Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Startpins Suchmaschine anstatt Google

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.02.2013, 14:27   #1
C.G.M.
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Hallo zusammen!

Habe das Problem, dass bei mir wenn ich oben in die Suche bzw. Internetadresszeile einen Suchbegriff eingebe Startins anstatt Google als Suchmaschine verwendet wird.
Da diese Startpins-Maschine erstens nur mässige Ergebnisse liefert und mir zweitens eh auf den **** geht, möchte ich diese entfernen.

Zusätzlich wäre ich froh wenn ich meinen Rechner einem "allgemeinen Check" bezüglich Viren etc. unterziehen könnte. Dazu bin ich gern bereit weitere Schritte bzw. Anweisungen zu befolgen!

Ich hoffe jemand kann mir helfen! Leider bin ich total unwissend, was die Thematik etc. angeht, jedoch bin ich sehr lernfähig und gewillt das Problem zu lösen. Ich hoffe ihr habt dafür Verständnis!



Im Anhang die geforderten Files!

Alt 14.02.2013, 11:26   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________

__________________

Alt 15.02.2013, 11:52   #3
C.G.M.
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Danke für deine Antwort mit Anleitung!

Hier die Ergebnisse:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.15.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx [administrator]

15.02.2013 11:53:02
mbar-log-2013-02-15 (11-53-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29793
Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-15 12:53:08
-----------------------------
12:53:08.250    OS Version: Windows x64 6.1.7601 Service Pack 1
12:53:08.250    Number of processors: 4 586 0x2502
12:53:08.250    ComputerName: xxx  UserName: 
12:53:10.450    Initialize success
12:53:10.528    AVAST engine defs: 13021500
12:53:20.449    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:53:20.465    Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 8
12:53:20.465    Disk 0 MBR read successfully
12:53:20.481    Disk 0 MBR scan
12:53:20.481    Disk 0 unknown MBR code
12:53:20.496    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
12:53:20.512    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       940661 MB offset 206848
12:53:20.559    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13106 MB offset 1926680576
12:53:20.605    Disk 0 scanning C:\Windows\system32\drivers
12:53:26.814    Service scanning
12:53:40.402    Modules scanning
12:53:40.402    Disk 0 trace - called modules:
12:53:40.417    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
12:53:40.433    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049e5060]
12:53:40.433    3 CLASSPNP.SYS[fffff8800119143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046b8050]
12:53:42.305    AVAST engine scan C:\Windows
12:53:45.612    AVAST engine scan C:\Windows\system32
12:55:29.885    AVAST engine scan C:\Windows\system32\drivers
12:55:39.276    AVAST engine scan C:\Users\xxx
13:00:07.566    AVAST engine scan C:\ProgramData
13:02:11.869    Scan finished successfully
13:03:12.694    Disk 0 MBR has been saved successfully to "C:\Users\xxx\Desktop\MBR.dat"
13:03:12.694    The log file has been saved successfully to "C:\Users\xxx\Desktop\aswMBR.txt"
         

Wie geht's weiter?
__________________

Geändert von C.G.M. (15.02.2013 um 12:08 Uhr)

Alt 15.02.2013, 12:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.02.2013, 15:13   #5
C.G.M.
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Es wurden keine infizierten Objekte gefunden.
Ich habe jetzt trotzdem den Report kopiert?!

Code:
ATTFilter
16:10:58.0627 4884  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:10:58.0814 4884  ============================================================
16:10:58.0814 4884  Current date / time: 2013/02/15 16:10:58.0814
16:10:58.0814 4884  SystemInfo:
16:10:58.0814 4884  
16:10:58.0814 4884  OS Version: 6.1.7601 ServicePack: 1.0
16:10:58.0814 4884  Product type: Workstation
16:10:58.0814 4884  ComputerName: xxx
16:10:58.0814 4884  UserName: xxx
16:10:58.0814 4884  Windows directory: C:\Windows
16:10:58.0814 4884  System windows directory: C:\Windows
16:10:58.0814 4884  Running under WOW64
16:10:58.0814 4884  Processor architecture: Intel x64
16:10:58.0814 4884  Number of processors: 4
16:10:58.0814 4884  Page size: 0x1000
16:10:58.0814 4884  Boot type: Normal boot
16:10:58.0814 4884  ============================================================
16:10:59.0376 4884  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:10:59.0392 4884  ============================================================
16:10:59.0392 4884  \Device\Harddisk0\DR0:
16:10:59.0392 4884  MBR partitions:
16:10:59.0392 4884  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:10:59.0392 4884  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72D3A800
16:10:59.0392 4884  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72D6D000, BlocksNum 0x1999000
16:10:59.0392 4884  ============================================================
16:10:59.0423 4884  C: <-> \Device\Harddisk0\DR0\Partition2
16:10:59.0470 4884  D: <-> \Device\Harddisk0\DR0\Partition3
16:10:59.0470 4884  ============================================================
16:10:59.0470 4884  Initialize success
16:10:59.0470 4884  ============================================================
16:11:06.0271 3144  ============================================================
16:11:06.0271 3144  Scan started
16:11:06.0271 3144  Mode: Manual; 
16:11:06.0271 3144  ============================================================
16:11:06.0661 3144  ================ Scan system memory ========================
16:11:06.0661 3144  System memory - ok
16:11:06.0661 3144  ================ Scan services =============================
16:11:06.0911 3144  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:11:06.0911 3144  1394ohci - ok
16:11:06.0942 3144  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:11:06.0958 3144  ACPI - ok
16:11:06.0989 3144  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:11:06.0989 3144  AcpiPmi - ok
16:11:07.0082 3144  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:11:07.0098 3144  AdobeARMservice - ok
16:11:07.0192 3144  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:11:07.0207 3144  AdobeFlashPlayerUpdateSvc - ok
16:11:07.0238 3144  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:11:07.0238 3144  adp94xx - ok
16:11:07.0270 3144  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:11:07.0270 3144  adpahci - ok
16:11:07.0285 3144  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:11:07.0285 3144  adpu320 - ok
16:11:07.0317 3144  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:11:07.0317 3144  AeLookupSvc - ok
16:11:07.0349 3144  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:11:07.0349 3144  AFD - ok
16:11:07.0380 3144  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:11:07.0380 3144  agp440 - ok
16:11:07.0395 3144  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:11:07.0395 3144  ALG - ok
16:11:07.0411 3144  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:11:07.0411 3144  aliide - ok
16:11:07.0427 3144  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:11:07.0427 3144  amdide - ok
16:11:07.0442 3144  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:11:07.0442 3144  AmdK8 - ok
16:11:07.0458 3144  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:11:07.0458 3144  AmdPPM - ok
16:11:07.0473 3144  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:11:07.0473 3144  amdsata - ok
16:11:07.0489 3144  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:11:07.0489 3144  amdsbs - ok
16:11:07.0505 3144  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:11:07.0505 3144  amdxata - ok
16:11:07.0536 3144  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:11:07.0536 3144  AppID - ok
16:11:07.0551 3144  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:11:07.0567 3144  AppIDSvc - ok
16:11:07.0583 3144  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:11:07.0583 3144  Appinfo - ok
16:11:07.0661 3144  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:11:07.0661 3144  Apple Mobile Device - ok
16:11:07.0676 3144  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:11:07.0692 3144  arc - ok
16:11:07.0692 3144  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:11:07.0692 3144  arcsas - ok
16:11:07.0739 3144  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
16:11:07.0739 3144  aswFsBlk - ok
16:11:07.0754 3144  [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
16:11:07.0770 3144  aswKbd - ok
16:11:07.0770 3144  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
16:11:07.0785 3144  aswMonFlt - ok
16:11:07.0801 3144  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
16:11:07.0801 3144  aswRdr - ok
16:11:07.0817 3144  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
16:11:07.0832 3144  aswSnx - ok
16:11:07.0848 3144  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
16:11:07.0863 3144  aswSP - ok
16:11:07.0879 3144  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
16:11:07.0879 3144  aswTdi - ok
16:11:07.0895 3144  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:11:07.0895 3144  AsyncMac - ok
16:11:07.0941 3144  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:11:07.0941 3144  atapi - ok
16:11:07.0988 3144  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:11:07.0988 3144  AudioEndpointBuilder - ok
16:11:08.0004 3144  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:11:08.0019 3144  AudioSrv - ok
16:11:08.0097 3144  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:11:08.0097 3144  avast! Antivirus - ok
16:11:08.0129 3144  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:11:08.0129 3144  AxInstSV - ok
16:11:08.0160 3144  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:11:08.0160 3144  b06bdrv - ok
16:11:08.0191 3144  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:11:08.0191 3144  b57nd60a - ok
16:11:08.0222 3144  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:11:08.0222 3144  BDESVC - ok
16:11:08.0238 3144  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:11:08.0238 3144  Beep - ok
16:11:08.0285 3144  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:11:08.0300 3144  BFE - ok
16:11:08.0316 3144  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:11:08.0331 3144  BITS - ok
16:11:08.0347 3144  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:11:08.0347 3144  blbdrive - ok
16:11:08.0378 3144  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:11:08.0394 3144  Bonjour Service - ok
16:11:08.0409 3144  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:11:08.0409 3144  bowser - ok
16:11:08.0441 3144  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:11:08.0441 3144  BrFiltLo - ok
16:11:08.0456 3144  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:11:08.0456 3144  BrFiltUp - ok
16:11:08.0472 3144  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:11:08.0472 3144  Browser - ok
16:11:08.0487 3144  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:11:08.0487 3144  Brserid - ok
16:11:08.0503 3144  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:11:08.0503 3144  BrSerWdm - ok
16:11:08.0519 3144  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:11:08.0519 3144  BrUsbMdm - ok
16:11:08.0519 3144  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:11:08.0519 3144  BrUsbSer - ok
16:11:08.0519 3144  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:11:08.0519 3144  BTHMODEM - ok
16:11:08.0550 3144  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:11:08.0565 3144  bthserv - ok
16:11:08.0597 3144  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:11:08.0597 3144  cdfs - ok
16:11:08.0643 3144  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:11:08.0643 3144  cdrom - ok
16:11:08.0675 3144  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:11:08.0675 3144  CertPropSvc - ok
16:11:08.0706 3144  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:11:08.0706 3144  circlass - ok
16:11:08.0737 3144  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:11:08.0737 3144  CLFS - ok
16:11:08.0799 3144  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:11:08.0799 3144  clr_optimization_v2.0.50727_32 - ok
16:11:08.0846 3144  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:11:08.0846 3144  clr_optimization_v2.0.50727_64 - ok
16:11:08.0893 3144  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:11:08.0909 3144  clr_optimization_v4.0.30319_32 - ok
16:11:08.0924 3144  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:11:08.0924 3144  clr_optimization_v4.0.30319_64 - ok
16:11:08.0955 3144  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:11:08.0955 3144  CmBatt - ok
16:11:08.0971 3144  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:11:08.0971 3144  cmdide - ok
16:11:09.0002 3144  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:11:09.0002 3144  CNG - ok
16:11:09.0018 3144  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:11:09.0018 3144  Compbatt - ok
16:11:09.0049 3144  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:11:09.0049 3144  CompositeBus - ok
16:11:09.0065 3144  COMSysApp - ok
16:11:09.0080 3144  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:11:09.0080 3144  crcdisk - ok
16:11:09.0096 3144  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:11:09.0111 3144  CryptSvc - ok
16:11:09.0143 3144  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:11:09.0143 3144  DcomLaunch - ok
16:11:09.0158 3144  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:11:09.0174 3144  defragsvc - ok
16:11:09.0205 3144  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:11:09.0205 3144  DfsC - ok
16:11:09.0221 3144  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:11:09.0221 3144  Dhcp - ok
16:11:09.0252 3144  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:11:09.0252 3144  discache - ok
16:11:09.0283 3144  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:11:09.0283 3144  Disk - ok
16:11:09.0314 3144  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:11:09.0314 3144  Dnscache - ok
16:11:09.0345 3144  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:11:09.0345 3144  dot3svc - ok
16:11:09.0377 3144  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:11:09.0377 3144  DPS - ok
16:11:09.0408 3144  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:11:09.0408 3144  drmkaud - ok
16:11:09.0439 3144  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:11:09.0455 3144  DXGKrnl - ok
16:11:09.0486 3144  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:11:09.0486 3144  EapHost - ok
16:11:09.0564 3144  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:11:09.0579 3144  ebdrv - ok
16:11:09.0611 3144  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:11:09.0611 3144  EFS - ok
16:11:09.0657 3144  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:11:09.0673 3144  ehRecvr - ok
16:11:09.0704 3144  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:11:09.0704 3144  ehSched - ok
16:11:09.0735 3144  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:11:09.0735 3144  elxstor - ok
16:11:09.0767 3144  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:11:09.0767 3144  ErrDev - ok
16:11:09.0798 3144  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:11:09.0813 3144  EventSystem - ok
16:11:09.0845 3144  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:11:09.0845 3144  exfat - ok
16:11:09.0860 3144  ezSharedSvc - ok
16:11:09.0876 3144  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:11:09.0876 3144  fastfat - ok
16:11:09.0923 3144  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:11:09.0938 3144  Fax - ok
16:11:09.0938 3144  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:11:09.0938 3144  fdc - ok
16:11:09.0969 3144  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:11:09.0985 3144  fdPHost - ok
16:11:09.0985 3144  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:11:10.0001 3144  FDResPub - ok
16:11:10.0016 3144  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:11:10.0016 3144  FileInfo - ok
16:11:10.0032 3144  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:11:10.0032 3144  Filetrace - ok
16:11:10.0047 3144  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:11:10.0047 3144  flpydisk - ok
16:11:10.0063 3144  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:11:10.0063 3144  FltMgr - ok
16:11:10.0110 3144  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
16:11:10.0125 3144  FontCache - ok
16:11:10.0157 3144  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:11:10.0157 3144  FontCache3.0.0.0 - ok
16:11:10.0172 3144  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:11:10.0172 3144  FsDepends - ok
16:11:10.0188 3144  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:11:10.0203 3144  Fs_Rec - ok
16:11:10.0235 3144  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:11:10.0235 3144  fvevol - ok
16:11:10.0250 3144  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:11:10.0250 3144  gagp30kx - ok
16:11:10.0281 3144  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:11:10.0281 3144  GEARAspiWDM - ok
16:11:10.0328 3144  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:11:10.0344 3144  gpsvc - ok
16:11:10.0359 3144  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:11:10.0359 3144  hcw85cir - ok
16:11:10.0406 3144  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:11:10.0406 3144  HdAudAddService - ok
16:11:10.0422 3144  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:11:10.0422 3144  HDAudBus - ok
16:11:10.0437 3144  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
16:11:10.0437 3144  HECIx64 - ok
16:11:10.0453 3144  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:11:10.0453 3144  HidBatt - ok
16:11:10.0453 3144  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:11:10.0469 3144  HidBth - ok
16:11:10.0500 3144  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:11:10.0500 3144  HidIr - ok
16:11:10.0515 3144  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:11:10.0515 3144  hidserv - ok
16:11:10.0547 3144  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:11:10.0547 3144  HidUsb - ok
16:11:10.0593 3144  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:11:10.0593 3144  hkmsvc - ok
16:11:10.0640 3144  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:11:10.0640 3144  HomeGroupListener - ok
16:11:10.0671 3144  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:11:10.0687 3144  HomeGroupProvider - ok
16:11:10.0734 3144  [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
16:11:10.0734 3144  HP Health Check Service - ok
16:11:10.0765 3144  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:11:10.0765 3144  hpqwmiex - ok
16:11:10.0796 3144  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:11:10.0796 3144  HpSAMD - ok
16:11:10.0827 3144  [ 5A539A3CBD6EC1609D5333B486D5F74C ] HPSIService     C:\Windows\system32\HPSIsvc.exe
16:11:10.0827 3144  HPSIService - ok
16:11:10.0874 3144  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:11:10.0874 3144  HTTP - ok
16:11:10.0905 3144  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:11:10.0905 3144  hwpolicy - ok
16:11:10.0937 3144  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:11:10.0937 3144  i8042prt - ok
16:11:10.0952 3144  [ 85977CD13FC16069CE0AF7943A811775 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:11:10.0952 3144  iaStor - ok
16:11:11.0015 3144  [ F627BC830EE548527966288E4968AAC0 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:11:11.0015 3144  IAStorDataMgrSvc - ok
16:11:11.0061 3144  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:11:11.0061 3144  iaStorV - ok
16:11:11.0093 3144  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:11:11.0108 3144  idsvc - ok
16:11:11.0124 3144  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:11:11.0124 3144  iirsp - ok
16:11:11.0155 3144  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:11:11.0171 3144  IKEEXT - ok
16:11:11.0233 3144  [ 28CEEFBD2C63F91DC17DED3E8D27ECF5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:11:11.0264 3144  IntcAzAudAddService - ok
16:11:11.0280 3144  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:11:11.0280 3144  intelide - ok
16:11:11.0311 3144  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:11:11.0311 3144  intelppm - ok
16:11:11.0342 3144  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:11:11.0342 3144  IPBusEnum - ok
16:11:11.0373 3144  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:11:11.0373 3144  IpFilterDriver - ok
16:11:11.0420 3144  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:11:11.0436 3144  iphlpsvc - ok
16:11:11.0451 3144  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:11:11.0451 3144  IPMIDRV - ok
16:11:11.0483 3144  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:11:11.0483 3144  IPNAT - ok
16:11:11.0529 3144  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:11:11.0529 3144  iPod Service - ok
16:11:11.0561 3144  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:11:11.0561 3144  IRENUM - ok
16:11:11.0576 3144  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:11:11.0576 3144  isapnp - ok
16:11:11.0592 3144  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:11:11.0592 3144  iScsiPrt - ok
16:11:11.0607 3144  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:11:11.0607 3144  kbdclass - ok
16:11:11.0623 3144  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:11:11.0623 3144  kbdhid - ok
16:11:11.0639 3144  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:11:11.0654 3144  KeyIso - ok
16:11:11.0670 3144  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:11:11.0670 3144  KSecDD - ok
16:11:11.0670 3144  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:11:11.0670 3144  KSecPkg - ok
16:11:11.0685 3144  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:11:11.0685 3144  ksthunk - ok
16:11:11.0717 3144  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:11:11.0717 3144  KtmRm - ok
16:11:11.0763 3144  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:11:11.0763 3144  LanmanServer - ok
16:11:11.0795 3144  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:11:11.0810 3144  LanmanWorkstation - ok
16:11:11.0841 3144  [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:11:11.0857 3144  LightScribeService - ok
16:11:11.0888 3144  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:11:11.0888 3144  lltdio - ok
16:11:11.0904 3144  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:11:11.0904 3144  lltdsvc - ok
16:11:11.0919 3144  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:11:11.0919 3144  lmhosts - ok
16:11:11.0951 3144  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:11:11.0951 3144  LSI_FC - ok
16:11:11.0966 3144  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:11:11.0966 3144  LSI_SAS - ok
16:11:11.0982 3144  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:11:11.0982 3144  LSI_SAS2 - ok
16:11:11.0997 3144  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:11:11.0997 3144  LSI_SCSI - ok
16:11:12.0013 3144  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:11:12.0013 3144  luafv - ok
16:11:12.0044 3144  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:11:12.0060 3144  Mcx2Svc - ok
16:11:12.0060 3144  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:11:12.0075 3144  megasas - ok
16:11:12.0075 3144  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:11:12.0091 3144  MegaSR - ok
16:11:12.0107 3144  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:11:12.0107 3144  MMCSS - ok
16:11:12.0122 3144  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:11:12.0122 3144  Modem - ok
16:11:12.0138 3144  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:11:12.0138 3144  monitor - ok
16:11:12.0169 3144  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:11:12.0169 3144  mouclass - ok
16:11:12.0185 3144  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:11:12.0185 3144  mouhid - ok
16:11:12.0216 3144  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:11:12.0216 3144  mountmgr - ok
16:11:12.0278 3144  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:11:12.0278 3144  MozillaMaintenance - ok
16:11:12.0294 3144  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:11:12.0294 3144  mpio - ok
16:11:12.0325 3144  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:11:12.0325 3144  mpsdrv - ok
16:11:12.0356 3144  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:11:12.0372 3144  MpsSvc - ok
16:11:12.0403 3144  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:11:12.0419 3144  MRxDAV - ok
16:11:12.0434 3144  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:11:12.0434 3144  mrxsmb - ok
16:11:12.0465 3144  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:11:12.0465 3144  mrxsmb10 - ok
16:11:12.0481 3144  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:11:12.0481 3144  mrxsmb20 - ok
16:11:12.0497 3144  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:11:12.0497 3144  msahci - ok
16:11:12.0512 3144  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:11:12.0512 3144  msdsm - ok
16:11:12.0528 3144  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:11:12.0543 3144  MSDTC - ok
16:11:12.0575 3144  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:11:12.0575 3144  Msfs - ok
16:11:12.0590 3144  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:11:12.0590 3144  mshidkmdf - ok
16:11:12.0606 3144  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:11:12.0606 3144  msisadrv - ok
16:11:12.0637 3144  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:11:12.0637 3144  MSiSCSI - ok
16:11:12.0653 3144  msiserver - ok
16:11:12.0668 3144  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:11:12.0668 3144  MSKSSRV - ok
16:11:12.0684 3144  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:11:12.0684 3144  MSPCLOCK - ok
16:11:12.0684 3144  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:11:12.0699 3144  MSPQM - ok
16:11:12.0715 3144  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:11:12.0715 3144  MsRPC - ok
16:11:12.0731 3144  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:11:12.0731 3144  mssmbios - ok
16:11:12.0746 3144  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:11:12.0746 3144  MSTEE - ok
16:11:12.0762 3144  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:11:12.0762 3144  MTConfig - ok
16:11:12.0777 3144  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:11:12.0777 3144  Mup - ok
16:11:12.0793 3144  [ 8FA52B6049596FE2FDBC8A5E8B14EBFC ] mvusbews        C:\Windows\system32\Drivers\mvusbews.sys
16:11:12.0793 3144  mvusbews - ok
16:11:12.0824 3144  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:11:12.0824 3144  napagent - ok
16:11:12.0855 3144  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:11:12.0855 3144  NativeWifiP - ok
16:11:12.0902 3144  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:11:12.0902 3144  NDIS - ok
16:11:12.0933 3144  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:11:12.0933 3144  NdisCap - ok
16:11:12.0949 3144  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:11:12.0949 3144  NdisTapi - ok
16:11:12.0980 3144  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:11:12.0980 3144  Ndisuio - ok
16:11:13.0011 3144  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:11:13.0011 3144  NdisWan - ok
16:11:13.0043 3144  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:11:13.0043 3144  NDProxy - ok
16:11:13.0058 3144  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:11:13.0058 3144  NetBIOS - ok
16:11:13.0089 3144  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:11:13.0089 3144  NetBT - ok
16:11:13.0152 3144  [ EA833758BE56A68AABECD50E1DDCF4A3 ] NETGEARGenieDaemon C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
16:11:13.0167 3144  NETGEARGenieDaemon - ok
16:11:13.0183 3144  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:11:13.0183 3144  Netlogon - ok
16:11:13.0199 3144  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:11:13.0199 3144  Netman - ok
16:11:13.0214 3144  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:11:13.0230 3144  netprofm - ok
16:11:13.0245 3144  [ 064AB63C9A588D2611306AE16D017E7E ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
16:11:13.0261 3144  netr28x - ok
16:11:13.0292 3144  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:11:13.0292 3144  NetTcpPortSharing - ok
16:11:13.0308 3144  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:11:13.0308 3144  nfrd960 - ok
16:11:13.0339 3144  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:11:13.0339 3144  NlaSvc - ok
16:11:13.0386 3144  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
16:11:13.0386 3144  NPF - ok
16:11:13.0417 3144  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:11:13.0417 3144  Npfs - ok
16:11:13.0448 3144  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:11:13.0448 3144  nsi - ok
16:11:13.0448 3144  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:11:13.0448 3144  nsiproxy - ok
16:11:13.0511 3144  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:11:13.0526 3144  Ntfs - ok
16:11:13.0526 3144  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:11:13.0542 3144  Null - ok
16:11:13.0557 3144  [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
16:11:13.0557 3144  NVHDA - ok
16:11:13.0760 3144  [ 04A048659B8F77F9151308A690F14E87 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:11:13.0901 3144  nvlddmkm - ok
16:11:13.0916 3144  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:11:13.0916 3144  nvraid - ok
16:11:13.0947 3144  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:11:13.0947 3144  nvstor - ok
16:11:13.0979 3144  [ 35ED605E778509668C08ED15DB96E7CD ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:11:13.0979 3144  nvsvc - ok
16:11:13.0994 3144  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:11:13.0994 3144  nv_agp - ok
16:11:14.0072 3144  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:11:14.0088 3144  odserv - ok
16:11:14.0103 3144  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:11:14.0103 3144  ohci1394 - ok
16:11:14.0135 3144  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:11:14.0135 3144  ose - ok
16:11:14.0150 3144  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:11:14.0166 3144  p2pimsvc - ok
16:11:14.0181 3144  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:11:14.0181 3144  p2psvc - ok
16:11:14.0213 3144  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:11:14.0213 3144  Parport - ok
16:11:14.0228 3144  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:11:14.0228 3144  partmgr - ok
16:11:14.0244 3144  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:11:14.0244 3144  PcaSvc - ok
16:11:14.0275 3144  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:11:14.0275 3144  pci - ok
16:11:14.0291 3144  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:11:14.0291 3144  pciide - ok
16:11:14.0306 3144  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:11:14.0306 3144  pcmcia - ok
16:11:14.0322 3144  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:11:14.0337 3144  pcw - ok
16:11:14.0353 3144  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:11:14.0353 3144  PEAUTH - ok
16:11:14.0431 3144  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:11:14.0431 3144  PerfHost - ok
16:11:14.0493 3144  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:11:14.0493 3144  pla - ok
16:11:14.0540 3144  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:11:14.0540 3144  PlugPlay - ok
16:11:14.0556 3144  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:11:14.0556 3144  PNRPAutoReg - ok
16:11:14.0571 3144  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:11:14.0571 3144  PNRPsvc - ok
16:11:14.0587 3144  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:11:14.0603 3144  PolicyAgent - ok
16:11:14.0618 3144  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:11:14.0618 3144  Power - ok
16:11:14.0649 3144  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:11:14.0649 3144  PptpMiniport - ok
16:11:14.0681 3144  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:11:14.0681 3144  Processor - ok
16:11:14.0712 3144  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:11:14.0712 3144  ProfSvc - ok
16:11:14.0727 3144  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:11:14.0727 3144  ProtectedStorage - ok
16:11:14.0774 3144  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:11:14.0774 3144  Psched - ok
16:11:14.0805 3144  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:11:14.0821 3144  ql2300 - ok
16:11:14.0821 3144  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:11:14.0837 3144  ql40xx - ok
16:11:14.0852 3144  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:11:14.0852 3144  QWAVE - ok
16:11:14.0883 3144  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:11:14.0883 3144  QWAVEdrv - ok
16:11:14.0883 3144  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:11:14.0883 3144  RasAcd - ok
16:11:14.0915 3144  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:11:14.0915 3144  RasAgileVpn - ok
16:11:14.0915 3144  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:11:14.0930 3144  RasAuto - ok
16:11:14.0946 3144  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:11:14.0946 3144  Rasl2tp - ok
16:11:14.0977 3144  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:11:14.0977 3144  RasMan - ok
16:11:14.0977 3144  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:11:14.0977 3144  RasPppoe - ok
16:11:14.0993 3144  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:11:14.0993 3144  RasSstp - ok
16:11:15.0024 3144  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:11:15.0024 3144  rdbss - ok
16:11:15.0039 3144  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:11:15.0039 3144  rdpbus - ok
16:11:15.0055 3144  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:11:15.0055 3144  RDPCDD - ok
16:11:15.0071 3144  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:11:15.0071 3144  RDPENCDD - ok
16:11:15.0086 3144  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:11:15.0086 3144  RDPREFMP - ok
16:11:15.0117 3144  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:11:15.0117 3144  RDPWD - ok
16:11:15.0149 3144  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:11:15.0149 3144  rdyboost - ok
16:11:15.0180 3144  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:11:15.0180 3144  RemoteAccess - ok
16:11:15.0211 3144  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:11:15.0211 3144  RemoteRegistry - ok
16:11:15.0211 3144  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:11:15.0227 3144  RpcEptMapper - ok
16:11:15.0227 3144  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:11:15.0242 3144  RpcLocator - ok
16:11:15.0258 3144  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:11:15.0273 3144  RpcSs - ok
16:11:15.0289 3144  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:11:15.0289 3144  rspndr - ok
16:11:15.0320 3144  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:11:15.0320 3144  RTL8167 - ok
16:11:15.0336 3144  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:11:15.0336 3144  SamSs - ok
16:11:15.0367 3144  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:11:15.0367 3144  sbp2port - ok
16:11:15.0398 3144  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:11:15.0398 3144  SCardSvr - ok
16:11:15.0414 3144  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:11:15.0414 3144  scfilter - ok
16:11:15.0461 3144  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:11:15.0476 3144  Schedule - ok
16:11:15.0507 3144  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:11:15.0507 3144  SCPolicySvc - ok
16:11:15.0523 3144  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:11:15.0523 3144  SDRSVC - ok
16:11:15.0554 3144  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:11:15.0554 3144  secdrv - ok
16:11:15.0570 3144  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:11:15.0570 3144  seclogon - ok
16:11:15.0585 3144  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:11:15.0585 3144  SENS - ok
16:11:15.0601 3144  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:11:15.0601 3144  SensrSvc - ok
16:11:15.0617 3144  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:11:15.0617 3144  Serenum - ok
16:11:15.0632 3144  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:11:15.0632 3144  Serial - ok
16:11:15.0648 3144  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:11:15.0648 3144  sermouse - ok
16:11:15.0679 3144  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:11:15.0679 3144  SessionEnv - ok
16:11:15.0710 3144  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:11:15.0710 3144  sffdisk - ok
16:11:15.0726 3144  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:11:15.0726 3144  sffp_mmc - ok
16:11:15.0726 3144  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:11:15.0726 3144  sffp_sd - ok
16:11:15.0741 3144  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:11:15.0741 3144  sfloppy - ok
16:11:15.0773 3144  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:11:15.0788 3144  SharedAccess - ok
16:11:15.0804 3144  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:11:15.0804 3144  ShellHWDetection - ok
16:11:15.0819 3144  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:11:15.0819 3144  SiSRaid2 - ok
16:11:15.0835 3144  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:11:15.0835 3144  SiSRaid4 - ok
16:11:15.0866 3144  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:11:15.0882 3144  Smb - ok
16:11:15.0913 3144  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:11:15.0913 3144  SNMPTRAP - ok
16:11:15.0929 3144  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:11:15.0929 3144  spldr - ok
16:11:15.0960 3144  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:11:15.0960 3144  Spooler - ok
16:11:16.0038 3144  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:11:16.0069 3144  sppsvc - ok
16:11:16.0069 3144  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:11:16.0069 3144  sppuinotify - ok
16:11:16.0100 3144  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:11:16.0100 3144  srv - ok
16:11:16.0116 3144  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:11:16.0116 3144  srv2 - ok
16:11:16.0131 3144  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:11:16.0131 3144  srvnet - ok
16:11:16.0147 3144  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:11:16.0147 3144  SSDPSRV - ok
16:11:16.0163 3144  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:11:16.0163 3144  SstpSvc - ok
16:11:16.0178 3144  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:11:16.0178 3144  stexstor - ok
16:11:16.0209 3144  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:11:16.0225 3144  stisvc - ok
16:11:16.0241 3144  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:11:16.0241 3144  swenum - ok
16:11:16.0272 3144  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:11:16.0287 3144  swprv - ok
16:11:16.0334 3144  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:11:16.0350 3144  SysMain - ok
16:11:16.0381 3144  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:11:16.0397 3144  TabletInputService - ok
16:11:16.0397 3144  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:11:16.0412 3144  TapiSrv - ok
16:11:16.0412 3144  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:11:16.0428 3144  TBS - ok
16:11:16.0459 3144  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:11:16.0475 3144  Tcpip - ok
16:11:16.0506 3144  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:11:16.0521 3144  TCPIP6 - ok
16:11:16.0537 3144  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:11:16.0537 3144  tcpipreg - ok
16:11:16.0553 3144  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:11:16.0553 3144  TDPIPE - ok
16:11:16.0568 3144  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:11:16.0568 3144  TDTCP - ok
16:11:16.0599 3144  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:11:16.0599 3144  tdx - ok
16:11:16.0615 3144  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:11:16.0615 3144  TermDD - ok
16:11:16.0646 3144  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:11:16.0662 3144  TermService - ok
16:11:16.0677 3144  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:11:16.0677 3144  Themes - ok
16:11:16.0693 3144  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:11:16.0693 3144  THREADORDER - ok
16:11:16.0709 3144  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:11:16.0709 3144  TrkWks - ok
16:11:16.0755 3144  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:11:16.0771 3144  TrustedInstaller - ok
16:11:16.0787 3144  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:11:16.0787 3144  tssecsrv - ok
16:11:16.0818 3144  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:11:16.0818 3144  TsUsbFlt - ok
16:11:16.0865 3144  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:11:16.0865 3144  tunnel - ok
16:11:16.0880 3144  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:11:16.0880 3144  uagp35 - ok
16:11:16.0911 3144  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:11:16.0911 3144  udfs - ok
16:11:16.0927 3144  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:11:16.0943 3144  UI0Detect - ok
16:11:16.0943 3144  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:11:16.0943 3144  uliagpkx - ok
16:11:16.0974 3144  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
16:11:16.0974 3144  umbus - ok
16:11:16.0974 3144  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:11:16.0989 3144  UmPass - ok
16:11:17.0005 3144  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:11:17.0005 3144  upnphost - ok
16:11:17.0052 3144  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:11:17.0052 3144  USBAAPL64 - ok
16:11:17.0067 3144  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:11:17.0067 3144  usbccgp - ok
16:11:17.0083 3144  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:11:17.0083 3144  usbcir - ok
16:11:17.0099 3144  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:11:17.0099 3144  usbehci - ok
16:11:17.0114 3144  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:11:17.0130 3144  usbhub - ok
16:11:17.0130 3144  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:11:17.0145 3144  usbohci - ok
16:11:17.0161 3144  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:11:17.0161 3144  usbprint - ok
16:11:17.0177 3144  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:11:17.0177 3144  USBSTOR - ok
16:11:17.0192 3144  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:11:17.0192 3144  usbuhci - ok
16:11:17.0192 3144  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:11:17.0208 3144  UxSms - ok
16:11:17.0208 3144  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:11:17.0208 3144  VaultSvc - ok
16:11:17.0239 3144  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:11:17.0239 3144  vdrvroot - ok
16:11:17.0286 3144  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:11:17.0286 3144  vds - ok
16:11:17.0301 3144  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:11:17.0301 3144  vga - ok
16:11:17.0317 3144  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:11:17.0317 3144  VgaSave - ok
16:11:17.0348 3144  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:11:17.0348 3144  vhdmp - ok
16:11:17.0364 3144  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:11:17.0364 3144  viaide - ok
16:11:17.0379 3144  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:11:17.0379 3144  volmgr - ok
16:11:17.0395 3144  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:11:17.0411 3144  volmgrx - ok
16:11:17.0411 3144  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:11:17.0411 3144  volsnap - ok
16:11:17.0442 3144  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:11:17.0442 3144  vsmraid - ok
16:11:17.0489 3144  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:11:17.0489 3144  VSS - ok
16:11:17.0504 3144  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:11:17.0504 3144  vwifibus - ok
16:11:17.0520 3144  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:11:17.0520 3144  vwififlt - ok
16:11:17.0551 3144  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:11:17.0567 3144  W32Time - ok
16:11:17.0582 3144  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:11:17.0582 3144  WacomPen - ok
16:11:17.0613 3144  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:11:17.0613 3144  WANARP - ok
16:11:17.0613 3144  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:11:17.0629 3144  Wanarpv6 - ok
16:11:17.0676 3144  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:11:17.0691 3144  WatAdminSvc - ok
16:11:17.0738 3144  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:11:17.0769 3144  wbengine - ok
16:11:17.0785 3144  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:11:17.0785 3144  WbioSrvc - ok
16:11:17.0816 3144  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:11:17.0816 3144  wcncsvc - ok
16:11:17.0847 3144  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:11:17.0847 3144  WcsPlugInService - ok
16:11:17.0863 3144  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:11:17.0863 3144  Wd - ok
16:11:17.0910 3144  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:11:17.0910 3144  Wdf01000 - ok
16:11:17.0925 3144  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:11:17.0925 3144  WdiServiceHost - ok
16:11:17.0941 3144  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:11:17.0941 3144  WdiSystemHost - ok
16:11:17.0972 3144  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:11:17.0972 3144  WebClient - ok
16:11:17.0988 3144  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:11:17.0988 3144  Wecsvc - ok
16:11:18.0003 3144  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:11:18.0003 3144  wercplsupport - ok
16:11:18.0035 3144  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:11:18.0035 3144  WerSvc - ok
16:11:18.0066 3144  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:11:18.0066 3144  WfpLwf - ok
16:11:18.0081 3144  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:11:18.0081 3144  WIMMount - ok
16:11:18.0097 3144  WinDefend - ok
16:11:18.0113 3144  WinHttpAutoProxySvc - ok
16:11:18.0144 3144  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:11:18.0144 3144  Winmgmt - ok
16:11:18.0206 3144  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:11:18.0237 3144  WinRM - ok
16:11:18.0269 3144  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:11:18.0269 3144  WinUsb - ok
16:11:18.0315 3144  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:11:18.0331 3144  Wlansvc - ok
16:11:18.0347 3144  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:11:18.0347 3144  WmiAcpi - ok
16:11:18.0378 3144  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:11:18.0378 3144  wmiApSrv - ok
16:11:18.0409 3144  WMPNetworkSvc - ok
16:11:18.0425 3144  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:11:18.0425 3144  WPCSvc - ok
16:11:18.0456 3144  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:11:18.0456 3144  WPDBusEnum - ok
16:11:18.0487 3144  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:11:18.0487 3144  ws2ifsl - ok
16:11:18.0487 3144  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:11:18.0503 3144  wscsvc - ok
16:11:18.0503 3144  WSearch - ok
16:11:18.0549 3144  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:11:18.0581 3144  wuauserv - ok
16:11:18.0596 3144  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:11:18.0596 3144  WudfPf - ok
16:11:18.0612 3144  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:11:18.0612 3144  WUDFRd - ok
16:11:18.0627 3144  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:11:18.0627 3144  wudfsvc - ok
16:11:18.0643 3144  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:11:18.0659 3144  WwanSvc - ok
16:11:18.0674 3144  ================ Scan global ===============================
16:11:18.0690 3144  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:11:18.0721 3144  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:11:18.0721 3144  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:11:18.0752 3144  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:11:18.0783 3144  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:11:18.0783 3144  [Global] - ok
16:11:18.0783 3144  ================ Scan MBR ==================================
16:11:18.0799 3144  [ 93565D9179CF90FC5C98F8A7A64741DA ] \Device\Harddisk0\DR0
16:11:19.0049 3144  \Device\Harddisk0\DR0 - ok
16:11:19.0049 3144  ================ Scan VBR ==================================
16:11:19.0049 3144  [ 494866EB5B906E22999F5A1DAA86643D ] \Device\Harddisk0\DR0\Partition1
16:11:19.0064 3144  \Device\Harddisk0\DR0\Partition1 - ok
16:11:19.0064 3144  [ E7852B1495091551530AD8953F5695A5 ] \Device\Harddisk0\DR0\Partition2
16:11:19.0064 3144  \Device\Harddisk0\DR0\Partition2 - ok
16:11:19.0111 3144  [ 0BAFCE69EF258C44327F0C8ED2E80AD3 ] \Device\Harddisk0\DR0\Partition3
16:11:19.0111 3144  \Device\Harddisk0\DR0\Partition3 - ok
16:11:19.0111 3144  ============================================================
16:11:19.0111 3144  Scan finished
16:11:19.0111 3144  ============================================================
16:11:19.0127 4188  Detected object count: 0
16:11:19.0127 4188  Actual detected object count: 0
         


Alt 16.02.2013, 13:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
--> Startpins Suchmaschine anstatt Google

Alt 16.02.2013, 15:41   #7
C.G.M.
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 16/02/2013 um 16:36:47 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxx - xxx
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gelöscht : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\21tskrcy.default\searchplugins\Startsear.xml
Datei Gelöscht : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\21tskrcy.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin
Ordner Gelöscht : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\xxx\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\21tskrcy.default\extensions\vshare@toolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\21tskrcy.default\prefs.js

C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\21tskrcy.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2504091.CTID", "CT2504091");
Gelöscht : user_pref("CT2504091.CurrentServerDate", "11-3-2011");
Gelöscht : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2504091.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2504091.EMailNotifierPollDate", "Fri Mar 11 2011 16:20:58 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Gelöscht : user_pref("CT2504091.FeedPollDate128891351169457140", "Fri Mar 11 2011 16:20:58 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedPollDate129079840422964131", "Fri Mar 11 2011 16:20:58 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Gelöscht : user_pref("CT2504091.FirstServerDate", "11-3-2011");
Gelöscht : user_pref("CT2504091.FirstTime", true);
Gelöscht : user_pref("CT2504091.FirstTimeFF3", true);
Gelöscht : user_pref("CT2504091.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2504091.Initialize", true);
Gelöscht : user_pref("CT2504091.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2504091.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2504091.InstalledDate", "Fri Mar 11 2011 16:20:58 GMT+0100");
Gelöscht : user_pref("CT2504091.IsGrouping", false);
Gelöscht : user_pref("CT2504091.IsMulticommunity", false);
Gelöscht : user_pref("CT2504091.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2504091.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2504091.LanguagePackLastCheckTime", "Fri Mar 11 2011 16:20:59 GMT+0100");
Gelöscht : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2504091.LastLogin_2.7.2.0", "Fri Mar 11 2011 16:20:58 GMT+0100");
Gelöscht : user_pref("CT2504091.LatestVersion", "2.7.2.0");
Gelöscht : user_pref("CT2504091.Locale", "en-us");
Gelöscht : user_pref("CT2504091.LoginCache", 4);
Gelöscht : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Fri Mar 11 2011 16:20:58 GMT+0100");
Gelöscht : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2504091.SettingsLastCheckTime", "Fri Mar 11 2011 16:20:57 GMT+0100");
Gelöscht : user_pref("CT2504091.SettingsLastUpdate", "1297858754");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Fri Mar 11 2011 16:20:57 GMT+0100");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Gelöscht : user_pref("CT2504091.Uninstall", true);
Gelöscht : user_pref("CT2504091.UserID", "UN59232552443730377");
Gelöscht : user_pref("CT2504091.alertChannelId", "897164");
Gelöscht : user_pref("CT2504091.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2504091.myStuffEnabled", true);
Gelöscht : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Gelöscht : user_pref("browser.search.order.1", "Web Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,wrc%40avast.com:7.0.1474,%[...]
Gelöscht : user_pref("extensions.vshare@toolbar.update.enabled", false);
Gelöscht : user_pref("vshare.install.date", "1292112000000");
Gelöscht : user_pref("vshare.install.finished", "1.0.0");
Gelöscht : user_pref("vshare.install.guid", "{d7fc725b-32bb-4c85-bc76-eaa92136b5d9}");
Gelöscht : user_pref("vshare.install.isDisabled", false);
Gelöscht : user_pref("vshare.install.laststatreq", "1309996800000");
Gelöscht : user_pref("vshare.install.newtab", false);
Gelöscht : user_pref("vshare.install.overlayVersion", 1);

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.9] : homepage = "hxxp://startsear.ch/?aff=1&cf=c1d8832c-3492-11e1-8fbc-406186eb498e",
Gelöscht [l.13] : urls_to_restore_on_startup = [ "hxxp://startsear.ch/?aff=1&cf=c1d8832c-3492-11e1-8fbc-4061[...]
Gelöscht [l.1271] : homepage = "hxxp://startsear.ch/?aff=1&cf=c1d8832c-3492-11e1-8fbc-406186eb498e",
Gelöscht [l.1524] : urls_to_restore_on_startup = [ "hxxp://startsear.ch/?aff=1&cf=c1d8832c-3492-11e1-8fbc-406186e[...]

*************************

AdwCleaner[S1].txt - [10477 octets] - [16/02/2013 16:36:47]

########## EOF - C:\AdwCleaner[S1].txt - [10538 octets] ##########
         
Code:
ATTFilter
OTL Extras logfile created on: 2/16/2013 4:43:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.87 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 62.11% Memory free
7.73 Gb Paging File | 6.20 Gb Available in Paging File | 80.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.61 Gb Total Space | 772.37 Gb Free Space | 84.08% Space Free | Partition Type: NTFS
Drive D: | 12.80 Gb Total Space | 1.57 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1864224677-2700441476-3884202855-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031667E9-EDBA-46A7-AE36-4EAA9DA97130}" = lport=138 | protocol=17 | dir=in | app=system | 
"{072A30E3-8BFC-4AFD-BFAD-A332ACA67ED4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{13E687FD-48CF-4C25-BF23-A62FAD522ED8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{18BB740E-13F1-4897-91A8-B6F863DC2549}" = lport=137 | protocol=17 | dir=in | app=system | 
"{26488FF3-FD60-4E8D-9844-100CABBE05C5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{42B04071-4ED2-432B-8963-C98AE3CA4D0F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{44A34728-0A01-4E35-90DA-811B53F0D7E3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{49E1B1D9-C8F9-4788-8941-81C9010B3685}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{49FE4687-4060-4488-9550-1A8CDCB3734A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6673081C-0A28-4E36-B294-EC7CE9AB5B0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{667DA1B4-D85C-4AF0-935A-44160EFBDFD9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{70DAF656-EB51-4D46-A40E-C2C05D4F156B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{770FE09C-2F0E-4F82-8F14-1AC471781DFB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{810A77C4-9342-4552-B903-704783BF4CF9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{813555A1-D517-4BAB-9A67-4D7D8D8DD06D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{821DE072-E38F-4A85-87D7-C12D0A1D3880}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8F3AF453-B1EE-4BF8-8751-A57AE1F13153}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9FFA2FAB-59CC-4BA5-8C17-C4EB27E8172E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C1699433-14B6-4729-A647-7C472EE8F5E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C50CC344-2A11-43FC-82F5-D40155DB68C1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C5D6152E-52CC-4B57-9085-CBF6D00DF157}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E5E18231-369A-4F29-A6F8-05B23D1E535D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F78DFEC8-A6B6-4C74-A535-691A871945F4}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038FBDD6-5972-4694-86EC-487EA783C75B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0473F9C5-0412-4DF0-BC8E-68CF5C75F681}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{04FD1B9D-80A3-46F7-8CD4-882A97827E5C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0BC55B45-2ACD-4050-A8A1-965AEAA45CE9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{0F007FF1-B994-4C59-BE7E-53DF9C661407}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{0F882355-7C9D-4661-BABD-C53CE511361B}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{115C025A-C434-4AED-A3F1-0BA5F297EC84}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{17AB375F-42AB-48CB-BCA9-105FAF64917E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1AC989ED-5243-47E3-BE8E-E640EED0573F}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{1C00E9CE-422A-487A-8459-08CE22E06D9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D8C9F5C-7F73-44A6-A568-114236C6516C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | 
"{23D6660C-83A2-4B53-8E72-FA2EE680E456}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B96883A-3BE7-4306-B867-62A458656BEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B98929A-037F-47A5-AD8A-F45B652D4AF9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{30C17A86-9724-430B-A888-161555BBE4E1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{345618ED-AE4D-49E0-AE58-D9CB88A2FE64}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{365F0397-2195-4571-B47E-52112B767B8F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{3C6C24F5-F4A1-4FD7-8763-2A4C36725974}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"{4058DF04-9521-4210-8D26-D5787600499A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{454FBFA7-F708-438F-814A-E8985AF4A73E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | 
"{4B3B707A-02BE-4B00-AAD9-750358D46196}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{530D1CAD-709E-401F-8827-1273F134A171}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{58B94953-38C0-4267-8726-E744C0C699FA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6D03CDBC-F5CC-4B1F-A0A6-EFA74813115F}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"{6D5E722B-FC89-49A3-9D5F-211A75205D15}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{71C86AF0-3C84-43F3-B03B-F6781C14FC95}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{7A9C518C-AE27-4553-B916-9EB0A56A97C8}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{7EF5B64D-4028-466A-8BC9-E4CC536CDBE5}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{7F497C18-D247-4B2E-B062-EFD93F64E29A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F58FAC2-CC20-4267-8153-3E8568D8E42D}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{80064172-ECD2-4A4E-8792-245CAF3DE02B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{8505EC23-850C-4049-ACF9-11981CDB0320}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{8CFF6568-61B1-462F-A335-FB175C3A13B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D3E690A-EADC-4878-A9A0-A6B377972C9D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{92079620-8B50-4B81-93B3-269276A7CE7B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{97356585-F791-4AED-99D9-D4ED682B6D6F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A86B001A-2E9B-43D0-B21D-EB4688003503}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | 
"{AF1393B7-15C2-4928-AFBC-97327BF513E2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{B2C65F98-E60B-4274-A3AF-7234D2591B74}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{C9F6ECFA-6052-4B21-BFD6-6EE94717569A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CE470359-7845-44AD-8776-D897543E83AA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{D0CCA934-9E25-4724-92BC-F83E64FAD215}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D195A28E-A473-4737-BD3E-88F6A765D6DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6770580-411B-447A-B740-A6537B0FE045}" = protocol=6 | dir=out | app=system | 
"{D8F841EA-7B15-4304-8CF5-9FD1C96E0E84}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{DD0A376F-38FE-4C7E-AE22-EF73106E8C1E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E8BC2727-ADB0-41BE-A021-1D2DAE0124E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB64F4F8-6C40-450D-95C9-BFD3BA39BAF5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FF4A7F8B-BAC2-477C-B988-3F322BC31D2A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{019B4B9A-B7AA-4C63-8612-44990699DF9F}C:\users\xxx\appdata\roaming\zuemv\ryonf.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\zuemv\ryonf.exe | 
"TCP Query User{050224ED-B060-4B2E-B3E1-D109873625B2}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"TCP Query User{0F28A824-9220-4AF3-9B19-E6BF8B358034}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{10B1D8DC-B7A4-4A1D-870E-C347F11B8549}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"TCP Query User{1211F68B-D7E7-4BF4-A543-044926DCB291}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"TCP Query User{1AF49AF9-6151-41A9-BCA7-D9A834E8E55B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{1EB553B6-3672-4F38-9A9A-E68E6454CECE}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"TCP Query User{845F343A-C331-474B-B842-9E3EA320C693}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{898493D7-B53A-4935-97CB-6ACB29B87CF0}C:\users\xxx\appdata\roaming\zuemv\ryonf.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\zuemv\ryonf.exe | 
"TCP Query User{9058838D-36EA-4CBF-B9F3-91CF546EE13F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"TCP Query User{B3A6E1EA-8CB3-4EFE-BA2E-C59D29F8EC37}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{1FBB3080-A2D8-4EAC-AC0D-F00536493728}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{2C361863-72D0-4443-AB40-F949CA071A69}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"UDP Query User{38CB2C13-2027-48D2-9ACA-3F8E1C9A6EFA}C:\users\xxx\appdata\roaming\zuemv\ryonf.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\zuemv\ryonf.exe | 
"UDP Query User{41D68E19-3436-4BC7-A69D-95C2A8FCDD9B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{4A572C88-D782-4630-9FBB-5653AE6DBA88}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{544895EF-ECE7-4AD0-B70B-409787BAF786}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"UDP Query User{6512FC86-6CC9-47BD-A9DA-2FFBE8C1FE84}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{C7EA1193-93B5-4D3B-AA38-13523CC4C635}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"UDP Query User{CE2602A7-392E-4ED8-96EE-6A51D8665889}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"UDP Query User{E034E51E-C1B4-4143-92EA-6A7AD0D8EDAB}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"UDP Query User{FD78D0FD-FB87-469A-8BC2-4F40448BAD73}C:\users\xxx\appdata\roaming\zuemv\ryonf.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\zuemv\ryonf.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Pro Antivirus
"FrostWire 5" = FrostWire 5.5.2
"gretl_is1" = gretl version 1.9.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NETGEAR Genie" = NETGEAR Genie
"VLC media player" = VLC media player 1.1.5
"vShare.tv plugin" = vShare.tv plugin 1.3
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1864224677-2700441476-3884202855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/21/2012 3:25:51 PM | Computer Name = xxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6038
 
Error - 3/21/2012 3:25:51 PM | Computer Name = xxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6038
 
Error - 3/21/2012 3:25:52 PM | Computer Name = xxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/21/2012 3:25:52 PM | Computer Name = xxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7036
 
Error - 3/21/2012 3:25:52 PM | Computer Name = xxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7036
 
Error - 3/21/2012 3:25:53 PM | Computer Name = xxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/21/2012 3:25:53 PM | Computer Name = xxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8050
 
Error - 3/21/2012 3:25:53 PM | Computer Name = xxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8050
 
Error - 3/21/2012 4:30:06 PM | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 3/21/2012 4:30:06 PM | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Hewlett-Packard Events ]
Error - 7/19/2012 4:28:22 PM | Computer Name = xxx | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 8/21/2012 5:05:24 PM | Computer Name = xxx | Source = Hewlett-Packard | ID = 0
Description = de-CH Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.RenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 9/21/2012 1:10:18 PM | Computer Name = xxx | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 9/21/2012 1:10:19 PM | Computer Name = xxx | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 9/21/2012 3:43:19 PM | Computer Name = xxx | Source = Hewlett-Packard | ID = 0
Description = de-CH Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 9/26/2012 3:41:58 PM | Computer Name = xxx | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 9/26/2012 3:41:58 PM | Computer Name = xxx | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 11/28/2012 4:53:32 PM | Computer Name = xxx | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 11/28/2012 4:53:32 PM | Computer Name = xxx | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
Error - 2/1/2013 10:45:13 AM | Computer Name = xxx | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
[ System Events ]
Error - 2/5/2013 5:54:22 AM | Computer Name = xxx | Source = Service Control Manager | ID = 7022
Description = Der Dienst "NETGEARGenieDaemon" wurde nicht richtig gestartet.
 
Error - 2/12/2013 11:13:13 AM | Computer Name = xxx | Source = Service Control Manager | ID = 7022
Description = Der Dienst "NETGEARGenieDaemon" wurde nicht richtig gestartet.
 
Error - 2/13/2013 11:41:18 AM | Computer Name = xxx | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?02.?2013 um 16:39:41 unerwartet heruntergefahren.
 
Error - 2/13/2013 11:41:20 AM | Computer Name = xxx | Source = BugCheck | ID = 1001
Description = 
 
Error - 2/13/2013 11:42:08 AM | Computer Name = xxx | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Intel(R) Rapid Storage Technology erreicht.
 
Error - 2/13/2013 11:42:08 AM | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 2/13/2013 11:43:31 AM | Computer Name = xxx | Source = Service Control Manager | ID = 7022
Description = Der Dienst "NETGEARGenieDaemon" wurde nicht richtig gestartet.
 
Error - 2/15/2013 4:20:31 AM | Computer Name = xxx | Source = Service Control Manager | ID = 7022
Description = Der Dienst "NETGEARGenieDaemon" wurde nicht richtig gestartet.
 
Error - 2/15/2013 6:43:40 AM | Computer Name = xxx | Source = Service Control Manager | ID = 7022
Description = Der Dienst "NETGEARGenieDaemon" wurde nicht richtig gestartet.
 
Error - 2/16/2013 11:39:39 AM | Computer Name = xxx | Source = Service Control Manager | ID = 7022
Description = Der Dienst "NETGEARGenieDaemon" wurde nicht richtig gestartet.
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 2/16/2013 4:43:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.87 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 62.11% Memory free
7.73 Gb Paging File | 6.20 Gb Available in Paging File | 80.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.61 Gb Total Space | 772.37 Gb Free Space | 84.08% Space Free | Partition Type: NTFS
Drive D: | 12.80 Gb Total Space | 1.57 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
PRC - C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe ()
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_TrafficMeter.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_FirmwareUpdate.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\SslMailSend.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_FeedBack.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NETGEARGenieDaemon) -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (NETGEAR)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (mvusbews) -- C:\Windows\SysNative\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{E768102C-A48D-4C49-BDA7-D06825042046}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{C6D0DA8B-29F5-4DBF-A10F-FB9444A55468}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000\..\SearchScopes\{C6D0DA8B-29F5-4DBF-A10F-FB9444A55468}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000\..\SearchScopes\{E768102C-A48D-4C49-BDA7-D06825042046}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=c1d8832c-3492-11e1-8fbc-406186eb498e&q={searchTerms}
IE - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/05 22:15:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 12:37:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/16 16:36:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2012/11/24 11:17:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/13 22:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 12:37:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/16 16:36:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/13 22:09:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010/09/19 19:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2010/09/16 21:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/19 19:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2013/02/16 16:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\21tskrcy.default\extensions
[2010/09/19 19:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Sunbird\Profiles\srktcl4a.default\extensions
[2012/10/20 20:28:46 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\21tskrcy.default\extensions\DivXWebPlayer@divx.com.xpi
[2011/07/23 18:03:26 | 000,090,118 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\21tskrcy.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2013/02/06 12:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/05 22:15:55 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21TSKRCY.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2013/02/06 12:37:22 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/03 12:35:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/03 12:35:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/03 12:35:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/03 12:35:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/03 12:35:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/03 12:35:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\xxx\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: vshare plugin = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: vshare plugin = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8FE180C-671B-4F20-9C3F-7679E2945ABA}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5998b4c1-d95c-11e1-acaf-406186eb498e}\Shell - "" = AutoRun
O33 - MountPoints2\{5998b4c1-d95c-11e1-acaf-406186eb498e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/15 16:08:42 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\xxx\Desktop\tdsskiller.exe
[2013/02/15 11:56:57 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\xxx\Desktop\aswMBR.exe
[2013/02/15 11:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/15 11:27:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\mbar
[2013/02/14 15:46:38 | 000,000,000 | R--D | C] -- C:\Users\xxx\Favorites
[2013/02/14 03:01:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/14 03:01:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/14 03:01:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/14 03:01:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/14 03:01:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/14 03:01:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/14 03:01:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/14 03:01:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/14 03:01:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/14 03:01:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/14 03:01:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/14 03:01:04 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/14 03:01:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/14 03:01:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/14 03:01:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/13 21:34:28 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 21:34:26 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 21:34:24 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 21:34:16 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 21:34:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 21:34:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 21:34:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 21:34:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 21:34:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 21:33:59 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/13 16:41:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/13 14:39:55 | 000,000,000 | R--D | C] -- C:\Users\xxx\Searches
[2013/02/08 12:58:15 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/02/06 12:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/20 19:49:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2013/01/20 19:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire 5
[2013/01/20 09:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/20 09:18:42 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013/01/20 09:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/20 09:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/20 09:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/16 16:38:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/16 16:37:57 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/16 16:36:01 | 000,587,671 | ---- | M] () -- C:\Users\xxx\Desktop\adwcleaner0.exe
[2013/02/16 16:31:25 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1864224677-2700441476-3884202855-1000UA.job
[2013/02/16 16:31:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/16 10:02:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1864224677-2700441476-3884202855-1000Core.job
[2013/02/15 16:08:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\xxx\Desktop\tdsskiller.exe
[2013/02/15 13:03:12 | 000,000,512 | ---- | M] () -- C:\Users\xxx\Desktop\MBR.dat
[2013/02/15 11:58:10 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\xxx\Desktop\aswMBR.exe
[2013/02/15 11:50:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/15 11:50:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/15 09:24:41 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/15 09:24:41 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/02/15 09:24:41 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/15 09:24:41 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/02/15 09:24:41 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/14 03:24:41 | 000,377,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/13 15:26:20 | 000,025,549 | ---- | M] () -- C:\Users\xxx\Documents\Logfiles.rar
[2013/02/12 16:11:42 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForxxx.job
[2013/02/08 12:58:25 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/08 12:58:25 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/08 12:58:15 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/02/01 16:03:33 | 000,002,407 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2013/01/20 19:49:47 | 000,001,197 | ---- | M] () -- C:\Users\xxx\Desktop\FrostWire 5.5.2.lnk
[2013/01/20 09:18:51 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2013/02/16 16:36:00 | 000,587,671 | ---- | C] () -- C:\Users\xxx\Desktop\adwcleaner0.exe
[2013/02/15 13:03:12 | 000,000,512 | ---- | C] () -- C:\Users\xxx\Desktop\MBR.dat
[2013/02/13 15:26:20 | 000,025,549 | ---- | C] () -- C:\Users\xxx\Documents\Logfiles.rar
[2013/01/20 19:49:47 | 000,001,197 | ---- | C] () -- C:\Users\xxx\Desktop\FrostWire 5.5.2.lnk
[2013/01/20 09:18:51 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/15 14:23:14 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/20 16:32:33 | 000,004,608 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Geändert von C.G.M. (16.02.2013 um 16:10 Uhr)

Alt 16.02.2013, 17:43   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1864224677-2700441476-3884202855-1000\..\SearchScopes\{E768102C-A48D-4C49-BDA7-D06825042046}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=c1d8832c-3492-11e1-8fbc-406186eb498e&q={searchTerms}
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - user.js - File not found
[2013/02/12 16:11:42 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForxxx.job
[2013/02/15 13:03:12 | 000,000,512 | ---- | C] () -- C:\Users\xxx\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.02.2013, 16:11   #9
C.G.M.
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1864224677-2700441476-3884202855-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E768102C-A48D-4C49-BDA7-D06825042046}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E768102C-A48D-4C49-BDA7-D06825042046}\ not found.
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
File C:\Windows\tasks\HPCeeScheduleForxxx.job not found.
C:\Users\xxx\Desktop\MBR.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\xxx\Downloads\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: xxx
->Temp folder emptied: 40639733 bytes
->Temporary Internet Files folder emptied: 1238651 bytes
->Java cache emptied: 4667797 bytes
->FireFox cache emptied: 468868136 bytes
->Google Chrome cache emptied: 13654001 bytes
->Flash cache emptied: 67028 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35200473 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
RecycleBin emptied: 17652934416 bytes
 
Total Files Cleaned = 17,373.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 02182013_170631

Files\Folders moved on Reboot...
C:\Users\xxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 19.02.2013, 12:31   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2013, 13:37   #11
C.G.M.
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Malwarebytes hat nichts gefunden. Logfile hab ich keins?

Eset hat auch nichts gefunden.
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3483411bb70e5c47a7748684dca220b7
# engine=13197
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-20 01:34:45
# local_time=2013-02-20 02:34:45 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=773 16777213 100 96 9217071 138077157 0 0
# compatibility_mode=5893 16776573 100 94 99799 112997135 0 0
# scanned=188158
# found=0
# cleaned=0
# scan_time=4106
         

Alt 20.02.2013, 16:08   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Zitat:
Logfile hab ich keins?
Wird doch dick und breit in der ANleitung zu Malwarebytes erklärt wo die Logs zu finden sind
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2013, 22:13   #13
C.G.M.
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Sorry, mein Fehler! Dachte das wäre da auch am Schluss. Hab den Überblick nicht mehr 100%!

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
König Robert :: xxx [administrator]

19.02.2013 16:34:03
mbar-log-2013-02-19 (16-34-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29531
Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 20.02.2013, 23:18   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Ähm, du hast leider MBAM mit MBAR verwechselt
Klick doch bitte auch die Link in meiner Anleitung => Malwarebytes Anti-Malware

MBAR = Anti-Rootkit
MBAM = Anti-Malware
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.02.2013, 08:20   #15
C.G.M.
 
Startpins Suchmaschine anstatt Google - Standard

Startpins Suchmaschine anstatt Google



Sorry! Hoffe ich hab's jetzt gepackt

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx [Administrator]

21.02.2013 09:16:53
mbam-log-2013-02-21 (09-16-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203566
Laufzeit: 2 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Antwort

Themen zu Startpins Suchmaschine anstatt Google
adresszeile, allgemeine, allgemeinen, anhang, bereit, bezüglich, check, entferne, ergebnisse, files, gen, google, hallo zusammen, hoffe, interne, liefert, problem, rechner, suche, suchmaschine, thema, total, unwissend, verwendet, viren, zusammen



Ähnliche Themen: Startpins Suchmaschine anstatt Google


  1. vi view anstatt google als startseite+ umleitung bei hyperlinks
    Log-Analyse und Auswertung - 02.02.2015 (4)
  2. ich habe seit kurzem eine neue autom. eingestellte Suchmaschine, die heißt: webssearches.com, wie bekomme ich wieder google rein?
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (5)
  3. Google Suchmaschine funktioniert nicht mehr Win32?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (4)
  4. Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet
    Plagegeister aller Art und deren Bekämpfung - 26.07.2014 (5)
  5. Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert
    Log-Analyse und Auswertung - 29.05.2014 (11)
  6. Google Suchergebnisse wewrden nicht mehr angezeigt, es öffnet sich teilweise automatisch die Suchmaschine ask
    Plagegeister aller Art und deren Bekämpfung - 15.03.2014 (12)
  7. Google Chrome keine Suchmaschine, keine Auswahl an Suchmaschinen
    Plagegeister aller Art und deren Bekämpfung - 01.03.2014 (7)
  8. Windows 7: Certifed-Toolbar Search anstatt Google nach Eingabe in Adressleiste
    Log-Analyse und Auswertung - 09.11.2013 (7)
  9. StartPins erscheint bei Firefox
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (12)
  10. Chatzum als Suchmaschine in Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (15)
  11. MBR überschreiben, anstatt bei VT zu prüfen
    Lob, Kritik und Wünsche - 21.02.2013 (20)
  12. StartPins.com als Suchmaschine statt Google bei Öffnen von neuem Tab
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (3)
  13. StartPins.com statt Google. Suchmaschine ausgetrickst.
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (9)
  14. AOL-Suchmaschine hängt sich in Google- und Yahoo-Suche ein
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (64)
  15. (doppeltes Log) AOL-Suchmaschine hängt sich in Google- und Yahoo-Suche ein
    Mülltonne - 29.09.2012 (0)
  16. Search.searchcompletion.com übernimmt Google Suchmaschine
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (29)
  17. Weißer Hintergrund anstatt Desktop!
    Log-Analyse und Auswertung - 26.04.2012 (31)

Zum Thema Startpins Suchmaschine anstatt Google - Hallo zusammen! Habe das Problem, dass bei mir wenn ich oben in die Suche bzw. Internetadresszeile einen Suchbegriff eingebe Startins anstatt Google als Suchmaschine verwendet wird. Da diese Startpins-Maschine erstens - Startpins Suchmaschine anstatt Google...
Archiv
Du betrachtest: Startpins Suchmaschine anstatt Google auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.