Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: nach Avast! Update bleibt Rechner beim Booten hängen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.03.2013, 17:25   #1
jareb
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Hallo Board,

nach schwerer Infektion habe ich nach Neuinstallation auf meinem System (Vista 64Bit, SP2) Avast! als Antivirenprogramm installiert. Bis vor kurzem ist es auch gelaufen, nun nach einem Update (auf Version 8.0.1483) bleibt der Rechner beim Hochfahren hängen (noch vor der Benutzeranmeldung, bei dem animierten Bildschirm mit WinLogo und Laufbalken). wenn ich Windows im abgesicherten Modus starte funktioniert alles. Im "normalen" Modus habe ich Windows nur mit F9 und F8 (Bootmanager und dann Auswahl "letzte als funktionierend bekannte Version laden" hochfahren können.

Komische Effekte:
- die o.g. Version wird angezeigt, ich kann aber trotzdem ein Update starten, danach wieder der Effekt des Hängenbleibens beim booten.
- Avast kann nicht in msconfig "Systemstart" angehakt werden, bzw. nach klicken auf "übernehmen" oder "OK" ist der Haken wieder weg. (ich hatte Avast mal weggehakt, bei dem Versuch ob dann der Rechner normal hochfährt)
- es läuft immer die "AvastSvc.exe *32" als Systemprozess, nach starten von Avast über alle Programme dann auch die "AvastUI.exe *32"

Im Internet habe ich nichts passendes dazu gefunden, zumindes nicht mit Lösung. Ist das eine erneute Infektion? Läuft Avast bei mir nicht stabil und ich soll lieber eine alternative AntivirenSW nutzen?

Bitte um Hilfe, Grüße
jareb

Alt 10.03.2013, 20:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Hallo,

versuch mal im abgesicherten Modus Avast zu deinstallieren. Versuch dann Windows normal zu starten.
Bitte rückmelden ob das klappt oder nicht, dann sehen wir weiter
__________________

__________________

Alt 15.03.2013, 22:38   #3
jareb
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Hallo Cosinus,

man möcht es ja nicht glauben. Ich habe
- Avast Update angeworfen --> Rechner sollte beim booten wieder hängen bleiben, tut er aber nicht, ist 3x anstandslos hochgefahren
- habe dann probiert in msconfig "Systemstart" Avast anzuhaken --> gleicher Effekt wie zuvor, kann nicht angehakt werden
- dann avast deinstalliert und Rechnerneustart
- avast wieder installiert, neustart, avast läuft
- probiert in msconfig "Systemstart" Avast anzuhaken --> klappt wieder nicht
- andere Programme (z.B. Acrobat Reader den ich auch mal weggehakt hatte) kann ich problemlos wieder anhaken

Woran kann das liegen? Malware?
Oder soll ich mal ein anderes Antivirusprogramm ausprobieren?

Grüße
jareb
__________________

Alt 15.03.2013, 22:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 15.03.2013, 23:08   #5
jareb
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Hallo cosinus,

ich habe den scan mit und ohne die Haken LOP und Purity Prüfung gestartet, wusste nicht was richtig ist, Dateien als Anhang da Text zu groß...

Viele Grüße
jareb

Angehängte Dateien
Dateityp: 7z Extras mit lop und purify.7z (5,5 KB, 76x aufgerufen)
Dateityp: 7z Extras ohne lop und purify.7z (5,5 KB, 94x aufgerufen)
Dateityp: 7z OTL mit lop und purify.7z (11,8 KB, 78x aufgerufen)
Dateityp: 7z OTL ohne lop und purify.7z (14,1 KB, 89x aufgerufen)

Geändert von jareb (15.03.2013 um 23:49 Uhr)

Alt 15.03.2013, 23:45   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Ich seh leider nichts im Anhang..LOP und Purity schaden nicht, das Log wird nur etwas länger
__________________
--> nach Avast! Update bleibt Rechner beim Booten hängen

Alt 15.03.2013, 23:49   #7
jareb
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



so jetzt in der vorigen Antwort...

Alt 15.03.2013, 23:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 16.03.2013, 00:07   #9
jareb
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Hallo cosinus,

hatte ich gelesen und versucht; da kam dann die Aufforderung (Pop up) die Dateien mit 7z zu zippen und anzuhängen. Ich versuche es aber gerne nochmal mit Code Tags...

OTL
Code:
ATTFilter
OTL logfile created on: 15.03.2013 23:32:44 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benutzer10\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,34% Memory free
8,17 Gb Paging File | 6,30 Gb Available in Paging File | 77,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 177,44 Gb Free Space | 29,76% Space Free | Partition Type: NTFS
Drive D: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PC | User Name: Benutzer10 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benutzer10\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\7-Zip\7zFM.exe (Igor Pavlov)
PRC - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe ()
SRV - (FDTvCISvc) -- C:\Programme\FireDTV\FireDTV MCE Plugin\FDTvCISvc.exe (Digital Everywhere)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Firesat_Dvbc) -- C:\Windows\SysNative\DRIVERS\FireDTV_BDA_DVBC_MCE_x64.sys (digital everywhere)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (AswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\DRIVERS\psi_mf.sys (Secunia)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\DRIVERS\avc.sys (Microsoft Corporation)
DRV:64bit: - (AVCSTRM) -- C:\Windows\SysNative\DRIVERS\avcstrm.sys (Microsoft Corporation)
DRV:64bit: - (61883) -- C:\Windows\SysNative\DRIVERS\61883.sys (Microsoft Corporation)
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\DRIVERS\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (ET5Drv) -- C:\Windows\ET5Drv.sys (Windows (R) Codename Longhorn DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-373005886-4246134713-437058552-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-373005886-4246134713-437058552-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-373005886-4246134713-437058552-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.02.17 09:37:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.15 22:19:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 09:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.13 23:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer10\AppData\Roaming\mozilla\Extensions
[2013.03.15 22:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer10\AppData\Roaming\mozilla\Firefox\Profiles\mlda8zbf.default\extensions
[2013.02.14 00:28:50 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Benutzer10\AppData\Roaming\mozilla\Firefox\Profiles\mlda8zbf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.03.15 22:03:11 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Benutzer10\AppData\Roaming\mozilla\firefox\profiles\mlda8zbf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.03.15 21:50:43 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Benutzer10\AppData\Roaming\mozilla\firefox\profiles\mlda8zbf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.09 09:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.17 09:37:45 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-373005886-4246134713-437058552-1000..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35849468-187B-4E4E-9101-CD33D6B91EE6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{825C3320-2358-44B7-887A-66968ED3E892}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.05.07 19:46:54 | 000,000,048 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.15 23:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.03.15 23:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.03.15 22:42:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2013.03.15 22:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.03.15 22:20:51 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.03.15 22:20:51 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.03.15 22:20:50 | 000,059,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2013.03.15 22:20:49 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.03.15 22:20:44 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.03.15 22:20:09 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.03.15 22:19:47 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.03.15 22:08:17 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.03.15 21:14:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.15 21:14:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.15 21:14:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.15 21:14:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.15 21:14:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.15 21:14:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.15 21:14:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.15 21:14:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.15 21:14:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.15 21:14:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.15 21:14:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.15 21:14:10 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.15 21:14:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.15 21:14:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.15 21:14:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.15 21:12:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.10 16:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireDTV
[2013.03.10 16:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\FireDTV
[2013.03.10 16:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CMUV
[2013.03.08 22:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OFPS_FotoVideoSauter
[2013.02.20 15:58:56 | 000,000,000 | ---D | C] -- C:\Users\Benutzer10\restore
[2013.02.20 15:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013.02.20 15:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013.02.20 15:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dm
[2013.02.19 17:34:36 | 000,000,000 | ---D | C] -- C:\Users\Benutzer10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Age of Wonders II
[2013.02.19 17:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Wonders II
[2013.02.19 17:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Age of Wonders II
[2013.02.18 13:56:59 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2013.02.18 13:56:59 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2013.02.18 13:56:59 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2013.02.18 13:56:59 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2013.02.18 13:56:59 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2013.02.18 13:56:59 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2013.02.18 13:56:58 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2013.02.18 13:56:58 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2013.02.18 13:56:57 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2013.02.18 13:56:57 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2013.02.18 13:56:57 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2013.02.18 13:56:57 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2013.02.18 13:56:56 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2013.02.18 13:56:56 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2013.02.18 13:56:55 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2013.02.18 13:56:55 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2013.02.18 13:56:53 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2013.02.18 13:56:53 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2013.02.18 13:56:53 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2013.02.18 13:56:53 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2013.02.18 13:56:45 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2013.02.18 13:56:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013.02.18 13:56:31 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2013.02.18 13:56:31 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2013.02.18 13:56:31 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2013.02.18 13:56:31 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2013.02.18 13:56:30 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2013.02.18 13:56:30 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013.02.18 13:56:29 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2013.02.18 13:56:29 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2013.02.18 13:56:29 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2013.02.18 13:56:29 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2013.02.18 13:56:29 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2013.02.18 13:56:29 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2013.02.18 13:56:28 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2013.02.18 13:56:28 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2013.02.18 13:56:26 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2013.02.18 13:56:26 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013.02.18 13:56:26 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2013.02.18 13:56:26 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013.02.18 13:56:25 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2013.02.18 13:56:25 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013.02.18 13:56:14 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2013.02.18 13:56:14 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2013.02.18 13:56:14 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2013.02.18 13:56:14 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2013.02.18 13:56:13 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2013.02.18 13:56:13 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2013.02.18 13:56:12 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2013.02.18 13:56:12 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2013.02.18 13:56:11 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2013.02.18 13:56:11 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013.02.18 13:56:11 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2013.02.18 13:56:11 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013.02.18 13:56:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2013.02.18 13:56:04 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2013.02.18 13:55:51 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2013.02.18 13:55:51 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013.02.18 13:55:51 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2013.02.18 13:55:51 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013.02.18 13:55:51 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2013.02.18 13:55:51 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013.02.18 13:55:50 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2013.02.18 13:55:50 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2013.02.18 13:55:50 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2013.02.18 13:55:50 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2013.02.18 13:55:49 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2013.02.18 13:55:49 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2013.02.18 13:55:48 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2013.02.18 13:55:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2013.02.18 13:55:44 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2013.02.18 13:55:44 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013.02.18 13:55:44 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2013.02.18 13:55:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013.02.18 13:55:14 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2013.02.18 13:55:14 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013.02.18 13:55:13 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2013.02.18 13:55:13 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2013.02.18 13:55:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2013.02.18 13:55:13 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2013.02.18 13:55:12 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2013.02.18 13:55:12 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2013.02.18 13:55:12 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2013.02.18 13:55:12 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2013.02.18 13:55:12 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2013.02.18 13:55:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2013.02.18 13:55:11 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2013.02.18 13:55:11 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013.02.18 13:55:10 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2013.02.18 13:55:10 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2013.02.18 13:55:09 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2013.02.18 13:55:09 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2013.02.18 13:55:09 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2013.02.18 13:55:09 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2013.02.18 13:55:08 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2013.02.18 13:55:08 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2013.02.18 13:55:07 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2013.02.18 13:55:07 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013.02.18 13:55:07 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2013.02.18 13:55:07 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013.02.18 13:55:07 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2013.02.18 13:55:07 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2013.02.18 13:55:06 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2013.02.18 13:55:06 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013.02.18 13:55:05 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2013.02.18 13:55:05 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013.02.18 13:55:05 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2013.02.18 13:55:05 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013.02.18 13:55:05 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2013.02.18 13:55:05 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013.02.18 13:55:05 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2013.02.18 13:55:05 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2013.02.18 13:55:03 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2013.02.18 13:55:03 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013.02.18 13:55:03 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2013.02.18 13:55:03 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013.02.18 13:55:02 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2013.02.18 13:55:02 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013.02.18 13:55:02 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2013.02.18 13:55:02 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013.02.18 13:55:02 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2013.02.18 13:55:02 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013.02.18 13:55:01 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2013.02.18 13:55:01 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013.02.18 13:55:00 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2013.02.18 13:55:00 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013.02.18 13:54:59 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2013.02.18 13:54:59 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013.02.18 13:54:59 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2013.02.18 13:54:59 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013.02.18 13:54:58 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2013.02.18 13:54:58 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2013.02.18 13:54:57 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2013.02.18 13:54:57 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013.02.18 13:54:57 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2013.02.18 13:54:57 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013.02.18 13:54:57 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2013.02.18 13:54:57 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013.02.18 13:54:56 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2013.02.18 13:54:56 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013.02.18 13:54:55 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2013.02.18 13:54:55 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013.02.18 13:54:53 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2013.02.18 13:54:53 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013.02.18 13:54:04 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2013.02.18 13:54:04 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013.02.18 13:54:02 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2013.02.18 13:54:02 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013.02.18 13:53:54 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2013.02.18 13:53:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013.02.18 13:53:53 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2013.02.18 13:53:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013.02.18 13:53:52 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2013.02.18 13:53:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013.02.18 13:53:52 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2013.02.18 13:53:52 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013.02.18 13:53:51 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2013.02.18 13:53:51 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013.02.18 13:53:50 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2013.02.18 13:53:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013.02.18 13:53:49 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2013.02.18 13:53:49 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013.02.18 13:53:48 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2013.02.18 13:53:48 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2013.02.18 13:53:48 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013.02.18 13:53:48 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013.02.17 18:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.02.17 18:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.02.17 18:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.02.17 09:37:53 | 000,000,000 | ---D | C] -- C:\Users\Benutzer10\Documents\PDF Architect Files
[2013.02.17 09:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013.02.17 09:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013.02.17 09:37:12 | 000,000,000 | ---D | C] -- C:\Users\Benutzer10\AppData\Roaming\pdfforge
[2013.02.17 09:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.02.17 09:37:10 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2013.02.17 09:37:10 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2013.02.17 09:37:10 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013.02.17 09:37:09 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2013.02.17 09:37:09 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2013.02.17 09:37:09 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2013.02.17 09:37:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2013.02.17 09:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.02.17 09:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013.02.17 09:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.02.17 09:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013.02.17 09:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.02.17 09:17:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.02.17 09:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2013.02.17 09:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.02.17 09:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.02.17 09:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.02.17 09:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.02.17 09:11:11 | 000,000,000 | ---D | C] -- C:\Users\Benutzer10\AppData\Local\Microsoft Help
[2013.02.17 09:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.02.17 09:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.02.17 09:10:26 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.02.17 09:01:18 | 000,000,000 | ---D | C] -- C:\temp
[2013.02.16 15:48:56 | 000,000,000 | ---D | C] -- C:\Users\Benutzer10\AppData\Roaming\Opera
[2013.02.16 15:48:56 | 000,000,000 | ---D | C] -- C:\Users\Benutzer10\AppData\Local\Opera
[2013.02.16 15:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013.02.16 15:11:42 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2013.02.16 15:11:42 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2013.02.16 15:11:42 | 000,017,408 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll
[2013.02.16 15:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013.02.16 15:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013.02.16 15:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013.02.16 13:57:14 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL
[2013.02.16 13:57:13 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMGAU.DLL
[2013.02.16 13:57:13 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBGAU.DLL
[2013.02.16 13:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013.02.16 11:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.02.14 20:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.02.14 20:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.02.14 19:03:18 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.14 19:03:17 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.14 19:03:17 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.14 19:03:17 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.14 19:03:17 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.14 19:03:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.02.14 19:03:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.02.14 19:03:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2013.02.14 19:03:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2013.02.14 19:03:10 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.14 19:03:10 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.14 18:59:36 | 000,000,000 | ---D | C] -- C:\Users\Benutzer10\AppData\Local\WindowsUpdate
[2013.02.14 18:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2013.02.14 01:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2013.02.14 01:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2013.02.14 01:06:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2013.02.14 01:06:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2013.02.14 01:06:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2013.02.14 00:40:04 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2013.02.14 00:40:04 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2013.02.14 00:40:03 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2013.02.14 00:39:57 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2013.02.14 00:39:56 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2013.02.14 00:39:56 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013.02.14 00:39:56 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2013.02.14 00:39:56 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2013.02.14 00:39:56 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2013.02.14 00:39:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2013.02.14 00:39:56 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2013.02.14 00:39:56 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2013.02.14 00:39:56 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2013.02.14 00:39:56 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2013.02.14 00:39:56 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2013.02.14 00:39:55 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2013.02.14 00:12:36 | 000,000,000 | ---D | C] -- C:\Users\Benutzer10\AppData\Local\Macromedia
[2013.02.14 00:11:59 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.14 00:11:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.02.14 00:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.14 00:02:15 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013.02.14 00:02:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.02.14 00:02:12 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll
[2013.02.14 00:02:11 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013.02.14 00:02:10 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013.02.14 00:02:09 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013.02.14 00:02:09 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013.02.13 23:59:20 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2013.02.13 23:59:20 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2013.02.13 23:59:20 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2013.02.13 23:59:20 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2013.02.13 23:59:20 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2013.02.13 23:59:20 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2013.02.13 23:59:20 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2013.02.13 23:59:20 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2013.02.13 23:57:34 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2013.02.13 23:57:31 | 000,000,000 | ---D | C] -- C:\Users\Benutzer10\AppData\Local\Adobe
[2013.02.13 23:54:27 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.02.13 23:54:27 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.02.13 23:54:27 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.02.13 23:54:27 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.02.13 23:54:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.02.13 23:54:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.02.13 23:54:27 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.02.13 23:54:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.02.13 23:54:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.02.13 23:54:27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.02.13 23:54:27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.02.13 23:54:27 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013.02.13 23:54:27 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.02.13 23:54:27 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.02.13 23:54:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.02.13 23:54:27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.02.13 23:54:27 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.02.13 23:54:26 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2013.02.13 23:54:26 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.02.13 23:54:26 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.02.13 23:54:26 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2013.02.13 23:54:26 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2013.02.13 23:54:26 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.02.13 23:54:26 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.02.13 23:54:26 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2013.02.13 23:54:26 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.02.13 23:54:26 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2013.02.13 23:54:26 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.02.13 23:54:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.02.13 23:54:25 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.02.13 23:54:25 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.02.13 23:54:25 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.02.13 23:54:25 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.02.13 23:54:25 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.02.13 23:54:25 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2013.02.13 23:54:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2013.02.13 23:54:25 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2013.02.13 23:54:25 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.02.13 23:54:25 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2013.02.13 23:54:25 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.02.13 23:54:25 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2013.02.13 23:54:25 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.02.13 23:54:25 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.02.13 23:54:25 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.02.13 23:54:25 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.02.13 23:54:25 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.02.13 23:54:25 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.02.13 23:54:25 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.02.13 23:54:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.02.13 23:54:25 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.02.13 23:54:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.02.13 23:54:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.02.13 23:54:25 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.02.13 23:54:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.02.13 23:54:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.02.13 23:54:24 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.02.13 23:54:24 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.02.13 23:54:24 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.02.13 23:54:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.02.13 23:53:13 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2013.02.13 23:53:13 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2013.02.13 23:53:13 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2013.02.13 23:53:13 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2013.02.13 23:53:13 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2013.02.13 23:53:13 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2013.02.13 23:53:13 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2013.02.13 23:53:13 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013.02.13 23:53:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2013.02.13 23:53:13 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013.02.13 23:53:13 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2013.02.13 23:53:13 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2013.02.13 23:53:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2013.02.13 23:53:12 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.02.13 23:53:12 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2013.02.13 23:53:12 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2013.02.13 23:53:12 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2013.02.13 23:53:11 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.13 23:53:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013.02.13 23:53:10 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.13 23:53:10 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2013.02.13 23:53:10 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.13 23:53:10 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2013.02.13 23:53:10 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.13 23:53:10 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.02.13 23:53:10 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2013.02.13 23:53:09 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2013.02.13 23:53:09 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2013.02.13 23:53:09 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2013.02.13 23:53:09 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2013.02.13 23:53:09 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013.02.13 23:52:15 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.13 23:52:15 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.13 23:52:15 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.13 23:52:15 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.13 23:52:15 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2013.02.13 23:52:15 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.13 23:52:15 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2013.02.13 23:52:15 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2013.02.13 23:52:15 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2013.02.13 23:52:15 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2013.02.13 23:52:15 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.13 23:52:15 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2013.02.13 23:49:24 | 000,000,000 | ---D | C] -- C:\Users\Benutzer10\AppData\Roaming\Mozilla
[2013.02.13 23:49:24 | 000,000,000 | ---D | C] -- C:\Users\Benutzer10\AppData\Local\Mozilla
[2013.02.13 23:47:11 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2013.02.13 23:47:11 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2013.02.13 23:47:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2013.02.13 23:47:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2013.02.13 23:38:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2013.02.13 23:38:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2013.02.13 23:38:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2013.02.13 23:38:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2013.02.13 23:38:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2013.02.13 23:38:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2013.02.13 23:38:13 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2013.02.13 23:38:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2013.02.13 23:38:12 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2013.02.13 23:38:12 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2013.02.13 23:38:12 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2013.02.13 23:38:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2013.02.13 23:38:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2013.02.13 23:38:08 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2013.02.13 23:38:08 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2013.02.13 23:38:08 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2013.02.13 23:38:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2013.02.13 23:38:08 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2013.02.13 23:38:08 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2013.02.13 23:38:08 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2013.02.13 23:38:08 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2013.02.13 23:38:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2013.02.13 23:38:02 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2013.02.13 23:38:02 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2013.02.13 23:38:02 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2013.02.13 23:38:02 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2013.02.13 23:38:02 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2013.02.13 23:38:02 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2013.02.13 23:38:02 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2013.02.13 23:38:01 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2013.02.13 23:38:01 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2013.02.13 23:38:01 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.15 23:29:25 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.15 23:29:25 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.15 23:29:25 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.15 23:29:25 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.15 23:29:25 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.15 23:22:07 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 23:22:07 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 23:22:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.15 23:08:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.15 22:20:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.03.14 18:08:18 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.14 18:08:18 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.10 16:12:38 | 000,000,726 | ---- | M] () -- C:\Users\Public\Desktop\FireDTV Viewer.lnk
[2013.03.10 16:06:35 | 000,040,320 | ---- | M] (digital everywhere) -- C:\Windows\SysNative\drivers\FireDTV_BDA_DVBC_MCE_x64.sys
[2013.03.07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.03.07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.03.07 00:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.03.07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.03.07 00:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.03.07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.03.07 00:33:20 | 000,059,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2013.03.07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.03.07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.03.07 00:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.03.02 16:08:44 | 000,000,680 | ---- | M] () -- C:\Users\Benutzer10\AppData\Local\d3d9caps.dat
[2013.03.01 22:57:21 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013.03.01 22:57:07 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2013.02.19 17:34:36 | 000,001,811 | ---- | M] () -- C:\Users\Benutzer10\Desktop\Age of Wonders II.lnk
[2013.02.17 09:46:25 | 000,378,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 01:06:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2013.02.13 23:54:43 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2013.02.13 23:54:43 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2013.02.13 23:54:43 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2013.02.13 23:54:43 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2013.02.13 23:54:27 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.02.13 23:54:27 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.02.13 23:54:27 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.02.13 23:54:27 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.02.13 23:54:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.02.13 23:54:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.02.13 23:54:27 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.02.13 23:54:27 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.02.13 23:54:27 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.02.13 23:54:27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.02.13 23:54:27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.02.13 23:54:27 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013.02.13 23:54:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.13 23:54:27 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.02.13 23:54:27 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.02.13 23:54:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.02.13 23:54:27 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.02.13 23:54:27 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.02.13 23:54:26 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2013.02.13 23:54:26 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.02.13 23:54:26 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.02.13 23:54:26 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2013.02.13 23:54:26 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2013.02.13 23:54:26 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.02.13 23:54:26 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.02.13 23:54:26 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2013.02.13 23:54:26 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.02.13 23:54:26 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2013.02.13 23:54:26 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.02.13 23:54:26 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.02.13 23:54:26 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.02.13 23:54:25 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.02.13 23:54:25 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.02.13 23:54:25 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.02.13 23:54:25 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.02.13 23:54:25 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.02.13 23:54:25 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2013.02.13 23:54:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2013.02.13 23:54:25 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2013.02.13 23:54:25 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.02.13 23:54:25 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2013.02.13 23:54:25 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.02.13 23:54:25 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2013.02.13 23:54:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.02.13 23:54:25 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.02.13 23:54:25 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.02.13 23:54:25 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.02.13 23:54:25 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.02.13 23:54:25 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.02.13 23:54:25 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.02.13 23:54:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.13 23:54:25 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.02.13 23:54:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.02.13 23:54:25 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.02.13 23:54:25 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.02.13 23:54:25 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.02.13 23:54:25 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.02.13 23:54:24 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.02.13 23:54:24 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.02.13 23:54:24 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.02.13 23:54:24 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.02.13 23:53:13 | 003,548,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2013.02.13 23:53:13 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2013.02.13 23:53:13 | 001,257,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2013.02.13 23:53:13 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2013.02.13 23:53:13 | 000,428,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2013.02.13 23:53:13 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2013.02.13 23:53:13 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2013.02.13 23:53:13 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013.02.13 23:53:13 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2013.02.13 23:53:13 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013.02.13 23:53:13 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2013.02.13 23:53:13 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2013.02.13 23:53:13 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2013.02.13 23:53:12 | 001,204,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.02.13 23:53:12 | 000,748,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2013.02.13 23:53:12 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2013.02.13 23:53:12 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2013.02.13 23:53:11 | 000,566,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.13 23:53:11 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013.02.13 23:53:10 | 001,268,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.13 23:53:10 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2013.02.13 23:53:10 | 000,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.13 23:53:10 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2013.02.13 23:53:10 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.13 23:53:10 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.02.13 23:53:10 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2013.02.13 23:53:09 | 003,068,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2013.02.13 23:53:09 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2013.02.13 23:53:09 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2013.02.13 23:53:09 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2013.02.13 23:53:09 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013.02.13 23:52:16 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\dxgkrnl.sys.mui
[2013.02.13 23:52:15 | 001,209,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.13 23:52:15 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.13 23:52:15 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.13 23:52:15 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.13 23:52:15 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2013.02.13 23:52:15 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.13 23:52:15 | 000,328,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2013.02.13 23:52:15 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2013.02.13 23:52:15 | 000,262,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2013.02.13 23:52:15 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2013.02.13 23:52:15 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.13 23:52:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2013.02.13 23:44:16 | 000,004,608 | ---- | M] () -- C:\Users\Benutzer10\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2013.03.15 22:20:43 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.03.15 22:20:10 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.03.10 16:12:38 | 000,000,726 | ---- | C] () -- C:\Users\Public\Desktop\FireDTV Viewer.lnk
[2013.03.08 22:02:25 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OFPS Foto-Video-Sauter.lnk
[2013.02.19 17:34:36 | 000,001,811 | ---- | C] () -- C:\Users\Benutzer10\Desktop\Age of Wonders II.lnk
[2013.02.14 18:55:50 | 000,001,838 | ---- | C] () -- C:\Users\Benutzer10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013.02.14 01:06:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2013.02.14 00:12:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.14 00:02:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.02.14 00:02:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.02.13 23:54:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.13 23:54:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.13 23:38:03 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2013.02.13 23:38:03 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2013.02.13 23:38:03 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2013.02.13 23:38:03 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2013.02.13 23:38:03 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2013.02.13 23:38:03 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2013.02.13 18:18:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.02.13 18:12:59 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013.02.13 18:04:07 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2013.02.13 14:50:43 | 000,004,608 | ---- | C] () -- C:\Users\Benutzer10\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.13 11:51:11 | 000,000,680 | ---- | C] () -- C:\Users\Benutzer10\AppData\Local\d3d9caps.dat
[2013.02.13 11:51:10 | 000,000,552 | ---- | C] () -- C:\Users\Benutzer10\AppData\Local\d3d8caps.dat
[2013.02.11 22:34:05 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013.02.11 22:34:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2013.02.11 22:33:53 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2013.02.11 22:33:53 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2013.02.11 21:50:03 | 000,000,732 | ---- | C] () -- C:\Users\Benutzer10\AppData\Local\d3d9caps64.dat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.16 16:05:51 | 000,000,000 | ---D | M] -- C:\Users\Benutzer1\AppData\Roaming\Opera
[2013.02.16 15:48:56 | 000,000,000 | ---D | M] -- C:\Users\Benutzer10\AppData\Roaming\Opera
[2013.02.17 09:37:12 | 000,000,000 | ---D | M] -- C:\Users\Benutzer10\AppData\Roaming\pdfforge
 
========== Purity Check ==========
 
 

< End of report >
         
Extras
Code:
ATTFilter
OTL Extras logfile created on: 15.03.2013 23:32:44 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benutzer10\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,34% Memory free
8,17 Gb Paging File | 6,30 Gb Available in Paging File | 77,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 177,44 Gb Free Space | 29,76% Space Free | Partition Type: NTFS
Drive D: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PC | User Name: Benutzer10 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-373005886-4246134713-437058552-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 1F BF 85 69 A1 08 CE 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{41EC680D-FB13-4156-81FA-7CA9BD1D299B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{296ABE3B-55BC-4D3C-BF4D-8614FF06D0AC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{2975BD20-521E-4204-9371-6671A3DBB89E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{520903E2-A176-4981-BCF4-0499D855090E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{5DEE1E62-A0E6-4358-95B9-30B3F2616057}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{7D56CB5C-9504-4AD0-AAEC-2602E18DFD5B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C57673F2-E223-42B9-AB72-C493BBBE41A9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{D37A9D36-D4E8-4D7D-AD45-FCF722F9727D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D50A13BA-4918-497A-AF87-1A3D531CE2D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D814F510-5A75-4A2F-B724-3E4B30A4E4DC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{EF6EA546-84DE-4312-BFFE-328115A37618}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59783762-B637-4319-A79D-BA9453123C09}" = FireDTV MCE Plugin
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{AB58402A-43DE-551C-2B40-DD1CF0E21240}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE05598E-280C-46B8-B34F-57A12118A0DE}_is1" = FireDTV Setup 5.7 N
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}" = AMD Catalyst Install Manager
"EPSON BX525WD Series" = Druckerdeinstallation für EPSON BX525WD Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09327F13-B337-9F40-6976-EC993BEC1695}" = HydraVision
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = Catalyst Control Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{7551720A-7CB0-456F-9CE1-4E154432DD9E}" = ATI Catalyst Survey
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{A11E24AD-A7EB-78C9-F792-AD9CDDB8B651}" = Catalyst Control Center InstallProxy
"{A5154441-DAF4-49A6-BFEE-DE9B1928DEF0}" = Realtek Ethernet Teaming and VLAN Utility for Windows Vista
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Wonders II" = Age of Wonders II
"avast" = avast! Free Antivirus
"EPSON Scanner" = EPSON Scan
"FileHippo.com" = FileHippo.com Update Checker
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Online Foto Print System (fvsauter)" = Online Foto Print System ( OFPS Foto-Video-Sauter )
"Opera 12.14.1738" = Opera 12.14
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Steam App 72850" = The Elder Scrolls V: Skyrim
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.03.2013 10:07:58 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 19:55:43 | Computer Name = PC | Source =   | ID = 0
Description = 
 
Error - 11.03.2013 19:55:43 | Computer Name = PC | Source =   | ID = 0
Description = 
 
Error - 14.03.2013 11:37:26 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.03.2013 16:04:37 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.03.2013 16:32:32 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.03.2013 16:44:58 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.03.2013 16:57:11 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.03.2013 17:13:11 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.03.2013 18:23:41 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 15.03.2013 18:20:30 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2013 18:20:31 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2013 18:23:29 | Computer Name = PC | Source = DCOM | ID = 10005
Description = 
 
Error - 15.03.2013 18:23:43 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2013 18:23:43 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2013 18:23:43 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2013 18:23:43 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2013 18:23:43 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2013 18:23:43 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2013 18:23:43 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         

Alt 16.03.2013, 01:59   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Kein Problem, so ist das gut in der Form!

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 16.03.2013, 23:08   #11
jareb
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Hallo cosinus,

hier die Ergebnisse:

gmer
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-16 22:41:45
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD642JJ rev.1AA01112 596,17GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\BENUTZ~1\AppData\Local\Temp\pxldapow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                             suspicious modification
.text     C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                              fffff9600013f600 3 bytes [80, 82, 02]
.text     C:\Windows\System32\win32k.sys!W32pServiceTable + 4                                                                                                          fffff9600013f604 3 bytes [81, C1, FA]
.text     ...                                                                                                                                                          * 128
.text     C:\Windows\System32\win32k.sys!EngGetProcessHandle + 452                                                                                                     fffff960001e86cc 6 bytes {JMP QWORD [RIP-0xb1956]}

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\wininit.exe[640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                   0000000076c12c52 1 byte [62]
.text     C:\Windows\system32\winlogon.exe[820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                  0000000076c12c52 1 byte [62]
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                   0000000076c12c52 1 byte [62]
.text     C:\Windows\system32\atiesrxx.exe[528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                  0000000076c12c52 1 byte [62]
.text     C:\Windows\System32\svchost.exe[12] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                    0000000076c12c52 1 byte [62]
.text     C:\Windows\System32\svchost.exe[904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                   0000000076c12c52 1 byte [62]
.text     C:\Windows\system32\svchost.exe[792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                   0000000076c12c52 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                  0000000076c12c52 1 byte [62]
.text     C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                  0000000076c12c52 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1784] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130                                     0000000075d94228 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                                                  0000000076c12c52 1 byte [62]
.text     C:\Program Files\FireDTV\FireDTV MCE Plugin\FDTvCISvc.exe[1864] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194                                        0000000076c12c52 1 byte [62]
.text     C:\Program Files (x86)\PDF Architect\HelperService.exe[1892] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130                                           0000000075d94228 1 byte [62]
.text     C:\Program Files (x86)\PDF Architect\ConversionService.exe[2032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130                                       0000000075d94228 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130                                                      0000000075d94228 1 byte [62]
.text     C:\Windows\system32\SearchIndexer.exe[2268] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                                       0000000076ef6d20 5 bytes JMP 000000010016075c
.text     C:\Windows\system32\SearchIndexer.exe[2268] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                                         0000000076f13bd0 5 bytes JMP 00000001001603a4
.text     C:\Windows\system32\SearchIndexer.exe[2268] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                                            0000000076f26ff0 5 bytes JMP 0000000100160b14
.text     C:\Windows\system32\SearchIndexer.exe[2268] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                                                0000000076f27050 5 bytes JMP 0000000100160ecc
.text     C:\Windows\system32\SearchIndexer.exe[2268] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                 0000000076f27130 5 bytes JMP 000000010016163c
.text     C:\Windows\system32\SearchIndexer.exe[2268] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                                             0000000076f27370 5 bytes JMP 0000000100161284
.text     C:\Windows\system32\SearchIndexer.exe[2268] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                 0000000076f28330 5 bytes JMP 00000001001619f4
.text     C:\Windows\system32\SearchIndexer.exe[2268] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194                                                            0000000076c12c52 1 byte [62]
.text     C:\Windows\system32\taskeng.exe[2864] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                                             0000000076ef6d20 5 bytes JMP 000000010079075c
.text     C:\Windows\system32\taskeng.exe[2864] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                                               0000000076f13bd0 5 bytes JMP 00000001007903a4
.text     C:\Windows\system32\taskeng.exe[2864] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076f26ff0 5 bytes JMP 0000000100790b14
.text     C:\Windows\system32\taskeng.exe[2864] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076f27050 5 bytes JMP 0000000100790ecc
.text     C:\Windows\system32\taskeng.exe[2864] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                       0000000076f27130 5 bytes JMP 000000010079163c
.text     C:\Windows\system32\taskeng.exe[2864] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076f27370 5 bytes JMP 0000000100791284
.text     C:\Windows\system32\taskeng.exe[2864] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                       0000000076f28330 5 bytes JMP 00000001007919f4
.text     C:\Windows\system32\Dwm.exe[3044] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                                                 0000000076ef6d20 5 bytes JMP 00000001000a075c
.text     C:\Windows\system32\Dwm.exe[3044] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                                                   0000000076f13bd0 5 bytes JMP 00000001000a03a4
.text     C:\Windows\system32\Dwm.exe[3044] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                                                      0000000076f26ff0 5 bytes JMP 00000001000a0b14
.text     C:\Windows\system32\Dwm.exe[3044] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                                                          0000000076f27050 5 bytes JMP 00000001000a0ecc
.text     C:\Windows\system32\Dwm.exe[3044] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                           0000000076f27130 5 bytes JMP 00000001000a163c
.text     C:\Windows\system32\Dwm.exe[3044] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                                                       0000000076f27370 5 bytes JMP 00000001000a1284
.text     C:\Windows\system32\Dwm.exe[3044] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                           0000000076f28330 5 bytes JMP 00000001000a19f4
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                                                      0000000076ef6d20 5 bytes JMP 000000010070075c
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                                                        0000000076f13bd0 5 bytes JMP 00000001007003a4
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                                                           0000000076f26ff0 5 bytes JMP 0000000100700b14
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                                                               0000000076f27050 5 bytes JMP 0000000100700ecc
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                                0000000076f27130 5 bytes JMP 000000010070163c
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                                                            0000000076f27370 5 bytes JMP 0000000100701284
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                                0000000076f28330 5 bytes JMP 00000001007019f4
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194                                                                           0000000076c12c52 1 byte [62]
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                                                0000000076ad20f4 5 bytes JMP 0000000100800b14
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                                                0000000076ad86b0 5 bytes JMP 0000000100800ecc
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\USER32.dll!SetWinEventHook                                                                                  0000000076ada308 5 bytes JMP 00000001008003a4
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\USER32.dll!UnhookWinEvent                                                                                   0000000076adf4c0 5 bytes JMP 000000010080075c
.text     C:\Windows\Explorer.EXE[168] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                                                                              0000000076af4700 5 bytes JMP 0000000100801284
.text     C:\Program Files\Windows Defender\MSASCui.exe[3220] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                               0000000076ef6d20 5 bytes JMP 000000010087075c
.text     C:\Program Files\Windows Defender\MSASCui.exe[3220] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                                 0000000076f13bd0 5 bytes JMP 00000001008703a4
.text     C:\Program Files\Windows Defender\MSASCui.exe[3220] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                                    0000000076f26ff0 5 bytes JMP 0000000100870b14
.text     C:\Program Files\Windows Defender\MSASCui.exe[3220] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                                        0000000076f27050 5 bytes JMP 0000000100870ecc
.text     C:\Program Files\Windows Defender\MSASCui.exe[3220] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                         0000000076f27130 5 bytes JMP 000000010087163c
.text     C:\Program Files\Windows Defender\MSASCui.exe[3220] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                                     0000000076f27370 5 bytes JMP 0000000100871284
.text     C:\Program Files\Windows Defender\MSASCui.exe[3220] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                         0000000076f28330 5 bytes JMP 00000001008719f4
.text     C:\Program Files\Windows Defender\MSASCui.exe[3220] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194                                                    0000000076c12c52 1 byte [62]
.text     C:\Windows\RAVCpl64.exe[3304] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                                                     0000000076ef6d20 5 bytes JMP 000000010026075c
.text     C:\Windows\RAVCpl64.exe[3304] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                                                       0000000076f13bd0 5 bytes JMP 00000001002603a4
.text     C:\Windows\RAVCpl64.exe[3304] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                                                          0000000076f26ff0 5 bytes JMP 0000000100260b14
.text     C:\Windows\RAVCpl64.exe[3304] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                                                              0000000076f27050 5 bytes JMP 0000000100260ecc
.text     C:\Windows\RAVCpl64.exe[3304] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                               0000000076f27130 5 bytes JMP 000000010026163c
.text     C:\Windows\RAVCpl64.exe[3304] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                                                           0000000076f27370 5 bytes JMP 0000000100261284
.text     C:\Windows\RAVCpl64.exe[3304] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                               0000000076f28330 5 bytes JMP 00000001002619f4
.text     C:\Windows\RAVCpl64.exe[3304] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194                                                                          0000000076c12c52 1 byte [62]
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3344] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                                0000000076ef6d20 5 bytes JMP 000000010020075c
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3344] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                                  0000000076f13bd0 5 bytes JMP 00000001002003a4
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3344] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                                     0000000076f26ff0 5 bytes JMP 0000000100200b14
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3344] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                                         0000000076f27050 5 bytes JMP 0000000100200ecc
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3344] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                          0000000076f27130 5 bytes JMP 000000010020163c
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3344] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                                      0000000076f27370 5 bytes JMP 0000000100201284
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3344] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                          0000000076f28330 5 bytes JMP 00000001002019f4
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3344] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194                                                     0000000076c12c52 1 byte [62]
.text     C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[3356] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                       0000000076ef6d20 5 bytes JMP 00000001002c075c
.text     C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[3356] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                         0000000076f13bd0 5 bytes JMP 00000001002c03a4
.text     C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[3356] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                            0000000076f26ff0 5 bytes JMP 00000001002c0b14
.text     C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[3356] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                                0000000076f27050 5 bytes JMP 00000001002c0ecc
.text     C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[3356] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                 0000000076f27130 5 bytes JMP 00000001002c163c
.text     C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[3356] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                             0000000076f27370 5 bytes JMP 00000001002c1284
.text     C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[3356] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                 0000000076f28330 5 bytes JMP 00000001002c19f4
.text     C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[3356] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194                                            0000000076c12c52 1 byte [62]
.text     C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3368] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                      0000000076ef6d20 5 bytes JMP 000000010015075c
.text     C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3368] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                        0000000076f13bd0 5 bytes JMP 00000001001503a4
.text     C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3368] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                           0000000076f26ff0 5 bytes JMP 0000000100150b14
.text     C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3368] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                               0000000076f27050 5 bytes JMP 0000000100150ecc
.text     C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3368] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                0000000076f27130 5 bytes JMP 000000010015163c
.text     C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3368] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                            0000000076f27370 5 bytes JMP 0000000100151284
.text     C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3368] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                0000000076f28330 5 bytes JMP 00000001001519f4
.text     C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3368] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194                                           0000000076c12c52 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                               00000000770d17d7 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                             00000000770d3221 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                  00000000770e9578 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                      00000000770e9608 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                       00000000770e9758 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                   00000000770e9ab8 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                       00000000770eb24c 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130                                                  0000000075d94228 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                     0000000075bc010d 5 bytes JMP 0000000100070a08
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                       0000000075bc03d2 5 bytes JMP 0000000100070804
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                       0000000075bc1b58 5 bytes JMP 0000000100070600
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                          0000000075bc6530 5 bytes JMP 00000001000703fc
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                         0000000075bd653e 5 bytes JMP 00000001000701f8
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                        0000000076159eb4 5 bytes JMP 00000001000803fc
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                         000000007615a07e 5 bytes JMP 0000000100080600
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity                                              0000000076196cd9 5 bytes JMP 0000000100081014
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                  0000000076196dd9 5 bytes JMP 0000000100080804
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                  0000000076196f81 5 bytes JMP 0000000100080a08
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A                                                 0000000076197099 5 bytes JMP 0000000100080c0c
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W                                                 00000000761971e1 5 bytes JMP 0000000100080e10
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3388] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                        00000000761972a1 5 bytes JMP 00000001000801f8
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[3784] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130                                                0000000075d94228 1 byte [62]
.text     C:\Windows\system32\svchost.exe[3324] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                                             0000000076ef6d20 5 bytes JMP 00000001000d075c
.text     C:\Windows\system32\svchost.exe[3324] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                                               0000000076f13bd0 5 bytes JMP 00000001000d03a4
.text     C:\Windows\system32\svchost.exe[3324] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000076f26ff0 5 bytes JMP 00000001000d0b14
.text     C:\Windows\system32\svchost.exe[3324] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000076f27050 5 bytes JMP 00000001000d0ecc
.text     C:\Windows\system32\svchost.exe[3324] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                       0000000076f27130 5 bytes JMP 00000001000d163c
.text     C:\Windows\system32\svchost.exe[3324] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000076f27370 5 bytes JMP 00000001000d1284
.text     C:\Windows\system32\svchost.exe[3324] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                       0000000076f28330 5 bytes JMP 00000001000d19f4
.text     C:\Windows\ehome\ehsched.exe[3900] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                                                0000000076ef6d20 5 bytes JMP 00000001001a075c
.text     C:\Windows\ehome\ehsched.exe[3900] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                                                  0000000076f13bd0 5 bytes JMP 00000001001a03a4
.text     C:\Windows\ehome\ehsched.exe[3900] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                                                     0000000076f26ff0 5 bytes JMP 00000001001a0b14
.text     C:\Windows\ehome\ehsched.exe[3900] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                                                         0000000076f27050 5 bytes JMP 00000001001a0ecc
.text     C:\Windows\ehome\ehsched.exe[3900] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                          0000000076f27130 5 bytes JMP 00000001001a163c
.text     C:\Windows\ehome\ehsched.exe[3900] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                                                      0000000076f27370 5 bytes JMP 00000001001a1284
.text     C:\Windows\ehome\ehsched.exe[3900] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                          0000000076f28330 5 bytes JMP 00000001001a19f4
.text     C:\Windows\ehome\ehRecvr.exe[1028] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                                                0000000076ef6d20 5 bytes JMP 000000010012075c
.text     C:\Windows\ehome\ehRecvr.exe[1028] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                                                  0000000076f13bd0 5 bytes JMP 00000001001203a4
.text     C:\Windows\ehome\ehRecvr.exe[1028] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                                                     0000000076f26ff0 5 bytes JMP 0000000100120b14
.text     C:\Windows\ehome\ehRecvr.exe[1028] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                                                         0000000076f27050 5 bytes JMP 0000000100120ecc
.text     C:\Windows\ehome\ehRecvr.exe[1028] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                          0000000076f27130 5 bytes JMP 000000010012163c
.text     C:\Windows\ehome\ehRecvr.exe[1028] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                                                      0000000076f27370 5 bytes JMP 0000000100121284
.text     C:\Windows\ehome\ehRecvr.exe[1028] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                          0000000076f28330 5 bytes JMP 00000001001219f4
.text     C:\Windows\ehome\ehRecvr.exe[1028] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194                                                                     0000000076c12c52 1 byte [62]
.text     C:\Windows\splwow64.exe[4532] C:\Windows\system32\ntdll.dll!LdrUnloadDll                                                                                     0000000076ef6d20 5 bytes JMP 00000001006b075c
.text     C:\Windows\splwow64.exe[4532] C:\Windows\system32\ntdll.dll!LdrLoadDll                                                                                       0000000076f13bd0 5 bytes JMP 00000001006b03a4
.text     C:\Windows\splwow64.exe[4532] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory                                                                          0000000076f26ff0 5 bytes JMP 00000001006b0b14
.text     C:\Windows\splwow64.exe[4532] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory                                                                              0000000076f27050 5 bytes JMP 00000001006b0ecc
.text     C:\Windows\splwow64.exe[4532] C:\Windows\system32\ntdll.dll!NtTerminateProcess                                                                               0000000076f27130 5 bytes JMP 00000001006b163c
.text     C:\Windows\splwow64.exe[4532] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory                                                                           0000000076f27370 5 bytes JMP 00000001006b1284
.text     C:\Windows\splwow64.exe[4532] C:\Windows\system32\ntdll.dll!NtSetContextThread                                                                               0000000076f28330 5 bytes JMP 00000001006b19f4
.text     C:\Windows\splwow64.exe[4532] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194                                                                          0000000076c12c52 1 byte [62]
.text     C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4572] C:\Windows\system32\ADVAPI32.dll!SetServiceObjectSecurity  000007fefdad8250 5 bytes JMP 000007ff7db61dac
.text     C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4572] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA      000007fefdad89a0 5 bytes JMP 000007ff7db60ecc
.text     C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4572] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW      000007fefdad8cc0 5 bytes JMP 000007ff7db61284
.text     C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4572] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfig2A     000007fefdad8e58 5 bytes JMP 000007ff7db6163c
.text     C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4572] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfig2W     000007fefdad9010 5 bytes JMP 000007ff7db619f4
.text     C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4572] C:\Windows\system32\ADVAPI32.dll!CreateServiceA            000007fefdad90d8 5 bytes JMP 000007ff7db603a4
.text     C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4572] C:\Windows\system32\ADVAPI32.dll!CreateServiceW            000007fefdad9420 5 bytes JMP 000007ff7db6075c
.text     C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4572] C:\Windows\system32\ADVAPI32.dll!DeleteService             000007fefdad95e8 5 bytes JMP 000007ff7db60b14
.text     C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe[5708] C:\Windows\system32\ntdll.dll!LdrUnloadDll                     0000000076ef6d20 5 bytes JMP 00000001002a075c
.text     C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe[5708] C:\Windows\system32\ntdll.dll!LdrLoadDll                       0000000076f13bd0 5 bytes JMP 00000001002a03a4
.text     C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe[5708] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory          0000000076f26ff0 5 bytes JMP 00000001002a0b14
.text     C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe[5708] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory              0000000076f27050 5 bytes JMP 00000001002a0ecc
.text     C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe[5708] C:\Windows\system32\ntdll.dll!NtTerminateProcess               0000000076f27130 5 bytes JMP 00000001002a163c
.text     C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe[5708] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory           0000000076f27370 5 bytes JMP 00000001002a1284
.text     C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe[5708] C:\Windows\system32\ntdll.dll!NtSetContextThread               0000000076f28330 5 bytes JMP 00000001002a19f4
.text     C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe[5708] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194          0000000076c12c52 1 byte [62]
.text     C:\Users\Benutzer1\Downloads\gmer_2.1.19155.exe[2344] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130                                                  0000000075d94228 1 byte [62]

---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                             suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                             suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                             suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                             suspicious modification

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\SearchIndexer.exe [2268:2716]                                                                                                            000007fef81f39f0

---- EOF - GMER 2.1 ----
         
und mbar (keine Funde, deswegen kein cleanup und kein Neustart):
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.16.11

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Benutzer10 :: PC [administrator]

16.03.2013 23:00:05
mbar-log-2013-03-16 (23-00-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28804
Time elapsed: 12 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Eine Anmerkung noch: obwohl der Haken bei systemstart immer noch nicht gesetzt werden kann ist Avast nun (nach Neuinstallation) nach dem Start ohne Zutun aktiv.

Viele Grüße
jareb

Alt 17.03.2013, 16:15   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 23.03.2013, 13:21   #13
jareb
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Hallo cosinus,

war ein paar Tage ausser Landes, deswegen gehts erst heute weiter.

Ich habe die aswMBR.exe als Administrator ausgeführt und einen Abbruch bekommen; den Screenshot hänge ich Dir an.
Hinweis: in der "aswMBR.exe Anleitung" steht das man das Antivirenprogram deaktivieren soll, also habe ich alle Avast!-Schutzprogramme angehalten.

Habe ich etwas falsch gemacht?

Viele Grüße,
jareb
Miniaturansicht angehängter Grafiken
-abbruch-aswmbr.exe.jpg  

Alt 23.03.2013, 16:56   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Der Screenshot reicht erstma, mach bitte mit dem anderen Tool weiter
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 23.03.2013, 17:11   #15
jareb
 
nach Avast! Update bleibt Rechner beim Booten hängen - Standard

nach Avast! Update bleibt Rechner beim Booten hängen



Hallo cosinus,

alles klar, hier das TDSSKiller Log:
Code:
ATTFilter
17:06:19.0494 2924  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:06:19.0791 2924  ============================================================
17:06:19.0791 2924  Current date / time: 2013/03/23 17:06:19.0791
17:06:19.0791 2924  SystemInfo:
17:06:19.0791 2924  
17:06:19.0791 2924  OS Version: 6.0.6002 ServicePack: 2.0
17:06:19.0791 2924  Product type: Workstation
17:06:19.0791 2924  ComputerName: PC
17:06:19.0791 2924  UserName: Benutzer10
17:06:19.0791 2924  Windows directory: C:\Windows
17:06:19.0791 2924  System windows directory: C:\Windows
17:06:19.0791 2924  Running under WOW64
17:06:19.0791 2924  Processor architecture: Intel x64
17:06:19.0791 2924  Number of processors: 4
17:06:19.0791 2924  Page size: 0x1000
17:06:19.0791 2924  Boot type: Normal boot
17:06:19.0791 2924  ============================================================
17:06:20.0836 2924  Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:06:20.0867 2924  ============================================================
17:06:20.0867 2924  \Device\Harddisk0\DR0:
17:06:20.0867 2924  MBR partitions:
17:06:20.0867 2924  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A856800
17:06:20.0867 2924  ============================================================
17:06:20.0898 2924  C: <-> \Device\Harddisk0\DR0\Partition1
17:06:20.0898 2924  ============================================================
17:06:20.0898 2924  Initialize success
17:06:20.0898 2924  ============================================================
17:06:28.0605 4768  ============================================================
17:06:28.0605 4768  Scan started
17:06:28.0605 4768  Mode: Manual; SigCheck; TDLFS; 
17:06:28.0605 4768  ============================================================
17:06:29.0634 4768  ================ Scan system memory ========================
17:06:29.0634 4768  System memory - ok
17:06:29.0634 4768  ================ Scan services =============================
17:06:29.0759 4768  [ 78E902FB660BD5003FE726B9BEF300B6 ] 61883           C:\Windows\system32\DRIVERS\61883.sys
17:06:29.0899 4768  61883 - ok
17:06:29.0915 4768  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:06:29.0946 4768  ACPI - ok
17:06:29.0993 4768  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:06:30.0009 4768  AdobeARMservice - ok
17:06:30.0102 4768  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:06:30.0118 4768  AdobeFlashPlayerUpdateSvc - ok
17:06:30.0149 4768  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:06:30.0165 4768  adp94xx - ok
17:06:30.0180 4768  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:06:30.0211 4768  adpahci - ok
17:06:30.0227 4768  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:06:30.0243 4768  adpu160m - ok
17:06:30.0258 4768  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:06:30.0274 4768  adpu320 - ok
17:06:30.0305 4768  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:06:30.0352 4768  AeLookupSvc - ok
17:06:30.0399 4768  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
17:06:30.0430 4768  AFD - ok
17:06:30.0445 4768  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:06:30.0461 4768  agp440 - ok
17:06:30.0461 4768  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:06:30.0477 4768  aic78xx - ok
17:06:30.0492 4768  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
17:06:30.0539 4768  ALG - ok
17:06:30.0539 4768  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:06:30.0555 4768  aliide - ok
17:06:30.0586 4768  [ D45D3540C5AE2A48C6112DF03F06F374 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:06:30.0617 4768  AMD External Events Utility - ok
17:06:30.0633 4768  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
17:06:30.0648 4768  amdide - ok
17:06:30.0648 4768  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:06:30.0711 4768  AmdK8 - ok
17:06:30.0929 4768  [ 5B871F3E4A4A6C4693A413E3138B51D0 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:06:31.0272 4768  amdkmdag - ok
17:06:31.0319 4768  [ 9BE1140CE8D2C5E878F136A7B85D41B3 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:06:31.0366 4768  amdkmdap - ok
17:06:31.0381 4768  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
17:06:31.0428 4768  Appinfo - ok
17:06:31.0459 4768  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
17:06:31.0475 4768  arc - ok
17:06:31.0475 4768  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:06:31.0491 4768  arcsas - ok
17:06:31.0537 4768  [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
17:06:31.0553 4768  aswFsBlk - ok
17:06:31.0569 4768  [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
17:06:31.0584 4768  aswMonFlt - ok
17:06:31.0600 4768  [ EC4BC131437D17DD40D0243D7CB875C0 ] AswRdr          C:\Windows\system32\drivers\AswRdr.sys
17:06:31.0615 4768  AswRdr - ok
17:06:31.0615 4768  [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
17:06:31.0631 4768  aswRvrt - ok
17:06:31.0662 4768  [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
17:06:31.0725 4768  aswSnx - ok
17:06:31.0756 4768  [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
17:06:31.0787 4768  aswSP - ok
17:06:31.0803 4768  [ D62C10D1829C65115111C160EA956260 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
17:06:31.0818 4768  aswTdi - ok
17:06:31.0834 4768  [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
17:06:31.0849 4768  aswVmm - ok
17:06:31.0881 4768  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:06:31.0927 4768  AsyncMac - ok
17:06:31.0959 4768  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:06:31.0974 4768  atapi - ok
17:06:31.0990 4768  [ 917692CDF8E1CE00D9752FA40615338B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
17:06:32.0005 4768  AtiHDAudioService - ok
17:06:32.0193 4768  [ 5B871F3E4A4A6C4693A413E3138B51D0 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:06:32.0473 4768  atikmdag - ok
17:06:32.0489 4768  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:06:32.0598 4768  AudioEndpointBuilder - ok
17:06:32.0614 4768  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:06:32.0661 4768  AudioSrv - ok
17:06:32.0707 4768  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:06:32.0723 4768  avast! Antivirus - ok
17:06:32.0754 4768  [ 295FA2878FF499C0EDFA0EBCC8C6EC66 ] Avc             C:\Windows\system32\DRIVERS\avc.sys
17:06:32.0801 4768  Avc - ok
17:06:32.0848 4768  [ 044320C8073293E02D000671E1E7A592 ] AVCSTRM         C:\Windows\system32\DRIVERS\avcstrm.sys
17:06:32.0895 4768  AVCSTRM - ok
17:06:32.0926 4768  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
17:06:32.0973 4768  BFE - ok
17:06:33.0004 4768  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\System32\qmgr.dll
17:06:33.0082 4768  BITS - ok
17:06:33.0097 4768  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:06:33.0144 4768  blbdrive - ok
17:06:33.0175 4768  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:06:33.0207 4768  bowser - ok
17:06:33.0207 4768  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:06:33.0238 4768  BrFiltLo - ok
17:06:33.0253 4768  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:06:33.0285 4768  BrFiltUp - ok
17:06:33.0331 4768  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
17:06:33.0394 4768  Browser - ok
17:06:33.0409 4768  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:06:33.0472 4768  Brserid - ok
17:06:33.0487 4768  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:06:33.0550 4768  BrSerWdm - ok
17:06:33.0581 4768  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:06:33.0643 4768  BrUsbMdm - ok
17:06:33.0675 4768  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:06:33.0721 4768  BrUsbSer - ok
17:06:33.0737 4768  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:06:33.0799 4768  BTHMODEM - ok
17:06:33.0815 4768  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:06:33.0862 4768  cdfs - ok
17:06:33.0877 4768  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:06:33.0893 4768  cdrom - ok
17:06:33.0924 4768  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:06:33.0955 4768  CertPropSvc - ok
17:06:33.0971 4768  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:06:34.0002 4768  circlass - ok
17:06:34.0018 4768  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
17:06:34.0049 4768  CLFS - ok
17:06:34.0111 4768  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:06:34.0127 4768  clr_optimization_v2.0.50727_32 - ok
17:06:34.0189 4768  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:06:34.0205 4768  clr_optimization_v2.0.50727_64 - ok
17:06:34.0267 4768  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:06:34.0283 4768  clr_optimization_v4.0.30319_32 - ok
17:06:34.0314 4768  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:06:34.0330 4768  clr_optimization_v4.0.30319_64 - ok
17:06:34.0345 4768  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:06:34.0361 4768  cmdide - ok
17:06:34.0361 4768  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:06:34.0377 4768  Compbatt - ok
17:06:34.0392 4768  COMSysApp - ok
17:06:34.0423 4768  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:06:34.0439 4768  crcdisk - ok
17:06:34.0470 4768  [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:06:34.0501 4768  CryptSvc - ok
17:06:34.0533 4768  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:06:34.0595 4768  DcomLaunch - ok
17:06:34.0642 4768  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:06:34.0673 4768  DfsC - ok
17:06:34.0735 4768  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
17:06:34.0954 4768  DFSR - ok
17:06:35.0001 4768  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:06:35.0079 4768  Dhcp - ok
17:06:35.0110 4768  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
17:06:35.0125 4768  disk - ok
17:06:35.0172 4768  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:06:35.0188 4768  Dnscache - ok
17:06:35.0203 4768  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:06:35.0250 4768  dot3svc - ok
17:06:35.0281 4768  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
17:06:35.0328 4768  DPS - ok
17:06:35.0344 4768  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:06:35.0375 4768  drmkaud - ok
17:06:35.0422 4768  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:06:35.0469 4768  DXGKrnl - ok
17:06:35.0500 4768  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
17:06:35.0547 4768  E1G60 - ok
17:06:35.0562 4768  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
17:06:35.0609 4768  EapHost - ok
17:06:35.0625 4768  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:06:35.0640 4768  Ecache - ok
17:06:35.0687 4768  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:06:35.0734 4768  ehRecvr - ok
17:06:35.0749 4768  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
17:06:35.0765 4768  ehSched - ok
17:06:35.0781 4768  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
17:06:35.0796 4768  ehstart - ok
17:06:35.0812 4768  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:06:35.0859 4768  elxstor - ok
17:06:35.0874 4768  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:06:35.0905 4768  EMDMgmt - ok
17:06:35.0921 4768  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:06:35.0983 4768  ErrDev - ok
17:06:36.0030 4768  [ 5DC0914E8C6168DE7702B8E2DC140B80 ] ET5Drv          C:\Windows\ET5Drv.sys
17:06:36.0030 4768  ET5Drv - ok
17:06:36.0077 4768  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
17:06:36.0124 4768  EventSystem - ok
17:06:36.0139 4768  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:06:36.0186 4768  exfat - ok
17:06:36.0202 4768  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:06:36.0249 4768  fastfat - ok
17:06:36.0264 4768  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:06:36.0295 4768  fdc - ok
17:06:36.0311 4768  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
17:06:36.0358 4768  fdPHost - ok
17:06:36.0358 4768  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
17:06:36.0420 4768  FDResPub - ok
17:06:36.0498 4768  [ E3361B558EF5E413309BDAD6548DB472 ] FDTvCISvc       C:\Program Files\FireDTV\FireDTV MCE Plugin\FDTvCISvc.exe
17:06:36.0514 4768  FDTvCISvc ( UnsignedFile.Multi.Generic ) - warning
17:06:36.0514 4768  FDTvCISvc - detected UnsignedFile.Multi.Generic (1)
17:06:36.0514 4768  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:06:36.0529 4768  FileInfo - ok
17:06:36.0545 4768  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:06:36.0576 4768  Filetrace - ok
17:06:36.0607 4768  [ 257AE2F1457C16CDF6D95B6D56A8B169 ] Firesat_Dvbc    C:\Windows\system32\DRIVERS\FireDTV_BDA_DVBC_MCE_x64.sys
17:06:36.0623 4768  Firesat_Dvbc - ok
17:06:36.0639 4768  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:06:36.0670 4768  flpydisk - ok
17:06:36.0701 4768  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:06:36.0732 4768  FltMgr - ok
17:06:36.0779 4768  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache       C:\Windows\system32\FntCache.dll
17:06:36.0873 4768  FontCache - ok
17:06:36.0935 4768  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:06:36.0951 4768  FontCache3.0.0.0 - ok
17:06:36.0982 4768  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:06:37.0013 4768  Fs_Rec - ok
17:06:37.0013 4768  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:06:37.0029 4768  gagp30kx - ok
17:06:37.0060 4768  [ F51FB25E1328FA14F446A8B24AC52709 ] gdrv            C:\Windows\gdrv.sys
17:06:37.0060 4768  gdrv - ok
17:06:37.0091 4768  [ A73082BAB773171B34D656609C6D5854 ] GEST Service    C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe
17:06:37.0107 4768  GEST Service - ok
17:06:37.0138 4768  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:06:37.0185 4768  gpsvc - ok
17:06:37.0216 4768  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:06:37.0231 4768  HdAudAddService - ok
17:06:37.0263 4768  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:06:37.0309 4768  HDAudBus - ok
17:06:37.0325 4768  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:06:37.0387 4768  HidBth - ok
17:06:37.0387 4768  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:06:37.0450 4768  HidIr - ok
17:06:37.0465 4768  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\system32\hidserv.dll
17:06:37.0497 4768  hidserv - ok
17:06:37.0528 4768  [ D02C82CB3A20F391C8AEFF94E8E0BAA1 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:06:37.0575 4768  HidUsb - ok
17:06:37.0606 4768  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:06:37.0637 4768  hkmsvc - ok
17:06:37.0653 4768  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:06:37.0668 4768  HpCISSs - ok
17:06:37.0715 4768  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:06:37.0762 4768  HTTP - ok
17:06:37.0793 4768  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:06:37.0793 4768  i2omp - ok
17:06:37.0809 4768  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:06:37.0855 4768  i8042prt - ok
17:06:37.0871 4768  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:06:37.0887 4768  iaStorV - ok
17:06:37.0949 4768  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:06:37.0996 4768  idsvc - ok
17:06:38.0011 4768  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:06:38.0027 4768  iirsp - ok
17:06:38.0043 4768  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
17:06:38.0105 4768  IKEEXT - ok
17:06:38.0152 4768  [ 197EBB23CAAC8A29A5F166D186C5A117 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:06:38.0230 4768  IntcAzAudAddService - ok
17:06:38.0261 4768  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
17:06:38.0277 4768  intelide - ok
17:06:38.0292 4768  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:06:38.0339 4768  intelppm - ok
17:06:38.0370 4768  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:06:38.0401 4768  IPBusEnum - ok
17:06:38.0417 4768  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:06:38.0464 4768  IpFilterDriver - ok
17:06:38.0495 4768  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:06:38.0526 4768  iphlpsvc - ok
17:06:38.0526 4768  IpInIp - ok
17:06:38.0542 4768  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:06:38.0573 4768  IPMIDRV - ok
17:06:38.0589 4768  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:06:38.0651 4768  IPNAT - ok
17:06:38.0651 4768  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:06:38.0713 4768  IRENUM - ok
17:06:38.0729 4768  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:06:38.0745 4768  isapnp - ok
17:06:38.0760 4768  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:06:38.0776 4768  iScsiPrt - ok
17:06:38.0791 4768  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:06:38.0807 4768  iteatapi - ok
17:06:38.0823 4768  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:06:38.0838 4768  iteraid - ok
17:06:38.0869 4768  [ 98E7D6164EBA27EF25835F95910E622C ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
17:06:38.0885 4768  JRAID - ok
17:06:38.0901 4768  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:06:38.0916 4768  kbdclass - ok
17:06:38.0932 4768  [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:06:38.0979 4768  kbdhid - ok
17:06:39.0010 4768  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
17:06:39.0025 4768  KeyIso - ok
17:06:39.0057 4768  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:06:39.0088 4768  KSecDD - ok
17:06:39.0119 4768  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:06:39.0166 4768  ksthunk - ok
17:06:39.0181 4768  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:06:39.0244 4768  KtmRm - ok
17:06:39.0306 4768  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:06:39.0353 4768  LanmanServer - ok
17:06:39.0400 4768  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:06:39.0415 4768  LanmanWorkstation - ok
17:06:39.0447 4768  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:06:39.0493 4768  lltdio - ok
17:06:39.0509 4768  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:06:39.0556 4768  lltdsvc - ok
17:06:39.0556 4768  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:06:39.0603 4768  lmhosts - ok
17:06:39.0618 4768  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:06:39.0634 4768  LSI_FC - ok
17:06:39.0634 4768  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:06:39.0649 4768  LSI_SAS - ok
17:06:39.0665 4768  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:06:39.0681 4768  LSI_SCSI - ok
17:06:39.0696 4768  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:06:39.0727 4768  luafv - ok
17:06:39.0759 4768  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:06:39.0774 4768  Mcx2Svc - ok
17:06:39.0790 4768  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
17:06:39.0805 4768  megasas - ok
17:06:39.0837 4768  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
17:06:39.0868 4768  MegaSR - ok
17:06:39.0915 4768  Microsoft SharePoint Workspace Audit Service - ok
17:06:39.0930 4768  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
17:06:39.0977 4768  MMCSS - ok
17:06:39.0993 4768  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
17:06:40.0039 4768  Modem - ok
17:06:40.0039 4768  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:06:40.0086 4768  monitor - ok
17:06:40.0086 4768  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:06:40.0102 4768  mouclass - ok
17:06:40.0117 4768  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:06:40.0133 4768  mouhid - ok
17:06:40.0149 4768  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:06:40.0164 4768  MountMgr - ok
17:06:40.0180 4768  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:06:40.0195 4768  MozillaMaintenance - ok
17:06:40.0227 4768  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:06:40.0227 4768  mpio - ok
17:06:40.0242 4768  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:06:40.0273 4768  mpsdrv - ok
17:06:40.0289 4768  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:06:40.0320 4768  MpsSvc - ok
17:06:40.0336 4768  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:06:40.0351 4768  Mraid35x - ok
17:06:40.0351 4768  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:06:40.0383 4768  MRxDAV - ok
17:06:40.0429 4768  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:06:40.0461 4768  mrxsmb - ok
17:06:40.0476 4768  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:06:40.0492 4768  mrxsmb10 - ok
17:06:40.0523 4768  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:06:40.0539 4768  mrxsmb20 - ok
17:06:40.0554 4768  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
17:06:40.0570 4768  msahci - ok
17:06:40.0585 4768  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:06:40.0601 4768  msdsm - ok
17:06:40.0617 4768  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
17:06:40.0663 4768  MSDTC - ok
17:06:40.0679 4768  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:06:40.0710 4768  Msfs - ok
17:06:40.0726 4768  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:06:40.0741 4768  msisadrv - ok
17:06:40.0757 4768  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:06:40.0804 4768  MSiSCSI - ok
17:06:40.0804 4768  msiserver - ok
17:06:40.0819 4768  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:06:40.0851 4768  MSKSSRV - ok
17:06:40.0866 4768  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:06:40.0897 4768  MSPCLOCK - ok
17:06:40.0913 4768  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:06:40.0944 4768  MSPQM - ok
17:06:40.0975 4768  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:06:41.0007 4768  MsRPC - ok
17:06:41.0022 4768  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:06:41.0038 4768  mssmbios - ok
17:06:41.0038 4768  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:06:41.0085 4768  MSTEE - ok
17:06:41.0100 4768  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:06:41.0116 4768  Mup - ok
17:06:41.0147 4768  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
17:06:41.0194 4768  napagent - ok
17:06:41.0241 4768  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:06:41.0272 4768  NativeWifiP - ok
17:06:41.0319 4768  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:06:41.0350 4768  NDIS - ok
17:06:41.0365 4768  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:06:41.0397 4768  NdisTapi - ok
17:06:41.0412 4768  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:06:41.0459 4768  Ndisuio - ok
17:06:41.0475 4768  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:06:41.0506 4768  NdisWan - ok
17:06:41.0521 4768  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:06:41.0537 4768  NDProxy - ok
17:06:41.0553 4768  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:06:41.0615 4768  NetBIOS - ok
17:06:41.0631 4768  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:06:41.0662 4768  netbt - ok
17:06:41.0677 4768  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
17:06:41.0693 4768  Netlogon - ok
17:06:41.0724 4768  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
17:06:41.0787 4768  Netman - ok
17:06:41.0802 4768  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
17:06:41.0849 4768  netprofm - ok
17:06:41.0865 4768  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:06:41.0880 4768  NetTcpPortSharing - ok
17:06:41.0880 4768  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:06:41.0896 4768  nfrd960 - ok
17:06:41.0911 4768  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:06:41.0958 4768  NlaSvc - ok
17:06:41.0974 4768  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:06:42.0005 4768  Npfs - ok
17:06:42.0021 4768  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
17:06:42.0052 4768  nsi - ok
17:06:42.0067 4768  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:06:42.0114 4768  nsiproxy - ok
17:06:42.0161 4768  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:06:42.0223 4768  Ntfs - ok
17:06:42.0239 4768  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
17:06:42.0286 4768  Null - ok
17:06:42.0301 4768  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:06:42.0317 4768  nvraid - ok
17:06:42.0333 4768  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:06:42.0348 4768  nvstor - ok
17:06:42.0348 4768  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:06:42.0364 4768  nv_agp - ok
17:06:42.0364 4768  NwlnkFlt - ok
17:06:42.0379 4768  NwlnkFwd - ok
17:06:42.0395 4768  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:06:42.0426 4768  ohci1394 - ok
17:06:42.0504 4768  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:06:42.0520 4768  ose - ok
17:06:42.0645 4768  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:06:42.0832 4768  osppsvc - ok
17:06:42.0894 4768  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:06:42.0988 4768  p2pimsvc - ok
17:06:43.0019 4768  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
17:06:43.0066 4768  p2psvc - ok
17:06:43.0159 4768  [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:06:43.0191 4768  Parport - ok
17:06:43.0222 4768  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:06:43.0237 4768  partmgr - ok
17:06:43.0269 4768  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:06:43.0284 4768  PcaSvc - ok
17:06:43.0300 4768  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
17:06:43.0315 4768  pci - ok
17:06:43.0331 4768  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:06:43.0347 4768  pciide - ok
17:06:43.0362 4768  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:06:43.0393 4768  pcmcia - ok
17:06:43.0471 4768  [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
17:06:43.0534 4768  PDF Architect Helper Service - ok
17:06:43.0549 4768  [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
17:06:43.0596 4768  PDF Architect Service - ok
17:06:43.0612 4768  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:06:43.0737 4768  PEAUTH - ok
17:06:43.0815 4768  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:06:43.0846 4768  PerfHost - ok
17:06:43.0893 4768  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
17:06:44.0002 4768  pla - ok
17:06:44.0017 4768  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:06:44.0064 4768  PlugPlay - ok
17:06:44.0080 4768  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:06:44.0142 4768  PNRPAutoReg - ok
17:06:44.0158 4768  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:06:44.0189 4768  PNRPsvc - ok
17:06:44.0220 4768  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:06:44.0283 4768  PolicyAgent - ok
17:06:44.0314 4768  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:06:44.0345 4768  PptpMiniport - ok
17:06:44.0361 4768  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
17:06:44.0407 4768  Processor - ok
17:06:44.0439 4768  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
17:06:44.0470 4768  ProfSvc - ok
17:06:44.0470 4768  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:06:44.0501 4768  ProtectedStorage - ok
17:06:44.0532 4768  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:06:44.0563 4768  PSched - ok
17:06:44.0610 4768  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
17:06:44.0626 4768  PSI - ok
17:06:44.0657 4768  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:06:44.0719 4768  ql2300 - ok
17:06:44.0751 4768  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:06:44.0766 4768  ql40xx - ok
17:06:44.0782 4768  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
17:06:44.0813 4768  QWAVE - ok
17:06:44.0829 4768  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:06:44.0844 4768  QWAVEdrv - ok
17:06:44.0844 4768  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:06:44.0891 4768  RasAcd - ok
17:06:44.0907 4768  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
17:06:44.0938 4768  RasAuto - ok
17:06:44.0969 4768  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:06:45.0000 4768  Rasl2tp - ok
17:06:45.0016 4768  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
17:06:45.0047 4768  RasMan - ok
17:06:45.0063 4768  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:06:45.0094 4768  RasPppoe - ok
17:06:45.0109 4768  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:06:45.0125 4768  RasSstp - ok
17:06:45.0141 4768  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:06:45.0187 4768  rdbss - ok
17:06:45.0203 4768  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:06:45.0234 4768  RDPCDD - ok
17:06:45.0250 4768  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:06:45.0297 4768  rdpdr - ok
17:06:45.0312 4768  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:06:45.0359 4768  RDPENCDD - ok
17:06:45.0375 4768  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:06:45.0406 4768  RDPWD - ok
17:06:45.0437 4768  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:06:45.0484 4768  RemoteAccess - ok
17:06:45.0515 4768  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:06:45.0546 4768  RemoteRegistry - ok
17:06:45.0546 4768  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
17:06:45.0577 4768  RpcLocator - ok
17:06:45.0593 4768  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
17:06:45.0640 4768  RpcSs - ok
17:06:45.0655 4768  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:06:45.0702 4768  rspndr - ok
17:06:45.0733 4768  [ 98A07845F5F2B2FEB63B5407E18F6FFF ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
17:06:45.0765 4768  RTL8169 - ok
17:06:45.0780 4768  [ CC1EB2C98D86EEE3153DC9A1DC576BC1 ] RTTEAMPT        C:\Windows\system32\DRIVERS\RtTeam60.sys
17:06:45.0796 4768  RTTEAMPT - ok
17:06:45.0811 4768  [ 8B6B42D782202363A562F82B0E13B1C0 ] RTVLANPT        C:\Windows\system32\DRIVERS\RtVlan60.sys
17:06:45.0827 4768  RTVLANPT - ok
17:06:45.0843 4768  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
17:06:45.0858 4768  SamSs - ok
17:06:45.0889 4768  [ 8C8862DC7417D89B375492C981C491F7 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
17:06:45.0905 4768  sbp2port - ok
17:06:45.0921 4768  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:06:45.0967 4768  SCardSvr - ok
17:06:46.0014 4768  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
17:06:46.0077 4768  Schedule - ok
17:06:46.0108 4768  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:06:46.0139 4768  SCPolicySvc - ok
17:06:46.0155 4768  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:06:46.0186 4768  SDRSVC - ok
17:06:46.0201 4768  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:06:46.0264 4768  secdrv - ok
17:06:46.0279 4768  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
17:06:46.0311 4768  seclogon - ok
17:06:46.0373 4768  [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
17:06:46.0435 4768  Secunia PSI Agent - ok
17:06:46.0467 4768  [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
17:06:46.0498 4768  Secunia Update Agent - ok
17:06:46.0529 4768  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
17:06:46.0591 4768  SENS - ok
17:06:46.0607 4768  [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:06:46.0654 4768  Serenum - ok
17:06:46.0669 4768  [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:06:46.0716 4768  Serial - ok
17:06:46.0716 4768  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:06:46.0763 4768  sermouse - ok
17:06:46.0794 4768  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:06:46.0841 4768  SessionEnv - ok
17:06:46.0841 4768  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:06:46.0872 4768  sffdisk - ok
17:06:46.0872 4768  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:06:46.0919 4768  sffp_mmc - ok
17:06:46.0919 4768  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:06:46.0966 4768  sffp_sd - ok
17:06:46.0966 4768  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:06:47.0013 4768  sfloppy - ok
17:06:47.0044 4768  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:06:47.0091 4768  SharedAccess - ok
17:06:47.0137 4768  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:06:47.0169 4768  ShellHWDetection - ok
17:06:47.0169 4768  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:06:47.0184 4768  SiSRaid2 - ok
17:06:47.0200 4768  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:06:47.0215 4768  SiSRaid4 - ok
17:06:47.0262 4768  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
17:06:47.0356 4768  slsvc - ok
17:06:47.0371 4768  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:06:47.0418 4768  SLUINotify - ok
17:06:47.0449 4768  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:06:47.0481 4768  Smb - ok
17:06:47.0512 4768  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:06:47.0574 4768  SNMPTRAP - ok
17:06:47.0574 4768  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
17:06:47.0590 4768  spldr - ok
17:06:47.0637 4768  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
17:06:47.0668 4768  Spooler - ok
17:06:47.0715 4768  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:06:47.0761 4768  srv - ok
17:06:47.0793 4768  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:06:47.0808 4768  srv2 - ok
17:06:47.0824 4768  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:06:47.0855 4768  srvnet - ok
17:06:47.0871 4768  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:06:47.0933 4768  SSDPSRV - ok
17:06:47.0949 4768  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:06:47.0964 4768  SstpSvc - ok
17:06:47.0980 4768  Steam Client Service - ok
17:06:48.0027 4768  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
17:06:48.0073 4768  stisvc - ok
17:06:48.0089 4768  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:06:48.0105 4768  swenum - ok
17:06:48.0151 4768  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
17:06:48.0229 4768  swprv - ok
17:06:48.0245 4768  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:06:48.0261 4768  Symc8xx - ok
17:06:48.0276 4768  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:06:48.0292 4768  Sym_hi - ok
17:06:48.0307 4768  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:06:48.0323 4768  Sym_u3 - ok
17:06:48.0354 4768  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
17:06:48.0401 4768  SysMain - ok
17:06:48.0448 4768  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:06:48.0463 4768  TabletInputService - ok
17:06:48.0495 4768  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:06:48.0526 4768  TapiSrv - ok
17:06:48.0541 4768  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
17:06:48.0604 4768  TBS - ok
17:06:48.0635 4768  [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:06:48.0697 4768  Tcpip - ok
17:06:48.0729 4768  [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:06:48.0760 4768  Tcpip6 - ok
17:06:48.0807 4768  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:06:48.0838 4768  tcpipreg - ok
17:06:48.0869 4768  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:06:48.0931 4768  TDPIPE - ok
17:06:48.0963 4768  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:06:49.0025 4768  TDTCP - ok
17:06:49.0041 4768  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:06:49.0072 4768  tdx - ok
17:06:49.0087 4768  [ CC1EB2C98D86EEE3153DC9A1DC576BC1 ] TEAM            C:\Windows\system32\DRIVERS\RtTeam60.sys
17:06:49.0103 4768  TEAM - ok
17:06:49.0103 4768  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:06:49.0119 4768  TermDD - ok
17:06:49.0150 4768  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
17:06:49.0212 4768  TermService - ok
17:06:49.0243 4768  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
17:06:49.0259 4768  Themes - ok
17:06:49.0275 4768  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:06:49.0306 4768  THREADORDER - ok
17:06:49.0321 4768  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
17:06:49.0368 4768  TrkWks - ok
17:06:49.0384 4768  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:06:49.0431 4768  TrustedInstaller - ok
17:06:49.0431 4768  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:06:49.0477 4768  tssecsrv - ok
17:06:49.0509 4768  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:06:49.0524 4768  tunnel - ok
17:06:49.0540 4768  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:06:49.0555 4768  uagp35 - ok
17:06:49.0571 4768  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:06:49.0602 4768  udfs - ok
17:06:49.0618 4768  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:06:49.0649 4768  UI0Detect - ok
17:06:49.0665 4768  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:06:49.0680 4768  uliagpkx - ok
17:06:49.0696 4768  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:06:49.0711 4768  uliahci - ok
17:06:49.0727 4768  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:06:49.0743 4768  UlSata - ok
17:06:49.0758 4768  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:06:49.0774 4768  ulsata2 - ok
17:06:49.0789 4768  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:06:49.0821 4768  umbus - ok
17:06:49.0836 4768  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
17:06:49.0883 4768  upnphost - ok
17:06:49.0930 4768  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:06:49.0961 4768  usbccgp - ok
17:06:49.0977 4768  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:06:50.0039 4768  usbcir - ok
17:06:50.0055 4768  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:06:50.0101 4768  usbehci - ok
17:06:50.0101 4768  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:06:50.0133 4768  usbhub - ok
17:06:50.0164 4768  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:06:50.0226 4768  usbohci - ok
17:06:50.0242 4768  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:06:50.0289 4768  usbprint - ok
17:06:50.0320 4768  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:06:50.0351 4768  usbscan - ok
17:06:50.0398 4768  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:06:50.0429 4768  USBSTOR - ok
17:06:50.0445 4768  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:06:50.0476 4768  usbuhci - ok
17:06:50.0491 4768  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
17:06:50.0538 4768  UxSms - ok
17:06:50.0569 4768  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
17:06:50.0616 4768  vds - ok
17:06:50.0632 4768  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:06:50.0663 4768  vga - ok
17:06:50.0679 4768  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:06:50.0710 4768  VgaSave - ok
17:06:50.0725 4768  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
17:06:50.0741 4768  viaide - ok
17:06:50.0757 4768  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:06:50.0772 4768  volmgr - ok
17:06:50.0788 4768  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:06:50.0819 4768  volmgrx - ok
17:06:50.0850 4768  [ 582F710097B46140F5A89A19A6573D4B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:06:50.0881 4768  volsnap - ok
17:06:50.0897 4768  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:06:50.0913 4768  vsmraid - ok
17:06:50.0944 4768  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
17:06:51.0084 4768  VSS - ok
17:06:51.0115 4768  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
17:06:51.0193 4768  W32Time - ok
17:06:51.0209 4768  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:06:51.0287 4768  WacomPen - ok
17:06:51.0303 4768  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:06:51.0334 4768  Wanarp - ok
17:06:51.0349 4768  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:06:51.0365 4768  Wanarpv6 - ok
17:06:51.0381 4768  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:06:51.0427 4768  wcncsvc - ok
17:06:51.0443 4768  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:06:51.0490 4768  WcsPlugInService - ok
17:06:51.0505 4768  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
17:06:51.0521 4768  Wd - ok
17:06:51.0568 4768  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:06:51.0599 4768  Wdf01000 - ok
17:06:51.0615 4768  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:06:51.0661 4768  WdiServiceHost - ok
17:06:51.0661 4768  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:06:51.0708 4768  WdiSystemHost - ok
17:06:51.0739 4768  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
17:06:51.0771 4768  WebClient - ok
17:06:51.0802 4768  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:06:51.0833 4768  Wecsvc - ok
17:06:51.0849 4768  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:06:51.0880 4768  wercplsupport - ok
17:06:51.0895 4768  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
17:06:51.0942 4768  WerSvc - ok
17:06:51.0942 4768  WinDefend - ok
17:06:51.0958 4768  WinHttpAutoProxySvc - ok
17:06:51.0989 4768  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:06:52.0036 4768  Winmgmt - ok
17:06:52.0114 4768  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:06:52.0176 4768  WinRM - ok
17:06:52.0239 4768  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:06:52.0317 4768  Wlansvc - ok
17:06:52.0332 4768  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:06:52.0363 4768  WmiAcpi - ok
17:06:52.0379 4768  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:06:52.0410 4768  wmiApSrv - ok
17:06:52.0426 4768  WMPNetworkSvc - ok
17:06:52.0457 4768  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:06:52.0473 4768  WPCSvc - ok
17:06:52.0504 4768  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:06:52.0535 4768  WPDBusEnum - ok
17:06:52.0660 4768  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:06:52.0707 4768  WPFFontCache_v0400 - ok
17:06:52.0738 4768  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:06:52.0785 4768  ws2ifsl - ok
17:06:52.0800 4768  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\System32\wscsvc.dll
17:06:52.0816 4768  wscsvc - ok
17:06:52.0816 4768  WSearch - ok
17:06:52.0878 4768  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:06:52.0956 4768  wuauserv - ok
17:06:53.0003 4768  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:06:53.0034 4768  WudfPf - ok
17:06:53.0050 4768  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:06:53.0065 4768  WUDFRd - ok
17:06:53.0065 4768  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:06:53.0097 4768  wudfsvc - ok
17:06:53.0112 4768  ================ Scan global ===============================
17:06:53.0175 4768  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:06:53.0206 4768  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:06:53.0206 4768  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:06:53.0237 4768  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
17:06:53.0253 4768  [Global] - ok
17:06:53.0253 4768  ================ Scan MBR ==================================
17:06:53.0268 4768  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:06:53.0518 4768  \Device\Harddisk0\DR0 - ok
17:06:53.0518 4768  ================ Scan VBR ==================================
17:06:53.0518 4768  [ 7EAE5E2B99DDE1DCF156A3A18AA7ABBD ] \Device\Harddisk0\DR0\Partition1
17:06:53.0518 4768  \Device\Harddisk0\DR0\Partition1 - ok
17:06:53.0518 4768  ============================================================
17:06:53.0518 4768  Scan finished
17:06:53.0518 4768  ============================================================
17:06:53.0518 4024  Detected object count: 1
17:06:53.0518 4024  Actual detected object count: 1
17:07:14.0703 4024  FDTvCISvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:14.0703 4024  FDTvCISvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:07:22.0331 2016  Deinitialize success
         
Viele Grüße
jareb

Antwort

Themen zu nach Avast! Update bleibt Rechner beim Booten hängen
alternative, antivirenprogramm, avast, bildschirm, booten, funktioniert, gen, hängen, infektion, internet, klicke, laden, neuinstallation, problem, programm, programme, rechner, sp2, starten, system, systemprozess, systemstart, update, vista, windows



Ähnliche Themen: nach Avast! Update bleibt Rechner beim Booten hängen


  1. WIN7 Prof nach Java Up 8 /51 bleibt beim Start hängen Raid1
    Alles rund um Windows - 26.07.2015 (3)
  2. Windows 7: System wird langsam, Rechner bleibt beim Herunterfahren manchmal hängen
    Log-Analyse und Auswertung - 24.06.2015 (13)
  3. spybot: Barowwsoe2Save MalewareC; aswMBR bleibt hängen, wenn ich avast update
    Log-Analyse und Auswertung - 06.07.2013 (11)
  4. WIN XP bleibt beim Runterfahren hängen
    Alles rund um Windows - 08.04.2013 (9)
  5. Windows XP Pro bleibt nach Virenbekämpfung beim hochfahren hängen
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  6. Bluescreen beim Booten nach Windows Update
    Alles rund um Windows - 14.08.2011 (3)
  7. Beim booten bleibt die Windows-Firewall deaktiviert.
    Alles rund um Windows - 10.11.2009 (1)
  8. Rechner startet einfach neu und bleibt hängen
    Log-Analyse und Auswertung - 25.10.2009 (2)
  9. Pc bleibt beim Ladebalken hängen
    Log-Analyse und Auswertung - 26.04.2009 (0)
  10. PC langsamer internet pc beim neustart bleibt hängen
    Log-Analyse und Auswertung - 07.03.2009 (9)
  11. Rechner bleibt bei Trojanersuche hängen
    Log-Analyse und Auswertung - 08.10.2008 (1)
  12. Rechner bleibt hängen /friert ein ... leider hab ich nur wenig Ahnung
    Log-Analyse und Auswertung - 10.07.2008 (1)
  13. Rechner bleibt hängen immer wieder
    Log-Analyse und Auswertung - 09.04.2008 (3)
  14. Rechner bleibt hängen
    Log-Analyse und Auswertung - 22.01.2008 (1)
  15. AdAware bleibt beim Scannen hängen
    Log-Analyse und Auswertung - 10.08.2006 (2)
  16. Mein Pc bleibt beim Starten hängen..
    Log-Analyse und Auswertung - 23.01.2005 (7)
  17. Rechner bleibt beim Portscan hängen...
    Antiviren-, Firewall- und andere Schutzprogramme - 03.02.2003 (0)

Zum Thema nach Avast! Update bleibt Rechner beim Booten hängen - Hallo Board, nach schwerer Infektion habe ich nach Neuinstallation auf meinem System (Vista 64Bit, SP2) Avast! als Antivirenprogramm installiert. Bis vor kurzem ist es auch gelaufen, nun nach einem Update - nach Avast! Update bleibt Rechner beim Booten hängen...
Archiv
Du betrachtest: nach Avast! Update bleibt Rechner beim Booten hängen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.