Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner blockiert Windows start

Trojaner blockiert Windows start


Plagegeister aller Art und deren Bekämpfung: Trojaner blockiert Windows start

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 25.07.2012, 16:17   #1
Spatz89
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


Hallo,
ich habe folgendes Problem.
Ich war im Internet unterwegs. Plötzlich bekomm ich eine Virenmeldung und gleich darauf wurde der Bildschirm schwarz nur die unten angezeigte grafik war noch zu sehen.
Man kann nicht Mit der Maus oder Tastertur irgent was mehr machen und auch Taskmanager schließt sich wieder sofort.
Nach einen neustart sieht es nicht anders aus windows startet zwar aber nachdem man sich anmelden muss das gleiche wieder.
Es macht auch kein unterschied ob Abgesicherter modus oder nicht.

Ich hoffe ihr könnt mir da irgentwie weiterhelfen.

PS: Ich kann kein OTL Scan machen weil wie gesagt außer der Grafik nix mehr machen kann.
Miniaturansicht angehängter Grafiken
Trojaner blockiert Windows start-grafik-screenshot.jpg  

Alt 25.07.2012, 16:42   #2
t'john
/// Helfer-Team
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start




Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:


Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
__________________

__________________
Alt 25.07.2012, 17:36   #3
Spatz89
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


Erst mal danke für die schnelle Antwort.

Leider komme ich damit nicht viel weiter.
Denn wenn ich das boote dann kommt ein Ladebalken wo REATOGO-X-PE angezeigt wird.
Und Windows will dann auch booten aber sobald das Windows zeichen kommt gibt es ein Bluescreen mit folgendem Fehler.
*** STOP: 0x0000007B (0xF78DA528, 0xC0000034, 0x00000000, 0x00000000)

AHCI ist im Bios aktive kommt deswegen der Bluescreen?
__________________
Alt 25.07.2012, 17:44   #4
t'john
/// Helfer-Team
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


Zitat:
AHCI ist im Bios aktive kommt deswegen der Bluescreen?
Richtig!

Bitte auf IDE stellen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.07.2012, 18:27   #5
Spatz89
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


Hat geklappt hier sind sie.
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/26/2012 3:14:48 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.40 Mb Free Space | 75.41% Space Free | Partition Type: NTFS
Drive E: | 1811.92 Gb Total Space | 1641.90 Gb Free Space | 90.62% Space Free | Partition Type: NTFS
Drive F: | 50.00 Gb Total Space | 30.48 Gb Free Space | 60.95% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (All) ==========
 
SRV:64bit: - [2012/07/03 10:41:12 | 000,168,864 | ---- | M] () [Auto] -- E:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2012/05/04 18:19:30 | 000,889,664 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\lsass.exe -- (VaultSvc)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\lsass.exe -- (SamSs)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\lsass.exe -- (Netlogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\lsass.exe -- (KeyIso)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\lsass.exe -- (EFS)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- E:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/07/13 22:23:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2011/05/04 01:19:28 | 000,591,872 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV:64bit: - [2011/03/29 00:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto] -- E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2011/02/19 08:05:15 | 001,139,200 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\FntCache.dll -- (FontCache)
SRV:64bit: - [2010/11/20 23:25:14 | 001,504,256 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wbengine.exe -- (wbengine)
SRV:64bit: - [2010/11/20 23:25:14 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\FXSSVC.exe -- (Fax)
SRV:64bit: - [2010/11/20 23:25:10 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\TabSvc.dll -- (TabletInputService)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2010/11/20 23:25:05 | 001,525,248 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2010/11/20 23:24:52 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV:64bit: - [2010/11/20 23:24:51 | 000,232,448 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2010/11/20 23:24:51 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/11/20 23:24:36 | 001,743,360 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\sysmain.dll -- (SysMain)
SRV:64bit: - [2010/11/20 23:24:36 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wcncsvc.dll -- (wcncsvc)
SRV:64bit: - [2010/11/20 23:24:35 | 000,258,560 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\WebClnt.dll -- (WebClient)
SRV:64bit: - [2010/11/20 23:24:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2010/11/20 23:24:33 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\SessEnv.dll -- (SessionEnv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,777,728 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\gpsvc.dll -- (gpsvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 23:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\spoolsv.exe -- (Spooler)
SRV:64bit: - [2010/11/20 23:24:24 | 002,018,304 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\WsmSvc.dll -- (WinRM)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:16 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\dps.dll -- (DPS)
SRV:64bit: - [2010/11/20 23:24:16 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\browser.dll -- (Browser)
SRV:64bit: - [2010/11/20 23:24:16 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\KMSVC.DLL -- (hkmsvc)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\seclogon.dll -- (seclogon)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\msiexec.exe -- (msiserver)
SRV:64bit: - [2010/11/20 23:24:14 | 000,569,344 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\iphlpsvc.dll -- (iphlpsvc)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2010/11/20 23:24:09 | 000,080,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\certprop.dll -- (SCPolicySvc)
SRV:64bit: - [2010/11/20 23:24:09 | 000,080,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\certprop.dll -- (CertPropSvc)
SRV:64bit: - [2010/11/20 23:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appinfo.dll -- (Appinfo)
SRV:64bit: - [2010/11/20 23:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\termsrv.dll -- (TermService)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 001,389,056 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\pla.dll -- (pla)
SRV:64bit: - [2010/11/20 23:24:00 | 000,853,504 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\IKEEXT.DLL -- (IKEEXT)
SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\BFE.DLL -- (BFE)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2010/11/20 23:23:56 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2010/11/20 23:23:56 | 000,444,416 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV:64bit: - [2010/11/20 23:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:23:51 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\vds.exe -- (vds)
SRV:64bit: - [2010/11/20 23:23:50 | 000,078,848 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\WUDFSvc.dll -- (wudfsvc)
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2010/11/20 23:23:48 | 000,476,160 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\QAGENTRT.DLL -- (napagent)
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2009/07/13 21:41:57 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,381,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\w32time.dll -- (W32Time)
SRV:64bit: - [2009/07/13 21:41:56 | 000,353,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\upnphost.dll -- (upnphost)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2009/07/13 21:41:56 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wecsvc.dll -- (Wecsvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wdi.dll -- (WdiSystemHost)
SRV:64bit: - [2009/07/13 21:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wdi.dll -- (WdiServiceHost)
SRV:64bit: - [2009/07/13 21:41:56 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wercplsupport.dll -- (wercplsupport)
SRV:64bit: - [2009/07/13 21:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wersvc.dll -- (WerSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService)
SRV:64bit: - [2009/07/13 21:41:56 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\uxsms.dll -- (UxSms)
SRV:64bit: - [2009/07/13 21:41:55 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\trkwks.dll -- (TrkWks)
SRV:64bit: - [2009/07/13 21:41:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\tbssvc.dll -- (TBS)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:54 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\ssdpsrv.dll -- (SSDPSRV)
SRV:64bit: - [2009/07/13 21:41:54 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sstpsvc.dll -- (SstpSvc)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,438,784 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\p2psvc.dll -- (p2psvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\qwave.dll -- (QWAVE)
SRV:64bit: - [2009/07/13 21:41:53 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\SCardSvr.dll -- (SCardSvr)
SRV:64bit: - [2009/07/13 21:41:53 | 000,186,368 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\pcasvc.dll -- (PcaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,064,512 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\Sens.dll -- (SENS)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\nsisvc.dll -- (nsi)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:28 | 000,368,640 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\msdtckrm.dll -- (KtmRm)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\mmcss.dll -- (THREADORDER)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:18 | 000,300,032 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\lltdsvc.dll -- (lltdsvc)
SRV:64bit: - [2009/07/13 21:41:18 | 000,023,552 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\lmhsvc.dll -- (lmhosts)
SRV:64bit: - [2009/07/13 21:41:11 | 000,156,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\iscsiexe.dll -- (MSiSCSI)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/13 21:41:09 | 000,101,888 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\IPBusEnum.dll -- (IPBusEnum)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:40:52 | 000,034,816 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\FDResPub.dll -- (FDResPub)
SRV:64bit: - [2009/07/13 21:40:52 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\fdPHost.dll -- (fdPHost)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:55 | 000,203,264 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV:64bit: - [2009/07/13 21:39:48 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\UI0Detect.exe -- (UI0Detect)
SRV:64bit: - [2009/07/13 21:39:41 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\snmptrap.exe -- (SNMPTRAP)
SRV:64bit: - [2009/07/13 21:39:21 | 000,141,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\msdtc.exe -- (MSDTC)
SRV:64bit: - [2009/07/13 21:39:15 | 000,010,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Locator.exe -- (RpcLocator)
SRV:64bit: - [2009/07/13 21:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\dllhost.exe -- (COMSysApp)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\alg.exe -- (ALG)
SRV - [2012/07/22 08:04:06 | 000,076,888 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/19 06:02:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/12 15:11:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/22 20:26:55 | 000,773,624 | ---- | M] (bProtector) [Auto] -- E:\ProgramData\bProtector\bProtect.exe -- (bProtector)
SRV - [2012/06/22 20:26:36 | 000,554,304 | ---- | M] () [Auto] -- E:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012/06/19 14:13:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/07 13:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/04 05:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand] -- E:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012/06/01 11:16:58 | 000,182,768 | ---- | M] (Google) [On_Demand] -- E:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2012/06/01 11:16:36 | 000,136,176 | ---- | M] (Google Inc.) [On_Demand] -- E:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update-Dienst (gupdatem)
SRV - [2012/06/01 11:16:36 | 000,136,176 | ---- | M] (Google Inc.) [Auto] -- E:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update-Dienst (gupdate)
SRV - [2012/05/31 23:05:18 | 002,011,056 | ---- | M] (G Data Software AG) [Auto] -- E:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012/05/25 08:19:24 | 001,540,120 | ---- | M] (G Data Software AG) [Auto] -- E:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012/05/04 19:00:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV - [2012/04/03 16:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/28 22:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand] -- E:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012/01/26 22:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto] -- E:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011/10/07 05:23:08 | 000,070,144 | ---- | M] () [Auto] -- E:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2011/09/27 20:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto] -- E:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011/05/04 00:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\SysWow64\SearchIndexer.exe -- (WSearch)
SRV - [2010/11/20 23:25:10 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/20 23:24:53 | 000,856,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2010/11/20 23:24:52 | 000,042,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2010/11/20 23:24:49 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\wcncsvc.dll -- (wcncsvc)
SRV - [2010/11/20 23:24:49 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\WebClnt.dll -- (WebClient)
SRV - [2010/11/20 23:24:42 | 000,696,832 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010/11/20 23:24:32 | 001,175,040 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\WsmSvc.dll -- (WinRM)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\pla.dll -- (pla)
SRV - [2010/11/20 23:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWow64\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,194,048 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:23:55 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\SessEnv.dll -- (SessionEnv)
SRV - [2010/03/18 17:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2009/07/13 21:39:09 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009/07/13 21:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\wdi.dll -- (WdiSystemHost)
SRV - [2009/07/13 21:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\wdi.dll -- (WdiServiceHost)
SRV - [2009/07/13 21:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2009/07/13 21:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\upnphost.dll -- (upnphost)
SRV - [2009/07/13 21:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\SysWOW64\Sens.dll -- (SENS)
SRV - [2009/07/13 21:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\qwave.dll -- (QWAVE)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV - [2009/07/13 21:14:28 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWOW64\perfhost.exe -- (PerfHost)
SRV - [2009/07/13 21:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\SysWow64\dllhost.exe -- (COMSysApp)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Driver Services (All) ==========
 
DRV:64bit: - [2012/07/14 06:50:55 | 000,314,016 | ---- | M] () [Kernel | Auto] -- E:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/07/14 06:50:55 | 000,043,680 | ---- | M] () [Kernel | Auto] -- E:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012/07/03 10:41:04 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto] -- E:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012/06/19 10:54:20 | 004,065,296 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RTKVHD64.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:64bit: - [2012/06/02 01:50:10 | 000,458,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\cng.sys -- (CNG)
DRV:64bit: - [2012/06/02 01:48:16 | 000,151,920 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2012/06/02 01:48:16 | 000,095,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV:64bit: - [2012/06/01 13:52:42 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2012/06/01 13:52:42 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2012/06/01 13:52:39 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2012/06/01 13:52:39 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2012/06/01 13:42:56 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System] -- E:\Windows\System32\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012/06/01 12:59:16 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System] -- E:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012/06/01 12:46:41 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System] -- E:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012/06/01 12:17:06 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand] -- E:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012/06/01 12:16:30 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System] -- E:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012/06/01 12:16:30 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot] -- E:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012/05/04 19:00:00 | 014,298,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/30 07:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tcpip.sys -- (TCPIP6)
DRV:64bit: - [2012/03/30 07:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV:64bit: - [2012/03/17 03:58:57 | 000,075,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV:64bit: - [2012/02/21 12:46:18 | 000,396,776 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- E:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012/02/21 12:46:18 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- E:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012/02/17 00:57:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV:64bit: - [2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\system32\drivers\afd.sys -- (AFD)
DRV:64bit: - [2011/12/13 13:44:16 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/12/12 16:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- E:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/12/12 16:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- E:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/07/08 22:46:28 | 000,288,768 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV:64bit: - [2011/06/24 10:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/10 08:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/28 23:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\srv.sys -- (srv)
DRV:64bit: - [2011/04/28 23:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV:64bit: - [2011/04/28 23:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV:64bit: - [2011/04/26 22:40:40 | 000,158,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV:64bit: - [2011/04/26 22:39:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV:64bit: - [2011/03/24 23:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\usbhub.sys -- (usbhub)
DRV:64bit: - [2011/03/24 23:29:14 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2011/03/24 23:29:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\usbehci.sys -- (usbehci)
DRV:64bit: - [2011/03/24 23:29:04 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\usbohci.sys -- (usbohci)
DRV:64bit: - [2011/03/24 23:29:03 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\usbuhci.sys -- (usbuhci)
DRV:64bit: - [2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2011/03/11 02:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- E:\Windows\System32\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- E:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/11 00:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV:64bit: - [2011/02/23 00:55:04 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV:64bit: - [2010/11/25 09:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 23:24:39 | 000,223,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2010/11/20 23:24:36 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV:64bit: - [2010/11/20 23:24:33 | 000,213,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2010/11/20 23:24:33 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV:64bit: - [2010/11/20 23:24:33 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:24:32 | 000,982,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV:64bit: - [2010/11/20 23:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV:64bit: - [2010/11/20 23:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System] -- E:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV:64bit: - [2010/11/20 23:24:32 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV:64bit: - [2010/11/20 23:24:27 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV:64bit: - [2010/11/20 23:24:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\appid.sys -- (AppID)
DRV:64bit: - [2010/11/20 23:24:24 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2010/11/20 23:24:15 | 000,363,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV:64bit: - [2010/11/20 23:24:15 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV:64bit: - [2010/11/20 23:24:11 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV:64bit: - [2010/11/20 23:24:11 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\wanarp.sys -- (WANARP)
DRV:64bit: - [2010/11/20 23:24:09 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2010/11/20 23:24:08 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System] -- E:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV:64bit: - [2010/11/20 23:24:08 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV:64bit: - [2010/11/20 23:24:08 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\pacer.sys -- (Psched)
DRV:64bit: - [2010/11/20 23:24:00 | 000,289,664 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- E:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV:64bit: - [2010/11/20 23:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV:64bit: - [2010/11/20 23:23:55 | 000,753,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\http.sys -- (HTTP)
DRV:64bit: - [2010/11/20 23:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- E:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/11/20 23:23:53 | 000,094,592 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV:64bit: - [2010/11/20 23:23:52 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV:64bit: - [2010/11/20 23:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV:64bit: - [2010/11/20 23:23:51 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV:64bit: - [2010/11/20 23:23:50 | 000,172,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV:64bit: - [2010/11/20 23:23:50 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2010/11/20 23:23:48 | 000,273,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\msiscsi.sys -- (iScsiPrt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV:64bit: - [2010/11/20 23:23:47 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2010/11/20 23:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV:64bit: - [2010/11/20 23:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV:64bit: - [2010/11/20 23:23:47 | 000,229,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2010/11/20 23:23:47 | 000,215,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2010/11/20 23:23:47 | 000,184,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\pci.sys -- (pci)
DRV:64bit: - [2010/11/20 23:23:47 | 000,155,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2010/11/20 23:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV:64bit: - [2010/11/20 23:23:47 | 000,140,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2010/11/20 23:23:47 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\HDAudBus.sys -- (HDAudBus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV:64bit: - [2010/11/20 23:23:47 | 000,103,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- E:\Windows\system32\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV:64bit: - [2010/11/20 23:23:47 | 000,063,360 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\system32\drivers\termdd.sys -- (TermDD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2010/11/20 23:23:47 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV:64bit: - [2010/11/20 23:23:47 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV:64bit: - [2010/11/20 23:23:47 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2010/09/23 16:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand] -- E:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010/05/03 05:46:04 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/02/18 13:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- E:\Windows\system32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\clfs.sys -- (CLFS)
DRV:64bit: - [2009/07/13 21:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2009/07/13 21:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/13 21:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/13 21:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/13 21:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/13 21:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/13 21:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\arc.sys -- (arc)
DRV:64bit: - [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV:64bit: - [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\atapi.sys -- (atapi)
DRV:64bit: - [2009/07/13 21:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2009/07/13 21:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- E:\Windows\System32\drivers\mup.sys -- (Mup)
DRV:64bit: - [2009/07/13 21:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV:64bit: - [2009/07/13 21:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\system32\drivers\mssmbios.sys -- (mssmbios)
DRV:64bit: - [2009/07/13 21:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV:64bit: - [2009/07/13 21:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV:64bit: - [2009/07/13 21:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/13 21:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/13 21:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/13 21:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/13 21:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV:64bit: - [2009/07/13 21:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- E:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/13 21:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/13 21:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2009/07/13 21:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\intelide.sys -- (intelide)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand] -- E:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\disk.sys -- (Disk)
DRV:64bit: - [2009/07/13 21:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- E:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV:64bit: - [2009/07/13 21:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV:64bit: - [2009/07/13 21:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- E:\Windows\system32\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV:64bit: - [2009/07/13 21:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- E:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/13 21:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV:64bit: - [2009/07/13 21:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- E:\Windows\system32\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\wd.sys -- (Wd)
DRV:64bit: - [2009/07/13 21:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/13 21:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\swenum.sys -- (swenum)
DRV:64bit: - [2009/07/13 21:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/13 21:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- E:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/13 21:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2009/07/13 21:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\SiSRaid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/13 21:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2009/07/13 21:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2009/07/13 21:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV:64bit: - [2009/07/13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV:64bit: - [2009/07/13 20:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV:64bit: - [2009/07/13 20:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV:64bit: - [2009/07/13 20:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\modem.sys -- (Modem)
DRV:64bit: - [2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- E:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 20:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV:64bit: - [2009/07/13 20:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV:64bit: - [2009/07/13 20:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV:64bit: - [2009/07/13 20:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV:64bit: - [2009/07/13 20:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV:64bit: - [2009/07/13 20:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV:64bit: - [2009/07/13 20:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System] -- E:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\smb.sys -- (Smb)
DRV:64bit: - [2009/07/13 20:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV:64bit: - [2009/07/13 20:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV:64bit: - [2009/07/13 20:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV:64bit: - [2009/07/13 20:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2009/07/13 20:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\ohci1394.sys -- (ohci1394) 1394 OHCI Compliant Host Controller (Legacy)
DRV:64bit: - [2009/07/13 20:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV:64bit: - [2009/07/13 20:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2009/07/13 20:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2009/07/13 20:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV:64bit: - [2009/07/13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2009/07/13 20:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2009/07/13 20:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\fdc.sys -- (fdc)
DRV:64bit: - [2009/07/13 20:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2009/07/13 20:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\parport.sys -- (Parport)
DRV:64bit: - [2009/07/13 20:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\serial.sys -- (Serial)
DRV:64bit: - [2009/07/13 20:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV:64bit: - [2009/07/13 20:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV:64bit: - [2009/07/13 20:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2009/07/13 20:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\ksthunk.sys -- (ksthunk)
DRV:64bit: - [2009/07/13 20:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV:64bit: - [2009/07/13 20:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV:64bit: - [2009/07/13 20:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV:64bit: - [2009/07/13 20:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV:64bit: - [2009/07/13 19:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV:64bit: - [2009/07/13 19:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV:64bit: - [2009/07/13 19:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\HidBatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2009/07/13 19:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- E:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV:64bit: - [2009/07/13 19:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV:64bit: - [2009/07/13 19:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV:64bit: - [2009/07/13 19:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2009/07/13 19:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- E:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/13 19:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2009/07/13 19:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\intelppm.sys -- (intelppm)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\processr.sys -- (Processor)
DRV:64bit: - [2009/06/10 16:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/10 16:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/10 16:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/10 16:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/10 16:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/06/21 18:48:32 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand] -- E:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jonas_ON_E\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?AF=100346&babsrc=HP_ss&mntrId=204c3cc00000000000008c89a5a1f663
IE - HKU\Jonas_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKU\Jonas_ON_E\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Jonas_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Jonas_ON_E\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Jonas_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKU\Jonas_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Jonas_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\NetworkService_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
 
IE - HKU\UpdatusUser_ON_E\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?AF=100346&babsrc=HP_ss&mntrId=204c3cc00000000000008c89a5a1f663
IE - HKU\UpdatusUser_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKU\UpdatusUser_ON_E\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\UpdatusUser_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\UpdatusUser_ON_E\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\UpdatusUser_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKU\UpdatusUser_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\UpdatusUser_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "search the web (babylon)"
FF - prefs.js..browser.search.order.1: "search the web (babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedengine: "google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.url: "hxxp://search.babylon.com/?af=100346&babsrc=adbartrp&mntrid=204c3cc00000000000008c89a5a1f663&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_265.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2: E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 06:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 06:02:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/06/10 12:44:08 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Jonas\AppData\Roaming\Mozilla\Extensions
[2012/07/13 20:30:59 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\5dkv3tlv.default\extensions
[2012/07/13 20:30:59 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- E:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\5dkv3tlv.default\extensions\foxyproxy@eric.h.jung
[2012/06/11 11:12:31 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/11 11:12:31 | 000,000,000 | ---D | M] (G Data BankGuard) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012/07/19 06:02:24 | 000,000,000 | ---D | M] (Default) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- 
[2012/07/19 06:02:24 | 000,136,672 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 12:33:00 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/01 12:33:00 | 000,002,252 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 12:33:00 | 000,001,153 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/19 06:02:24 | 000,003,368 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/06/01 12:33:00 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/01 12:33:00 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/01 12:33:00 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - E:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKU\Jonas_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Jonas_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKU\UpdatusUser_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\UpdatusUser_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] E:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] E:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] E:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MedionReminder] E:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [RTHDVCPL] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer] E:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] E:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] E:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Jonas_ON_E..\Run: [C:\Users\Jonas\0.2682448267441693.exe] E:\Users\Jonas\0.2682448267441693.exe ()
O4 - HKU\Jonas_ON_E..\Run: [ESL Wire] E:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKU\Jonas_ON_E..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\Jonas_ON_E..\Run: [Skype] E:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\Jonas_ON_E..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\Run: [ESL Wire] E:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKU\UpdatusUser_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\Run: [Skype] E:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\UpdatusUser_ON_E..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] E:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin]  File not found
O4 - Startup: E:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (protector.dll) - E:\Windows\SysWow64\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - E:\Windows\System32\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - E:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Jonas_ON_E Winlogon: Shell - (C:\Users\Jonas\0.2682448267441693.exe) - E:\Users\Jonas\0.2682448267441693.exe ()
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - E:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - E:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - E:\Windows\System32\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - E:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - E:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - E:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - E:\Windows\System32\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - E:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - E:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - E:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - E:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - E:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - E:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{59e86746-ac47-11e1-9f14-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{59e86746-ac47-11e1-9f14-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe de
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/22 11:17:53 | 000,000,000 | ---D | C] -- E:\Users\Jonas\AppData\Local\Microsoft Games
[2012/07/18 17:02:35 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Screaming Bee
[2012/07/17 20:59:49 | 000,000,000 | ---D | C] -- E:\Users\Jonas\AppData\Local\PunkBuster
[2012/07/17 20:55:56 | 000,000,000 | ---D | C] -- E:\Users\Jonas\AppData\Local\Activision
[2012/07/15 22:23:37 | 000,000,000 | ---D | C] -- E:\Users\Jonas\Documents\Orcs Must Die
[2012/07/15 03:54:45 | 000,000,000 | ---D | C] -- E:\ProgramData\Steam
[2012/07/15 03:54:44 | 000,000,000 | ---D | C] -- E:\ProgramData\PopCap Games
[2012/07/14 19:26:41 | 000,000,000 | ---D | C] -- E:\Users\Jonas\Desktop\Counter-Strike Source
[2012/07/14 15:08:57 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\sixteen tons entertainment
[2012/07/14 15:00:41 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\sixteen tons entertainment
[2012/07/14 12:52:09 | 000,000,000 | ---D | C] -- E:\Users\Jonas\AppData\Roaming\vlc
[2012/07/14 12:52:01 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/14 12:51:38 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\VideoLAN
[2012/07/14 08:10:09 | 000,000,000 | ---D | C] -- E:\Users\Jonas\Documents\Anno 1404
[2012/07/14 06:57:43 | 000,000,000 | ---D | C] -- E:\Users\Jonas\AppData\Roaming\Ubisoft
[2012/07/14 06:55:58 | 000,000,000 | ---D | C] -- E:\ProgramData\Tages
[2012/07/14 06:44:57 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Ubisoft
[2012/07/11 18:19:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmled.dll
[2012/07/11 18:19:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmled.dll
[2012/07/11 18:19:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2012/07/11 18:19:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\url.dll
[2012/07/11 18:19:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2012/07/11 18:19:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieui.dll
[2012/07/11 18:19:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2012/07/11 18:19:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 18:19:16 | 002,311,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2012/07/11 18:19:16 | 001,800,192 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript9.dll
[2012/07/11 18:19:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2012/07/11 18:19:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 18:19:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2012/07/11 18:19:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript.dll
[2012/07/11 17:51:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msxml3r.dll
[2012/07/11 17:51:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msxml3r.dll
[2012/07/11 17:51:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ncrypt.dll
[2012/07/11 17:51:02 | 000,219,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ncrypt.dll
[2012/07/11 17:51:01 | 001,133,568 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\cdosys.dll
[2012/07/11 17:51:01 | 000,805,376 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\cdosys.dll
[2012/07/08 18:02:18 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvcompiler.dll
[2012/07/08 18:02:18 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- E:\Windows\SysWow64\nvoglv32.dll
[2012/07/08 18:02:18 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- E:\Windows\SysWow64\nvcompiler.dll
[2012/07/08 18:02:18 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvcuda.dll
[2012/07/08 18:02:18 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- E:\Windows\SysWow64\nvcuda.dll
[2012/07/08 18:02:18 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvcuvenc.dll
[2012/07/08 18:02:18 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvcuvid.dll
[2012/07/08 18:02:18 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- E:\Windows\SysWow64\nvcuvid.dll
[2012/07/08 18:02:18 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- E:\Windows\SysWow64\nvcuvenc.dll
[2012/07/08 18:02:18 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- E:\Windows\SysWow64\nvumdshim.dll
[2012/07/08 18:02:18 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvdecodemft.dll
[2012/07/08 18:02:18 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- E:\Windows\SysWow64\nvdecodemft.dll
[2012/07/08 18:02:18 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- E:\Windows\System32\nvinitx.dll
[2012/07/08 18:02:18 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- E:\Windows\SysWow64\nvinit.dll
[2012/07/08 17:56:08 | 000,000,000 | ---D | C] -- E:\Medion
[2012/07/06 15:11:48 | 000,294,912 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\browserchoice.exe
[2012/06/30 21:27:38 | 000,000,000 | ---D | C] -- E:\Windows\SysWow64\RTCOM
[2012/06/30 21:27:22 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- E:\Windows\System32\WavesGUILib.dll
[2012/06/30 21:27:22 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- E:\Windows\System32\tosade.dll
[2012/06/30 21:27:21 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- E:\Windows\System32\tadefxapo264.dll
[2012/06/30 21:27:21 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- E:\Windows\System32\SRSTSX64.dll
[2012/06/30 21:27:21 | 000,220,776 | ---- | C] (Sony Corporation) -- E:\Windows\System32\SFSS_APO.dll
[2012/06/30 21:27:21 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- E:\Windows\System32\SRSTSH64.dll
[2012/06/30 21:27:21 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- E:\Windows\System32\SRSHP64.dll
[2012/06/30 21:27:21 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- E:\Windows\System32\SRSWOW64.dll
[2012/06/30 21:27:21 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- E:\Windows\System32\tadefxapo.dll
[2012/06/30 21:27:21 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- E:\Windows\System32\tepeqapo64.dll
[2012/06/30 21:27:20 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- E:\Windows\System32\RtPgEx64.dll
[2012/06/30 21:27:20 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- E:\Windows\System32\RTSnMg64.cpl
[2012/06/30 21:27:20 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- E:\Windows\System32\RtlCPAPI64.dll
[2012/06/30 21:27:20 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- E:\Windows\System32\SFNHK64.dll
[2012/06/30 21:27:20 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- E:\Windows\System32\SFCOM64.dll
[2012/06/30 21:27:20 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- E:\Windows\System32\SFAPO64.dll
[2012/06/30 21:27:20 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- E:\Windows\SysWow64\SFCOM.dll
[2012/06/30 21:27:16 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- E:\Windows\System32\RCoRes64.dat
[2012/06/30 21:27:16 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- E:\Windows\System32\RtkAPO64.dll
[2012/06/30 21:27:16 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- E:\Windows\System32\RTCOM64.dll
[2012/06/30 21:27:16 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- E:\Windows\System32\RtkApi64.dll
[2012/06/30 21:27:16 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- E:\Windows\System32\RTEEP64A.dll
[2012/06/30 21:27:16 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- E:\Windows\System32\RP3DHT64.dll
[2012/06/30 21:27:16 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- E:\Windows\System32\RP3DAA64.dll
[2012/06/30 21:27:16 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- E:\Windows\System32\RTEED64A.dll
[2012/06/30 21:27:16 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- E:\Windows\System32\RtkCfg64.dll
[2012/06/30 21:27:16 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- E:\Windows\System32\RTEEL64A.dll
[2012/06/30 21:27:16 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- E:\Windows\System32\RTEEG64A.dll
[2012/06/30 21:27:16 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- E:\Windows\System32\RtkCoLDR64.dll
[2012/06/30 21:27:15 | 007,163,744 | ---- | C] (Dolby Laboratories) -- E:\Windows\System32\R4EEP64A.dll
[2012/06/30 21:27:15 | 000,433,504 | ---- | C] (Dolby Laboratories) -- E:\Windows\System32\R4EED64A.dll
[2012/06/30 21:27:15 | 000,141,152 | ---- | C] (Dolby Laboratories) -- E:\Windows\System32\R4EEL64A.dll
[2012/06/30 21:27:15 | 000,123,744 | ---- | C] (Dolby Laboratories) -- E:\Windows\System32\R4EEA64A.dll
[2012/06/30 21:27:15 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- E:\Windows\System32\RCoInstII64.dll
[2012/06/30 21:27:15 | 000,074,592 | ---- | C] (Dolby Laboratories) -- E:\Windows\System32\R4EEG64A.dll
[2012/06/30 21:27:14 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- E:\Windows\System32\MaxxAudioRealtek.dll
[2012/06/30 21:27:14 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- E:\Windows\System32\MaxxAudioEQ.dll
[2012/06/30 21:27:14 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- E:\Windows\System32\MaxxAudioRealtek264.dll
[2012/06/30 21:27:14 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- E:\Windows\System32\MaxxVolumeSDAPO.dll
[2012/06/30 21:27:13 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- E:\Windows\System32\MaxxAudioAPOShell64.dll
[2012/06/30 21:27:13 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- E:\Windows\System32\KAAPORT64.dll
[2012/06/30 21:27:13 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- E:\Windows\System32\MaxxAudioAPO30.dll
[2012/06/30 21:27:13 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- E:\Windows\System32\MaxxAudioAPO20.dll
[2012/06/30 21:27:11 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- E:\Windows\System32\FMAPO64.dll
[2012/06/30 21:27:11 | 000,693,352 | ---- | C] (DTS) -- E:\Windows\System32\DTSVoiceClarityDLL64.dll
[2012/06/30 21:27:11 | 000,537,456 | ---- | C] (DTS) -- E:\Windows\System32\DTSU2PLFX64.dll
[2012/06/30 21:27:11 | 000,524,656 | ---- | C] (DTS) -- E:\Windows\System32\DTSU2PGFX64.dll
[2012/06/30 21:27:11 | 000,449,392 | ---- | C] (DTS) -- E:\Windows\System32\DTSU2PREC64.dll
[2012/06/30 21:27:10 | 001,756,264 | ---- | C] (DTS) -- E:\Windows\System32\DTSS2SpeakerDLL64.dll
[2012/06/30 21:27:10 | 001,568,360 | ---- | C] (DTS) -- E:\Windows\System32\DTSS2HeadphoneDLL64.dll
[2012/06/30 21:27:10 | 001,486,952 | ---- | C] (DTS) -- E:\Windows\System32\DTSBoostDLL64.dll
[2012/06/30 21:27:10 | 000,728,680 | ---- | C] (DTS) -- E:\Windows\System32\DTSBassEnhancementDLL64.dll
[2012/06/30 21:27:10 | 000,712,296 | ---- | C] (DTS) -- E:\Windows\System32\DTSSymmetryDLL64.dll
[2012/06/30 21:27:10 | 000,491,112 | ---- | C] (DTS) -- E:\Windows\System32\DTSNeoPCDLL64.dll
[2012/06/30 21:27:10 | 000,432,744 | ---- | C] (DTS) -- E:\Windows\System32\DTSLimiterDLL64.dll
[2012/06/30 21:27:10 | 000,428,648 | ---- | C] (DTS) -- E:\Windows\System32\DTSGainCompensatorDLL64.dll
[2012/06/30 21:27:10 | 000,242,792 | ---- | C] (DTS) -- E:\Windows\System32\DTSLFXAPO64.dll
[2012/06/30 21:27:10 | 000,242,792 | ---- | C] (DTS) -- E:\Windows\System32\DTSGFXAPO64.dll
[2012/06/30 21:27:10 | 000,241,768 | ---- | C] (DTS) -- E:\Windows\System32\DTSGFXAPONS64.dll
[2012/06/30 21:27:09 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- E:\Windows\System32\AERTAC64.dll
[2012/06/30 21:27:09 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- E:\Windows\System32\AERTAR64.dll
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/25 16:14:52 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/07/25 16:14:35 | 1055,735,806 | -HS- | M] () -- E:\hiberfil.sys
[2012/07/25 14:02:53 | 000,001,106 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/25 10:08:13 | 000,696,848 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2012/07/25 10:08:13 | 000,652,166 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/07/25 10:08:13 | 000,148,144 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2012/07/25 10:08:13 | 000,121,098 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/07/25 09:54:24 | 000,016,944 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 09:54:24 | 000,016,944 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 09:34:00 | 000,001,110 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/25 09:11:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/25 05:30:01 | 000,730,609 | ---- | M] () -- E:\Windows\SysWow64\sig.bin
[2012/07/25 05:30:01 | 000,042,103 | ---- | M] () -- E:\Windows\SysWow64\nmp.map
[2012/07/23 06:30:29 | 000,281,872 | ---- | M] () -- E:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/23 06:30:29 | 000,281,872 | ---- | M] () -- E:\Windows\SysWow64\PnkBstrB.exe
[2012/07/22 14:39:02 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/07/22 08:06:07 | 000,281,872 | ---- | M] () -- E:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/22 08:04:06 | 000,076,888 | ---- | M] () -- E:\Windows\SysWow64\PnkBstrA.exe
[2012/07/22 08:03:54 | 000,840,264 | ---- | M] () -- E:\Windows\SysWow64\pbsvc.exe
[2012/07/21 11:56:00 | 000,000,000 | -H-- | M] () -- E:\Users\Jonas\Documents\Default.rdp
[2012/07/14 15:08:57 | 000,000,908 | ---- | M] () -- E:\Users\Public\Desktop\Emergency4 spielen.lnk
[2012/07/14 15:08:57 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\sixteen tons entertainment
[2012/07/14 12:52:01 | 000,001,074 | ---- | M] () -- E:\Users\Public\Desktop\VLC media player.lnk
[2012/07/14 12:52:01 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/14 06:50:55 | 000,314,016 | ---- | M] () -- E:\Windows\System32\drivers\atksgt.sys
[2012/07/14 06:50:55 | 000,043,680 | ---- | M] () -- E:\Windows\System32\drivers\lirsgt.sys
[2012/07/13 16:06:56 | 000,007,639 | ---- | M] () -- E:\Users\Jonas\AppData\Local\Resmon.ResmonCfg
[2012/07/12 15:11:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 15:11:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/12 13:30:49 | 000,283,104 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2012/07/08 07:53:23 | 000,018,960 | ---- | M] (Logitech, Inc.) -- E:\Windows\System32\drivers\LNonPnP.sys
[2012/07/07 10:58:09 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
[2012/07/03 10:41:12 | 000,168,864 | ---- | M] () -- E:\Program Files\Common Files\WireHelpSvc.exe
[2012/07/03 10:41:04 | 000,147,472 | ---- | M] (<Turtle Entertainment>) -- E:\Windows\System32\drivers\ESLWireACD.sys
[2012/06/30 20:49:57 | 941,113,068 | ---- | M] () -- E:\Windows\MEMORY.DMP
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/22 08:06:07 | 000,281,872 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/22 08:04:07 | 000,281,872 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.exe
[2012/07/22 08:04:07 | 000,281,872 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/22 08:04:06 | 000,076,888 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrA.exe
[2012/07/22 08:04:05 | 000,840,264 | ---- | C] () -- E:\Windows\SysWow64\pbsvc.exe
[2012/07/21 11:56:00 | 000,000,000 | -H-- | C] () -- E:\Users\Jonas\Documents\Default.rdp
[2012/07/14 15:08:57 | 000,000,908 | ---- | C] () -- E:\Users\Public\Desktop\Emergency4 spielen.lnk
[2012/07/14 12:52:01 | 000,001,074 | ---- | C] () -- E:\Users\Public\Desktop\VLC media player.lnk
[2012/07/14 06:50:55 | 000,314,016 | ---- | C] () -- E:\Windows\System32\drivers\atksgt.sys
[2012/07/14 06:50:55 | 000,043,680 | ---- | C] () -- E:\Windows\System32\drivers\lirsgt.sys
[2012/06/30 21:27:16 | 000,293,889 | ---- | C] () -- E:\Windows\System32\drivers\RTAIODAT.DAT
[2012/06/22 20:26:55 | 000,790,520 | ---- | C] () -- E:\Windows\SysWow64\protector.dll
[2012/06/21 06:05:49 | 001,590,370 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/18 18:50:36 | 000,168,864 | ---- | C] () -- E:\Program Files\Common Files\WireHelpSvc.exe
[2012/06/01 17:39:48 | 000,730,609 | ---- | C] () -- E:\Windows\SysWow64\sig.bin
[2012/06/01 12:08:21 | 000,007,639 | ---- | C] () -- E:\Users\Jonas\AppData\Local\Resmon.ResmonCfg
[2012/06/01 12:05:51 | 000,017,408 | ---- | C] () -- E:\Users\Jonas\AppData\Local\WebpageIcons.db
[2012/05/14 20:21:50 | 000,423,744 | ---- | C] () -- E:\Windows\SysWow64\nvStreaming.exe
[2011/07/13 22:55:06 | 000,053,760 | ---- | C] () -- E:\Windows\SysWow64\OVDecode.dll
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- E:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- E:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- E:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- E:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/12/02 18:13:49 | 000,000,000 | ---D | M] -- E:\ProgramData\AMD
[2012/06/22 20:56:44 | 000,000,000 | ---D | M] -- E:\ProgramData\AmUStor
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/06/02 01:48:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Battle.net
[2012/06/22 20:26:55 | 000,000,000 | ---D | M] -- E:\ProgramData\bProtector
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2012/06/30 20:52:04 | 000,000,000 | ---D | M] -- E:\ProgramData\DriverGenius
[2012/06/18 18:50:28 | 000,000,000 | ---D | M] -- E:\ProgramData\ESL Wire
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/06/01 12:56:24 | 000,000,000 | ---D | M] -- E:\ProgramData\G DATA
[2012/06/22 20:28:44 | 000,000,000 | ---D | M] -- E:\ProgramData\IBUpdaterService
[2012/06/01 11:19:55 | 000,000,000 | ---D | M] -- E:\ProgramData\Kaspersky Rescue Disk 10
[2012/06/01 11:21:29 | 000,000,000 | -H-D | M] -- E:\ProgramData\Medion Reminder
[2012/06/30 21:47:29 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner
[2012/06/22 20:28:35 | 000,000,000 | ---D | M] -- E:\ProgramData\PC Drivers HeadQuarters
[2012/07/15 04:55:10 | 000,000,000 | ---D | M] -- E:\ProgramData\PopCap Games
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2012/07/15 03:54:45 | 000,000,000 | ---D | M] -- E:\ProgramData\Steam
[2012/07/14 06:56:58 | 000,000,000 | ---D | M] -- E:\ProgramData\Tages
[2011/12/02 19:10:30 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/06/01 11:17:02 | 000,000,000 | ---D | M] -- E:\ProgramData\TvdPersonal
[2012/07/13 10:14:09 | 000,032,568 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/26/2012 3:14:48 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.40 Mb Free Space | 75.41% Space Free | Partition Type: NTFS
Drive E: | 1811.92 Gb Total Space | 1641.90 Gb Free Space | 90.62% Space Free | Partition Type: NTFS
Drive F: | 50.00 Gb Total Space | 30.48 Gb Free Space | 60.95% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- E:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- E:\Windows\System32\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- E:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- E:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- E:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- E:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- E:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- E:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- E:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- E:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- E:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- E:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- E:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- E:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- E:\Windows\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- E:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- E:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- E:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- E:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- E:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- E:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- E:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- E:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- E:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- E:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- E:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- E:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- E:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- E:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- E:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{159BA17F-CCF1-4FC1-CB10-588DE05C9926}" = ccc-utility64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF5E9B6-75C1-6899-00CD-82ACA9ACB664}" = AMD Catalyst Install Manager
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0507
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CF77B6B4-108B-7696-AC88-701747008532}" = AMD Fuel
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"DriverAgent.exe" = DriverAgent by eSupport.com
"ESL Wire_is1" = ESL Wire 1.13
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{159BA17F-CCF1-4FC1-CB10-588DE05C9926}" = ccc-utility64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF5E9B6-75C1-6899-00CD-82ACA9ACB664}" = AMD Catalyst Install Manager
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0507
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CF77B6B4-108B-7696-AC88-701747008532}" = AMD Fuel
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"DriverAgent.exe" = DriverAgent by eSupport.com
"ESL Wire_is1" = ESL Wire 1.13
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
< End of report >
--- --- ---
Alt 25.07.2012, 19:46   #6
t'john
/// Helfer-Team
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL

SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\dnsrslvr.dll -- (Dnscache) 
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\wkssvc.dll -- (LanmanWorkstation) 
SRV - [2012/07/22 08:04:06 | 000,076,888 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) 
SRV - [2012/06/22 20:26:36 | 000,554,304 | ---- | M] () [Auto] -- E:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService) 
SRV - [2011/10/07 05:23:08 | 000,070,144 | ---- | M] () [Auto] -- E:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi) 
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) 
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\Jonas_ON_E\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=100346&babsrc=HP_ss&mntrId=204c3cc00000000000008c89a5a1f663 
IE - HKU\Jonas_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) 
IE - HKU\Jonas_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\LocalService_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) 
IE - HKU\NetworkService_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) 
IE - HKU\UpdatusUser_ON_E\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=100346&babsrc=HP_ss&mntrId=204c3cc00000000000008c89a5a1f663 
IE - HKU\UpdatusUser_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) 
IE - HKU\UpdatusUser_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "search the web (babylon)" 
FF - prefs.js..browser.search.order.1: "search the web (babylon)" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.search.selectedengine: "google" 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/" 
FF - prefs.js..keyword.url: "http://search.babylon.com/?af=100346&babsrc=adbartrp&mntrid=204c3cc00000000000008c89a5a1f663&q=" 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
File not found (No name found) -- 
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. 
O3:64bit: - HKU\Jonas_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) 
O3 - HKU\Jonas_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) 
O3:64bit: - HKU\UpdatusUser_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) 
O3 - HKU\UpdatusUser_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) 
O4:64bit: - HKLM..\Run: [EvtMgr6] E:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKU\Jonas_ON_E..\Run: [C:\Users\Jonas\0.2682448267441693.exe] E:\Users\Jonas\0.2682448267441693.exe () 
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found 
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin] File not found 
O4 - Startup: E:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found 
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found 
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found 
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found 
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found 
O20 - AppInit_DLLs: (protector.dll) - E:\Windows\SysWow64\protector.dll () 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKU\Jonas_ON_E Winlogon: Shell - (C:\Users\Jonas\0.2682448267441693.exe) - E:\Users\Jonas\0.2682448267441693.exe () 
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - E:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O31 - SafeBoot: AlternateShell - cmd.exe 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] 
O33 - MountPoints2\{59e86746-ac47-11e1-9f14-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{59e86746-ac47-11e1-9f14-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe de 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found 


[2012/07/19 06:02:24 | 000,000,000 | ---D | M] (Default) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} 
[2012/07/19 06:02:24 | 000,136,672 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll 
[2012/07/19 06:02:24 | 000,003,368 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\google.xml 
[2012/07/25 14:02:53 | 000,001,106 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012/07/25 09:34:00 | 000,001,110 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012/07/25 09:11:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job 
[2012/06/22 20:26:55 | 000,000,000 | ---D | M] -- E:\ProgramData\bProtector 
[2012/06/30 21:47:29 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner 
:Files
E:\Users\Jonas\0.2682448267441693.exe
E:\Windows\SysWow64\protector.dll
C:\Users\Jonas\0.2682448267441693.exe
X:\AUTORUN.INF

E:\autorun.exe de
E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
E:\Windows\tasks\Adobe Flash Player Updater.job
E:\ProgramData\Partner
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
--> Trojaner blockiert Windows start

Alt 25.07.2012, 21:14   #7
Spatz89
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


hier bitte
Zitat:
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache deleted successfully.
File E:\Windows\System32\dnsrslvr.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation deleted successfully.
File E:\Windows\System32\wkssvc.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PnkBstrA deleted successfully.
E:\Windows\SysWOW64\PnkBstrA.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IBUpdaterService deleted successfully.
E:\ProgramData\IBUpdaterService\ibsvc.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\watchmi deleted successfully.
E:\Program Files (x86)\watchmi\TvdService.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LMouFilt deleted successfully.
File E:\Windows\System32\drivers\LMouFilt.Sys not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LHidFilt deleted successfully.
File E:\Windows\System32\drivers\LHidFilt.Sys not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Jonas_ON_E\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
Registry value HKEY_USERS\Jonas_ON_E\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
E:\Windows\SysWOW64\ieframe.dll moved successfully.
HKU\Jonas_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\LocalService_ON_E\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
File E:\Windows\SysWOW64\ieframe.dll not found.
Registry value HKEY_USERS\NetworkService_ON_E\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
File E:\Windows\SysWOW64\ieframe.dll not found.
HKU\UpdatusUser_ON_E\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
Registry value HKEY_USERS\UpdatusUser_ON_E\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
File E:\Windows\SysWOW64\ieframe.dll not found.
HKU\UpdatusUser_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "search the web (babylon)" removed from browser.search.defaultenginename
Prefs.js: "search the web (babylon)" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "google" removed from browser.search.selectedengine
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?af=100346&babsrc=adbartrp&mntrid=204c3cc00000000000008c89a5a1f663&q=" removed from keyword.url
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
File E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
File E:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File E:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0124123D-61B4-456f-AF86-78C53A0790C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
64bit-Registry value HKEY_USERS\Jonas_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry value HKEY_USERS\Jonas_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll moved successfully.
64bit-Registry value HKEY_USERS\UpdatusUser_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_USERS\UpdatusUser_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EvtMgr6 deleted successfully.
E:\Program Files\Logitech\SetPointP\SetPoint.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_USERS\Jonas_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
E:\Users\Jonas\0.2682448267441693.exe moved successfully.
Registry key HKEY_USERS\LocalService_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\UpdatusUser_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
E:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dllsrotector.dll deleted successfully.
E:\Windows\SysWOW64\protector.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_USERS\Jonas_ON_E\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Jonas\0.2682448267441693.exe deleted successfully.
File E:\Users\Jonas\0.2682448267441693.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\ deleted successfully.
E:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\\AlternateShell deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e86746-ac47-11e1-9f14-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59e86746-ac47-11e1-9f14-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e86746-ac47-11e1-9f14-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59e86746-ac47-11e1-9f14-806e6f6e6963}\ not found.
File E:\autorun.exe de not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Folder move failed. E:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} scheduled to be moved on reboot.
E:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll moved successfully.
E:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml moved successfully.
E:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
E:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
E:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
E:\ProgramData\bProtector folder moved successfully.
E:\ProgramData\Partner folder moved successfully.
========== FILES ==========
File\Folder E:\Users\Jonas\0.2682448267441693.exe not found.
File\Folder E:\Windows\SysWow64\protector.dll not found.
File\Folder C:\Users\Jonas\0.2682448267441693.exe not found.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
File\Folder E:\autorun.exe de not found.
File\Folder E:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File\Folder E:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File\Folder E:\Windows\tasks\Adobe Flash Player Updater.job not found.
File\Folder E:\ProgramData\Partner not found.
< ipconfig /flushdns /c >
Windows IP Configuration
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User

User: Jonas
->Temp folder emptied: 882593442 bytes
->Temporary Internet Files folder emptied: 1467886 bytes
->Java cache emptied: 1288995 bytes
->FireFox cache emptied: 1197027242 bytes
->Google Chrome cache emptied: 448589200 bytes
->Flash cache emptied: 60856 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 188661345 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

Total Files Cleaned = 2,594.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Jonas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

E:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 07262012_065152

Alt 26.07.2012, 11:57   #8
t'john
/// Helfer-Team
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 14:40   #9
Spatz89
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


Ja der PC läuft wieder

Malwarebytes Anti-Malware hat paar sachen gefunden.
Und hier der AdwCleaner Scan

Zitat:
# AdwCleaner v1.703 - Logfile created 07/27/2012 at 01:34:28
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jonas - JONAS-PC
# Running from : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : IBUpdaterService

***** [Files / Folders] *****

Folder Found : C:\ProgramData\IBUpdaterService

***** [Registry] *****

Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\DataMngr_Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.babylon.com/?AF=100346&babsrc=HP_ss&mntrId=204c3cc00000000000008c89a5a1f663

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\5dkv3tlv.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "homepage": "hxxp://search.babylon.com/?AF=100346&babsrc=HP_ss&mntrId=204c3cc00000000000008c89[...]
Found : "keyword": "babylon.com",
Found : "name": "Search the web (Babylon)",
Found : "search_url": "hxxp://search.babylon.com/?q={searchTerms}&AF=100346&babsrc=SP_ss&mntrId=204c3cc00000[...]
Found : "homepage": "hxxp://search.babylon.com/?AF=100346&babsrc=HP_ss&mntrId=204c3cc00000000000008c89a5a[...]

*************************

AdwCleaner[R1].txt - [2870 octets] - [27/07/2012 01:34:28]

########## EOF - C:\AdwCleaner[R1].txt - [2998 octets] ##########

Alt 26.07.2012, 14:44   #10
t'john
/// Helfer-Team
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


Ich brauche das Log von Malwarebytes (Reiter Scan-Berichte)
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 15:03   #11
Spatz89
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


den hatte ich vergessen

Zitat:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jonas :: JONAS-PC [limitiert]

Schutz: Aktiviert

27.07.2012 00:17:15
mbam-log-2012-07-27 (00-17-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 387198
Laufzeit: 1 Stunde(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\BPROTECTOR (PUP.BProtector) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BPROTECTOR (PUP.BProtector) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\bProtector|iexplore homepages (PUP.BProtector) -> Daten: hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF^^ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\bProtector|ImagePath (PUP.BProtector) -> Daten: C:\ProgramData\bProtector\bProtect.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files (x86)\Uninstall Information\ib_uninst_0\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Uninstall Information\ib_uninst_217\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07262012_065152\E_ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07262012_065152\E_Windows\SysWOW64\protector.dll (PUP.BProtector) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 26.07.2012, 15:12   #12
t'john
/// Helfer-Team
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 18:10   #13
Spatz89
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


der erste bericht
Zitat:
# AdwCleaner v1.703 - Logfile created 07/27/2012 at 02:22:09
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jonas - JONAS-PC
# Running from : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : IBUpdaterService

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\IBUpdaterService

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.babylon.com/?AF=100346&babsrc=HP_ss&mntrId=204c3cc00000000000008c89a5a1f663 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\5dkv3tlv.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "homepage": "hxxp://search.babylon.com/?AF=100346&babsrc=HP_ss&mntrId=204c3cc00000000000008c89[...]
Deleted : "keyword": "babylon.com",
Deleted : "name": "Search the web (Babylon)",
Deleted : "search_url": "hxxp://search.babylon.com/?q={searchTerms}&AF=100346&babsrc=SP_ss&mntrId=204c3cc00000[...]
Deleted : "homepage": "hxxp://search.babylon.com/?AF=100346&babsrc=HP_ss&mntrId=204c3cc00000000000008c89a5a[...]

*************************

AdwCleaner[R1].txt - [2987 octets] - [27/07/2012 01:34:28]
AdwCleaner[R2].txt - [3047 octets] - [27/07/2012 01:41:03]
AdwCleaner[S1].txt - [2354 octets] - [27/07/2012 02:22:09]

########## EOF - C:\AdwCleaner[S1].txt - [2482 octets] ##########
und der zweite bericht
Zitat:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 27.07.2012 02:30:52

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 27.07.2012 02:31:04

C:\_OTL\MovedFiles\07262012_065152\E_ProgramData\bProtector\bProtect.exe gefunden: Riskware.AdWare.Win32.GoonSearch!E2

Gescannt 678567
Gefunden 1

Scan Ende: 27.07.2012 03:00:02
Scan Zeit: 0:28:58

C:\_OTL\MovedFiles\07262012_065152\E_ProgramData\bProtector\bProtect.exe Quarantäne Riskware.AdWare.Win32.GoonSearch!E2

Quarantäne 1

Alt 26.07.2012, 19:07   #14
t'john
/// Helfer-Team
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.07.2012, 07:42   #15
Spatz89
 
Trojaner blockiert Windows start - Standard

Trojaner blockiert Windows start


Hier die Logfiles
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6f1fcdee107d8f43bb485ae9d21eafc5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-27 03:04:18
# local_time=2012-07-27 05:04:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 4824079 4824079 0 0
# compatibility_mode=5893 16776574 100 94 4751550 95022381 0 0
# compatibility_mode=8192 67108863 100 0 91 91 0 0
# scanned=216082
# found=0
# cleaned=0
# scan_time=8926

Antwort
Seite 1 von 2 1 2

Themen zu Trojaner blockiert Windows start
angezeigte, anmelden, bildschirm, bildschirm schwarz, blockiert, code eingabe, folge, folgendes, gesperrt, interne, internet, maus, melde, melden, meldung, modus, neustart, plötzlich, scan, schließt, schwarz, start, startet, taskmanager, tastertur, trojaner, windows, windows start


« Verschlüsselungstrojaner Bundespolizei - PC gesperrt - was tun ? (und: wie OTL exe ?) | RKIT/agent.depg.1, Spy.Banker.Gen und andere ... »


Ähnliche Themen: Trojaner blockiert Windows start


  1. Win 7: Fehlermeldung bei Start; Avira wird blockiert
    Log-Analyse und Auswertung - 12.12.2014 (27)
  2. Windows 7: Rechner blockiert kurz nach dem Start
    Log-Analyse und Auswertung - 23.11.2014 (9)
  3. Windows 7: Start/ Fehlermeldung RegSvr32 Fehler beim Laden des Moduls + Avira Control Center blockiert
    Log-Analyse und Auswertung - 25.10.2014 (11)
  4. Windows 7: Bitdefender Start wird durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 03.08.2014 (11)
  5. GVU/BKA-Trojaner - Windows-XP-Start kann nicht unterbunden werden
    Plagegeister aller Art und deren Bekämpfung - 27.04.2014 (13)
  6. Avira Start wird durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 21.04.2014 (9)
  7. Windows XP - GVU-Trojaner - kein Start im abgesicherten Modus
    Log-Analyse und Auswertung - 17.11.2013 (13)
  8. Beim Start von Windows XP erscheint ein Fenster mit dem Hinweis: "Es wurde ein ActiveX Steuerelement blockiert..."
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (39)
  9. incredibar my start blockiert firefox tab
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (17)
  10. Bei Start von Windows Vista kommt ein weißer Bildschirm - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.05.2012 (1)
  11. Windows blockiert // OTL Files am Start
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (23)
  12. Internet Explorer blockiert Rechner nach dem Start
    Plagegeister aller Art und deren Bekämpfung - 08.03.2012 (6)
  13. Ihr Windows System wurde blockiert - beim Start
    Log-Analyse und Auswertung - 16.02.2012 (17)
  14. doppelt: Ihr Windows System wurde blockiert - beim Start
    Mülltonne - 13.02.2012 (0)
  15. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)
  16. Virus Blockiert Windows Start
    Log-Analyse und Auswertung - 12.01.2010 (4)
  17. Trojaner verhindert Windows 2000 Start
    Plagegeister aller Art und deren Bekämpfung - 03.02.2005 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner blockiert Windows start - Hallo, ich habe folgendes Problem. Ich war im Internet unterwegs. Plötzlich bekomm ich eine Virenmeldung und gleich darauf wurde der Bildschirm schwarz nur die unten angezeigte grafik war noch zu - Trojaner blockiert Windows start...
Archiv
Du betrachtest: Trojaner blockiert Windows start auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131