.0877 1456 volmgrx - ok 18:54:14.0893 1456 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:54:14.0897 1456 volsnap - ok 18:54:14.0923 1456 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 18:54:14.0925 1456 vsmraid - ok 18:54:14.0962 1456 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:54:14.0998 1456 VSS - ok 18:54:15.0014 1456 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:54:15.0015 1456 vwifibus - ok 18:54:15.0043 1456 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:54:15.0045 1456 vwififlt - ok 18:54:15.0049 1456 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 18:54:15.0050 1456 vwifimp - ok 18:54:15.0065 1456 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:54:15.0071 1456 W32Time - ok 18:54:15.0090 1456 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 18:54:15.0091 1456 WacomPen - ok 18:54:15.0100 1456 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:54:15.0102 1456 WANARP - ok 18:54:15.0104 1456 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:54:15.0105 1456 Wanarpv6 - ok 18:54:15.0139 1456 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:54:15.0153 1456 wbengine - ok 18:54:15.0167 1456 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:54:15.0170 1456 WbioSrvc - ok 18:54:15.0193 1456 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:54:15.0197 1456 wcncsvc - ok 18:54:15.0207 1456 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:54:15.0209 1456 WcsPlugInService - ok 18:54:15.0215 1456 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 18:54:15.0215 1456 Wd - ok 18:54:15.0244 1456 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:54:15.0251 1456 Wdf01000 - ok 18:54:15.0263 1456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:54:15.0265 1456 WdiServiceHost - ok 18:54:15.0267 1456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:54:15.0269 1456 WdiSystemHost - ok 18:54:15.0282 1456 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:54:15.0286 1456 WebClient - ok 18:54:15.0296 1456 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:54:15.0300 1456 Wecsvc - ok 18:54:15.0317 1456 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:54:15.0319 1456 wercplsupport - ok 18:54:15.0335 1456 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:54:15.0337 1456 WerSvc - ok 18:54:15.0344 1456 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:54:15.0345 1456 WfpLwf - ok 18:54:15.0356 1456 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:54:15.0357 1456 WIMMount - ok 18:54:15.0376 1456 WinDefend - ok 18:54:15.0379 1456 WinHttpAutoProxySvc - ok 18:54:15.0414 1456 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:54:15.0418 1456 Winmgmt - ok 18:54:15.0465 1456 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:54:15.0502 1456 WinRM - ok 18:54:15.0530 1456 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:54:15.0542 1456 Wlansvc - ok 18:54:15.0599 1456 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 18:54:15.0602 1456 wlcrasvc - ok 18:54:15.0673 1456 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:54:15.0722 1456 wlidsvc - ok 18:54:15.0750 1456 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:54:15.0754 1456 WmiAcpi - ok 18:54:15.0769 1456 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:54:15.0773 1456 wmiApSrv - ok 18:54:15.0777 1456 WMPNetworkSvc - ok 18:54:15.0796 1456 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:54:15.0798 1456 WPCSvc - ok 18:54:15.0818 1456 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:54:15.0821 1456 WPDBusEnum - ok 18:54:15.0840 1456 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:54:15.0841 1456 ws2ifsl - ok 18:54:15.0855 1456 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 18:54:15.0859 1456 wscsvc - ok 18:54:15.0862 1456 WSearch - ok 18:54:15.0890 1456 [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys 18:54:15.0893 1456 wsvd - ok 18:54:15.0953 1456 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:54:16.0003 1456 wuauserv - ok 18:54:16.0036 1456 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:54:16.0037 1456 WudfPf - ok 18:54:16.0061 1456 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:54:16.0064 1456 WUDFRd - ok 18:54:16.0089 1456 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:54:16.0092 1456 wudfsvc - ok 18:54:16.0109 1456 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:54:16.0114 1456 WwanSvc - ok 18:54:16.0146 1456 ================ Scan global =============================== 18:54:16.0171 1456 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:54:16.0192 1456 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 18:54:16.0200 1456 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 18:54:16.0219 1456 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:54:16.0236 1456 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:54:16.0241 1456 [Global] - ok 18:54:16.0242 1456 ================ Scan MBR ================================== 18:54:16.0262 1456 [ 5D949EEA3BEEC2DF38A2D7900AD89A60 ] \Device\Harddisk0\DR0 18:54:17.0903 1456 \Device\Harddisk0\DR0 - ok 18:54:17.0904 1456 ================ Scan VBR ================================== 18:54:17.0905 1456 [ ED705AB412008FFB3D967C026FA11FD4 ] \Device\Harddisk0\DR0\Partition1 18:54:17.0906 1456 \Device\Harddisk0\DR0\Partition1 - ok 18:54:17.0908 1456 [ 3F8243C55A3DDA5A2458CC2BA80E2F88 ] \Device\Harddisk0\DR0\Partition2 18:54:17.0909 1456 \Device\Harddisk0\DR0\Partition2 - ok 18:54:17.0931 1456 [ 6E7648A582ADBAFFA149E369159A07D4 ] \Device\Harddisk0\DR0\Partition3 18:54:17.0933 1456 \Device\Harddisk0\DR0\Partition3 - ok 18:54:17.0933 1456 ============================================================ 18:54:17.0933 1456 Scan finished 18:54:17.0933 1456 ============================================================ 18:54:17.0939 3580 Detected object count: 0 18:54:17.0939 3580 Actual detected object count: 0 So und hier sind die anderen Logs::: aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-03-26 18:28:24 ----------------------------- 18:28:24.779 OS Version: Windows x64 6.1.7601 Service Pack 1 18:28:24.779 Number of processors: 4 586 0x2A07 18:28:24.780 ComputerName: JUERGEN-PC UserName: Juergen 18:28:26.958 Initialize success 18:32:18.338 AVAST engine defs: 13032600 18:32:44.790 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:32:44.792 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3 18:32:44.914 Disk 0 MBR read successfully 18:32:44.917 Disk 0 MBR scan 18:32:44.922 Disk 0 unknown MBR code 18:32:44.925 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 18:32:44.933 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1388713 MB offset 206848 18:32:44.976 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 2844291072 18:32:44.990 Disk 0 Partition 4 00 12 Compaq diag NTFS 1024 MB offset 2928177152 18:32:45.024 Disk 0 scanning C:\Windows\system32\drivers 18:32:52.946 Service scanning 18:33:09.030 Modules scanning 18:33:09.038 Disk 0 trace - called modules: 18:33:09.057 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 18:33:09.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006607060] 18:33:09.067 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048b5050] 18:33:11.997 AVAST engine scan C:\Windows 18:33:14.888 AVAST engine scan C:\Windows\system32 18:35:27.496 AVAST engine scan C:\Windows\system32\drivers 18:35:39.398 AVAST engine scan C:\Users\Juergen 18:39:53.719 AVAST engine scan C:\ProgramData 18:42:56.412 Scan finished successfully 18:45:01.265 Disk 0 MBR has been saved successfully to "C:\Users\Juergen\Desktop\MBR.dat" 18:45:01.271 The log file has been saved successfully to "C:\Users\Juergen\Desktop\aswMBR.txt" Geändert von boesel (26.03.2013 um 19:10 Uhr) |
|
26.03.2013, 22:47
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC verschickt e-mailsZitat:
CODE-Tags wendet man wie folgt an: Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Mein PC verschickt e-mails |
| adresse, andere, anderen, angemeldet, anzeige, e-mail, express, falsche, folge, gen, gmx.de, infiziert, inhalt, message, microsoft, namen, nemesis, neu, nötig, outlook, passwort, pcs, qmail, rechner, scan, unbekannt, verschickt, verschickt e-mails, wirklich |
Linear-Darstellung
