Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Falle ständig auf den Desktop Zurück

Falle ständig auf den Desktop Zurück


Plagegeister aller Art und deren Bekämpfung: Falle ständig auf den Desktop Zurück

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.10.2012, 07:34   #1
DarkAscalon
 
Falle ständig auf den Desktop Zurück - Ausrufezeichen

Falle ständig auf den Desktop Zurück


Hallo liebes Trojaner-Board-Team,
ich habe folgendes Problem ich falle ständig auf den desktop zurück oder programme setzen sich in den hintergrund (bei games z.b. minimieren die sich einfach) bei anderen programmen wie z.b. Google Chrome ist das fenster plötzlich nicht mehr ausgewählt ich bin mit meinem virenscanner (Gdata Totalprotection 2013) schon sehr häufig rübergegangen aber kein befund aber viele "zugriff verweigert" datein wobei ich die namen net kenne habe schon in eurem forum öfters gestöbert zu verschiedenen problemen bevor ich meinen pv vor einigen tagen neu aufgesetzt hab seid dem ich das gemacht hab hab ich das problem bitte helft mir

Alt 09.10.2012, 06:21   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


Hi,


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 15.10.2012, 09:29   #3
DarkAscalon
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.10.2012 10:01:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Frame\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 35,73% Memory free
8,00 Gb Paging File | 4,74 Gb Available in Paging File | 59,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 121,97 Gb Total Space | 76,48 Gb Free Space | 62,71% Space Free | Partition Type: NTFS
Drive G: | 110,81 Gb Total Space | 102,78 Gb Free Space | 92,75% Space Free | Partition Type: NTFS
 
Computer Name: FRAME-PC | User Name: frame | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36F34FA5-8E9B-4D6D-89B8-A4621BCB2342}" = lport=58284 | protocol=17 | dir=in | name=pando media booster | 
"{723B49E8-7D31-45D6-8FA7-0B9C41DB91CB}" = lport=58284 | protocol=6 | dir=in | name=pando media booster | 
"{98D9CA13-72D2-477C-B957-CDD31E9738A7}" = lport=58284 | protocol=6 | dir=in | name=pando media booster | 
"{A6EBFF39-A553-4396-9217-1B378248BC92}" = lport=58284 | protocol=17 | dir=in | name=pando media booster | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2444422E-BD37-4D98-B4FD-2109C4527DBA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4D57CA53-3816-48EF-AAAB-3E1D6BD8A784}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4EB7B506-039F-47B7-87CD-DFC21C7B1878}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7A781495-47A7-46A8-B328-434DA227B946}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E5D0320A-EE4B-490D-ACAC-9703E7AF7805}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FD809A0E-B090-4ED4-84A8-F4AFFA9B9095}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
"{44D9C861-7B40-41E4-8A25-C9EBB9A7A59B}" = TP-LINK Wireless Client Utility
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{CE6217F3-6072-40E2-9157-A4695C334F8E}" = G Data TotalProtection 2013
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"DAEMON Tools Lite" = DAEMON Tools Lite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4028804549-2359495096-1494413759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.10.2012 17:01:21 | Computer Name = Frame-PC | Source = TSNxGService | ID = 131074
Description = G Data Datensafe Die Initialisierung des Dateischutzmoduls (AFP) ist
 fehlgeschlagen Fehlercode: 1
 
Error - 08.10.2012 01:34:54 | Computer Name = Frame-PC | Source = TSNxGService | ID = 131074
Description = G Data Datensafe Die Initialisierung des Dateischutzmoduls (AFP) ist
 fehlgeschlagen Fehlercode: 1
 
Error - 10.10.2012 16:31:13 | Computer Name = Frame-PC | Source = TSNxGService | ID = 131074
Description = G Data Datensafe Die Initialisierung des Dateischutzmoduls (AFP) ist
 fehlgeschlagen Fehlercode: 1
 
Error - 10.10.2012 17:22:37 | Computer Name = Frame-PC | Source = TSNxGService | ID = 131074
Description = G Data Datensafe Die Initialisierung des Dateischutzmoduls (AFP) ist
 fehlgeschlagen Fehlercode: 1
 
Error - 10.10.2012 20:09:09 | Computer Name = Frame-PC | Source = TSNxGService | ID = 131074
Description = G Data Datensafe Die Initialisierung des Dateischutzmoduls (AFP) ist
 fehlgeschlagen Fehlercode: 1
 
Error - 11.10.2012 03:09:19 | Computer Name = Frame-PC | Source = TSNxGService | ID = 131074
Description = G Data Datensafe Die Initialisierung des Dateischutzmoduls (AFP) ist
 fehlgeschlagen Fehlercode: 1
 
Error - 11.10.2012 10:20:09 | Computer Name = Frame-PC | Source = TSNxGService | ID = 131074
Description = G Data Datensafe Die Initialisierung des Dateischutzmoduls (AFP) ist
 fehlgeschlagen Fehlercode: 1
 
Error - 12.10.2012 02:49:12 | Computer Name = Frame-PC | Source = TSNxGService | ID = 131074
Description = G Data Datensafe Die Initialisierung des Dateischutzmoduls (AFP) ist
 fehlgeschlagen Fehlercode: 1
 
Error - 14.10.2012 17:04:25 | Computer Name = Frame-PC | Source = TSNxGService | ID = 131074
Description = G Data Datensafe Die Initialisierung des Dateischutzmoduls (AFP) ist
 fehlgeschlagen Fehlercode: 1
 
Error - 15.10.2012 03:00:06 | Computer Name = Frame-PC | Source = TSNxGService | ID = 131074
Description = G Data Datensafe Die Initialisierung des Dateischutzmoduls (AFP) ist
 fehlgeschlagen Fehlercode: 1
 
[ System Events ]
Error - 10.10.2012 17:20:22 | Computer Name = Frame-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.10.2012 17:20:22 | Computer Name = Frame-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 G Data Personal Firewall erreicht.
 
Error - 10.10.2012 17:20:22 | Computer Name = phillip-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "G Data Personal Firewall" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 10.10.2012 17:22:37 | Computer Name = phillip-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 10.10.2012 20:09:09 | Computer Name = phillip-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 11.10.2012 03:09:19 | Computer Name = phillip-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 11.10.2012 10:20:09 | Computer Name = phillip-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 12.10.2012 02:49:13 | Computer Name = phillip-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 14.10.2012 17:04:26 | Computer Name = phillip-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 15.10.2012 03:00:06 | Computer Name = phillip-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
 
< End of report >
--- --- ---
__________________
Alt 15.10.2012, 09:46   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


Und die OTL.txt?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.10.2012, 16:33   #5
DarkAscalon
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


kommt sofort

So einmal OTL.txt von dem QuickscanOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.10.2012 17:36:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Frame\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,29% Memory free
8,00 Gb Paging File | 6,29 Gb Available in Paging File | 78,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 121,97 Gb Total Space | 77,00 Gb Free Space | 63,13% Space Free | Partition Type: NTFS
Drive G: | 110,81 Gb Total Space | 102,78 Gb Free Space | 92,75% Space Free | Partition Type: NTFS
 
Computer Name: PHILLIP-PC | User Name: phillip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\phillip\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe (Ralink Technology, Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)
SRV - (TSNxGService) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)
SRV - (GDTunerSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)
SRV - (jswpsapi) -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe (Wireless)
SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe (Ralink Technology, Corp.)
SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (TpMediaServer) -- C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (TS4NT) -- C:\Windows\SysNative\drivers\TS4nt.sys (G Data Software)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4028804549-2359495096-1494413759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediBar.com
IE - HKU\S-1-5-21-4028804549-2359495096-1494413759-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-4028804549-2359495096-1494413759-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-4028804549-2359495096-1494413759-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8H2c9kUP&i=26
IE - HKU\S-1-5-21-4028804549-2359495096-1494413759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\phillip\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\phillip\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
 
[2012.10.01 21:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phillip\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.10.01 21:01:13 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\phillip\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.10.01 23:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\phillip\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\phillip\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\phillip\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\phillip\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Internetradio Deutschland = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\agclceincpmoblobmbhhbdfmplndgndf\1_0\
CHR - Extension: YouTube = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Der Pate: Die F\\u00FCnf Familien = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmamepgbnbl\1.0_0\
CHR - Extension: Stylish = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\
CHR - Extension: Sammourac = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\llljnblgdjpjhmejpiejijklnhkddlnn\1_0\
CHR - Extension: Google Mail = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4028804549-2359495096-1494413759-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-4028804549-2359495096-1494413759-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4028804549-2359495096-1494413759-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{958BCAC9-D078-4AC9-9DFB-AB81878C0F80}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ed51cafd-0eeb-11e2-817f-001a927cc1e9}\Shell - "" = AutoRun
O33 - MountPoints2\{ed51cafd-0eeb-11e2-817f-001a927cc1e9}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2012.10.08 10:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.10.08 08:10:27 | 000,000,000 | ---D | C] -- C:\Users\phillip\AppData\Roaming\Malwarebytes
[2012.10.08 08:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.08 08:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.08 08:10:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.08 08:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.07 22:11:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\he-IL
[2012.10.07 22:11:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\he
[2012.10.07 22:11:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2012.10.07 22:11:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\he
[2012.10.07 22:11:31 | 000,000,000 | ---D | C] -- C:\Windows\he-IL
[2012.10.07 22:03:03 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\he-IL\pscr.sys.mui
[2012.10.07 22:01:58 | 000,008,704 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrSerIb.sys.mui
[2012.10.07 22:01:56 | 000,008,704 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrSerId.sys.mui
[2012.10.07 22:01:56 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrParwdm.sys.mui
[2012.10.07 21:59:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\sl-SI
[2012.10.07 21:59:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sl-SI
[2012.10.07 21:59:50 | 000,000,000 | ---D | C] -- C:\Windows\sl-SI
[2012.10.07 21:48:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ar-SA
[2012.10.07 21:48:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ar
[2012.10.07 21:48:04 | 000,000,000 | ---D | C] -- C:\Windows\ar-SA
[2012.10.07 21:48:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2012.10.07 21:48:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ar
[2012.10.07 21:34:42 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ar-SA\pscr.sys.mui
[2012.10.07 21:33:51 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ar-SA\BrSerIb.sys.mui
[2012.10.07 21:33:50 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ar-SA\BrSerId.sys.mui
[2012.10.07 21:33:50 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ar-SA\BrParwdm.sys.mui
[2012.10.07 21:31:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\sk-SK
[2012.10.07 21:31:54 | 000,000,000 | ---D | C] -- C:\Windows\sk-SK
[2012.10.07 21:31:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sk-SK
[2012.10.07 18:42:18 | 000,000,000 | ---D | C] -- C:\Windows\fr-FR
[2012.10.07 18:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\fr-FR
[2012.10.07 18:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\fr
[2012.10.07 18:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\040C
[2012.10.07 18:42:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2012.10.07 18:42:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\fr
[2012.10.07 18:42:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2012.10.07 18:32:17 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\fr-FR\pscr.sys.mui
[2012.10.07 18:31:03 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\fr-FR\BrSerIb.sys.mui
[2012.10.07 18:31:01 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\fr-FR\BrSerId.sys.mui
[2012.10.07 18:31:01 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\fr-FR\BrParwdm.sys.mui
[2012.10.07 18:29:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\es-ES
[2012.10.07 18:29:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\es
[2012.10.07 18:29:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0C0A
[2012.10.07 18:28:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\es
[2012.10.07 18:28:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2012.10.07 18:28:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2012.10.07 18:28:47 | 000,000,000 | ---D | C] -- C:\Windows\es-ES
[2012.10.07 18:21:53 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\es-ES\pscr.sys.mui
[2012.10.07 18:21:05 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\es-ES\BrSerIb.sys.mui
[2012.10.07 18:21:02 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\es-ES\BrSerId.sys.mui
[2012.10.07 18:21:02 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\es-ES\BrParwdm.sys.mui
[2012.10.07 18:19:22 | 000,000,000 | ---D | C] -- C:\Windows\it-IT
[2012.10.07 18:19:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\it-IT
[2012.10.07 18:19:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\it
[2012.10.07 18:19:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0410
[2012.10.07 18:19:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2012.10.07 18:19:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2012.10.07 18:19:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\it
[2012.10.07 18:13:13 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\it-IT\pscr.sys.mui
[2012.10.07 18:12:28 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrSerIb.sys.mui
[2012.10.07 18:12:26 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrSerId.sys.mui
[2012.10.07 18:12:26 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrParwdm.sys.mui
[2012.10.07 18:10:47 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2012.10.07 18:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2012.10.07 18:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2012.10.07 18:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2012.10.07 18:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2012.10.07 18:10:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2012.10.07 18:10:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2012.10.07 18:10:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2012.10.07 18:04:10 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2012.10.07 18:03:35 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2012.10.07 18:03:33 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2012.10.07 18:03:33 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2012.10.07 13:24:43 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\WindowsUpdate
[2012.10.06 20:34:39 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\ElevatedDiagnostics
[2012.10.06 12:40:59 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\NVIDIA
[2012.10.05 15:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.10.05 15:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.10.05 15:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.10.05 15:37:41 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.05 15:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.10.05 15:37:35 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\DAEMON Tools Lite
[2012.10.05 15:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.10.05 15:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.10.05 15:36:17 | 000,000,000 | ---D | C] -- C:\temp
[2012.10.05 15:36:06 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.10.05 15:36:06 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.10.05 15:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.10.05 15:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.10.05 15:32:16 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.10.05 15:07:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.10.05 15:06:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.10.03 13:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.10.03 13:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012.10.03 13:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012.10.02 18:20:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.10.02 18:02:18 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\Diagnostics
[2012.10.02 15:55:09 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Skype
[2012.10.02 15:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.10.02 15:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.10.02 15:55:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.10.02 15:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.10.02 13:49:16 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\LolClient
[2012.10.02 13:49:15 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Macromedia
[2012.10.02 13:49:12 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Adobe
[2012.10.02 13:18:08 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012.10.02 13:17:50 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012.10.02 12:19:40 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012.10.02 10:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.10.02 03:59:13 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.10.01 23:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.01 23:30:34 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Babylon
[2012.10.01 23:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.10.01 23:06:10 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\CRE
[2012.10.01 23:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.10.01 23:05:49 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\Conduit
[2012.10.01 22:54:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.10.01 22:02:40 | 000,000,000 | ---D | C] -- C:\Users\Frame\Desktop\Games
[2012.10.01 21:48:14 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\WinRAR
[2012.10.01 21:48:14 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.01 21:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.01 21:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012.10.01 21:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.10.01 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Mozilla
[2012.10.01 21:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012.10.01 21:00:31 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.10.01 20:35:49 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\PMB Files
[2012.10.01 20:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.10.01 20:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.10.01 20:30:44 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.10.01 20:28:17 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\Google
[2012.10.01 18:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data TotalProtection 2013
[2012.10.01 18:55:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BioAPIFFDB
[2012.10.01 18:55:11 | 000,098,760 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys
[2012.10.01 18:55:09 | 000,059,768 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.10.01 18:55:03 | 000,122,744 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.10.01 18:55:03 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.10.01 18:55:03 | 000,054,136 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.10.01 18:55:02 | 000,065,912 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.10.01 18:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA Software
[2012.10.01 18:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.10.01 18:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2012.10.01 18:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012.10.01 18:53:36 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\Downloaded Installations
[2012.10.01 18:31:33 | 432,321,552 | ---- | C] (G Data Software AG) -- C:\Users\Frame\Desktop\GER_R_FUL_2013_TP.exe
[2012.10.01 18:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012.10.01 18:20:27 | 001,547,616 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2012.10.01 18:20:27 | 000,327,008 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2012.10.01 18:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK Driver
[2012.10.01 18:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.10.01 18:20:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.10.01 18:20:17 | 002,399,584 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll
[2012.10.01 18:20:17 | 001,112,928 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll
[2012.10.01 18:20:17 | 001,112,928 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll
[2012.10.01 18:20:17 | 000,128,864 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll
[2012.10.01 18:20:17 | 000,128,864 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll
[2012.10.01 18:20:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RaLanguages
[2012.10.01 18:19:00 | 000,000,000 | ---D | C] -- C:\Users\phillip\AppData\Roaming\TP-LINK
[2012.10.01 18:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2012.10.01 18:18:49 | 000,884,736 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysWow64\jswscsup.dll
[2012.10.01 18:18:49 | 000,026,624 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\jswpslwfx.sys
[2012.10.01 18:18:48 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll
[2012.10.01 18:18:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.10.01 18:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2012.10.01 18:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2012.10.01 18:06:49 | 000,000,000 | R--D | C] -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.10.01 18:06:49 | 000,000,000 | R--D | C] -- C:\Users\Frame\Searches
[2012.10.01 18:06:49 | 000,000,000 | R--D | C] -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.10.01 18:06:49 | 000,000,000 | -H-D | C] -- C:\Users\Frame\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012.10.01 18:06:40 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Identities
[2012.10.01 18:06:38 | 000,000,000 | R--D | C] -- C:\Users\Frame\Contacts
[2012.10.01 18:06:37 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\VirtualStore
[2012.10.01 18:06:29 | 000,000,000 | --SD | C] -- C:\Users\Frame\AppData\Roaming\Microsoft
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Videos
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Saved Games
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Pictures
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Music
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Links
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Favorites
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Downloads
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Documents
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Desktop
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\AppData\Local\Temporary Internet Files
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Templates
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Start Menu
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\SendTo
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Recent
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\PrintHood
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\NetHood
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Documents\My Videos
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Documents\My Pictures
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Documents\My Music
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\My Documents
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Local Settings
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\AppData\Local\History
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Cookies
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Application Data
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\AppData\Local\Application Data
[2012.10.01 18:06:29 | 000,000,000 | -H-D | C] -- C:\Users\Frame\AppData
[2012.10.01 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\Temp
[2012.10.01 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\Microsoft
[2012.10.01 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Media Center Programs
[2012.10.01 18:06:20 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.10.01 18:02:46 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.10.01 18:00:36 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.10.01 18:00:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.15 17:38:01 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 17:38:01 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 17:34:46 | 000,826,405 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.10.15 17:34:46 | 000,044,952 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.10.15 17:30:45 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{AF20604E-4BD5-4AE4-9988-B95687A1D2EC}.job
[2012.10.15 17:30:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.15 17:30:14 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.15 09:45:22 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028804549-2359495096-1494413759-1000UA.job
[2012.10.11 22:45:01 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028804549-2359495096-1494413759-1000Core.job
[2012.10.11 16:27:25 | 000,002,451 | ---- | M] () -- C:\Users\Frame\Desktop\Google Chrome.lnk
[2012.10.08 09:04:49 | 000,000,168 | ---- | M] () -- C:\Users\Frame\defogger_reenable
[2012.10.08 08:37:01 | 000,004,214 | ---- | M] () -- C:\Users\Frame\Documents\G Data Protokoll ID 67.html
[2012.10.08 08:10:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.08 07:39:50 | 004,895,608 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.08 07:39:50 | 000,694,232 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.10.08 07:39:50 | 000,693,256 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012.10.08 07:39:50 | 000,688,910 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.10.08 07:39:50 | 000,651,768 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.08 07:39:50 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.08 07:39:50 | 000,434,288 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2012.10.08 07:39:50 | 000,353,324 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012.10.08 07:39:50 | 000,136,864 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012.10.08 07:39:50 | 000,129,942 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.10.08 07:39:50 | 000,129,468 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.08 07:39:50 | 000,126,946 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.10.08 07:39:50 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.08 07:39:50 | 000,078,786 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2012.10.08 07:39:50 | 000,068,896 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012.10.07 22:11:19 | 000,229,316 | ---- | M] () -- C:\Windows\SysNative\perfi00D.dat
[2012.10.07 22:11:19 | 000,032,166 | ---- | M] () -- C:\Windows\SysNative\perfd00D.dat
[2012.10.07 21:47:37 | 000,289,060 | ---- | M] () -- C:\Windows\SysNative\perfi001.dat
[2012.10.07 21:47:37 | 000,042,056 | ---- | M] () -- C:\Windows\SysNative\perfd001.dat
[2012.10.07 18:41:48 | 000,344,522 | ---- | M] () -- C:\Windows\SysNative\perfi00C.dat
[2012.10.07 18:41:48 | 000,038,160 | ---- | M] () -- C:\Windows\SysNative\perfd00C.dat
[2012.10.07 18:28:19 | 000,341,432 | ---- | M] () -- C:\Windows\SysNative\perfi00A.dat
[2012.10.07 18:28:19 | 000,041,390 | ---- | M] () -- C:\Windows\SysNative\perfd00A.dat
[2012.10.07 18:18:57 | 000,335,478 | ---- | M] () -- C:\Windows\SysNative\perfi010.dat
[2012.10.07 18:18:57 | 000,037,534 | ---- | M] () -- C:\Windows\SysNative\perfd010.dat
[2012.10.07 18:10:19 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2012.10.07 18:10:19 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2012.10.05 16:57:29 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.05 15:38:47 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.10.05 15:37:41 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.03 13:34:50 | 000,000,454 | ---- | M] () -- C:\user.js
[2012.10.02 15:55:05 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.10.01 23:06:24 | 000,000,009 | ---- | M] () -- C:\END
[2012.10.01 21:00:31 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.10.01 20:26:29 | 000,001,441 | ---- | M] () -- C:\Users\Frame\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.10.01 20:25:21 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012.10.01 19:30:47 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.01 19:30:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.01 18:55:11 | 000,098,760 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys
[2012.10.01 18:55:09 | 000,059,768 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.10.01 18:55:03 | 000,122,744 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.10.01 18:55:03 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.10.01 18:55:03 | 000,054,136 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.10.01 18:55:02 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.10.01 18:54:50 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\G Data TotalProtection.lnk
[2012.10.01 18:20:45 | 000,001,999 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Client Utility.lnk
[2012.10.01 18:18:56 | 000,002,303 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2012.10.01 18:18:56 | 000,002,271 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2012.10.01 18:03:26 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.10.01 18:03:26 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.10.01 18:01:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2012.10.08 09:04:49 | 000,000,168 | ---- | C] () -- C:\Users\phillip\defogger_reenable
[2012.10.08 08:37:01 | 000,004,214 | ---- | C] () -- C:\Users\phillip\Documents\G Data Protokoll ID 67.html
[2012.10.08 08:10:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.07 22:13:00 | 000,229,316 | ---- | C] () -- C:\Windows\SysNative\perfi00D.dat
[2012.10.07 22:12:59 | 000,353,324 | ---- | C] () -- C:\Windows\SysNative\perfh00D.dat
[2012.10.07 22:12:59 | 000,068,896 | ---- | C] () -- C:\Windows\SysNative\perfc00D.dat
[2012.10.07 22:12:59 | 000,032,166 | ---- | C] () -- C:\Windows\SysNative\perfd00D.dat
[2012.10.07 21:49:06 | 000,434,288 | ---- | C] () -- C:\Windows\SysNative\perfh001.dat
[2012.10.07 21:49:06 | 000,289,060 | ---- | C] () -- C:\Windows\SysNative\perfi001.dat
[2012.10.07 21:49:06 | 000,042,056 | ---- | C] () -- C:\Windows\SysNative\perfd001.dat
[2012.10.07 21:49:05 | 000,078,786 | ---- | C] () -- C:\Windows\SysNative\perfc001.dat
[2012.10.07 18:43:03 | 000,694,232 | ---- | C] () -- C:\Windows\SysNative\perfh00C.dat
[2012.10.07 18:43:03 | 000,344,522 | ---- | C] () -- C:\Windows\SysNative\perfi00C.dat
[2012.10.07 18:43:03 | 000,129,942 | ---- | C] () -- C:\Windows\SysNative\perfc00C.dat
[2012.10.07 18:43:03 | 000,038,160 | ---- | C] () -- C:\Windows\SysNative\perfd00C.dat
[2012.10.07 18:29:47 | 000,693,256 | ---- | C] () -- C:\Windows\SysNative\perfh00A.dat
[2012.10.07 18:29:47 | 000,341,432 | ---- | C] () -- C:\Windows\SysNative\perfi00A.dat
[2012.10.07 18:29:47 | 000,136,864 | ---- | C] () -- C:\Windows\SysNative\perfc00A.dat
[2012.10.07 18:29:47 | 000,041,390 | ---- | C] () -- C:\Windows\SysNative\perfd00A.dat
[2012.10.07 18:20:01 | 000,688,910 | ---- | C] () -- C:\Windows\SysNative\perfh010.dat
[2012.10.07 18:20:01 | 000,335,478 | ---- | C] () -- C:\Windows\SysNative\perfi010.dat
[2012.10.07 18:20:01 | 000,126,946 | ---- | C] () -- C:\Windows\SysNative\perfc010.dat
[2012.10.07 18:20:01 | 000,037,534 | ---- | C] () -- C:\Windows\SysNative\perfd010.dat
[2012.10.07 18:11:31 | 000,651,768 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.07 18:11:31 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2012.10.07 18:11:31 | 000,129,468 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.07 18:11:31 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2012.10.05 15:38:47 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.10.05 15:33:44 | 000,016,366 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.10.03 13:35:20 | 000,000,416 | -H-- | C] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{AF20604E-4BD5-4AE4-9988-B95687A1D2EC}.job
[2012.10.03 13:34:49 | 000,000,454 | ---- | C] () -- C:\user.js
[2012.10.02 15:55:05 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.10.02 13:19:11 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2012.10.02 13:18:56 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012.10.02 13:17:31 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012.10.02 13:17:21 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012.10.02 13:17:21 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012.10.02 13:17:11 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012.10.02 13:17:11 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012.10.02 10:29:15 | 000,826,405 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.10.02 10:29:15 | 000,044,952 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2012.10.01 23:06:23 | 000,000,009 | ---- | C] () -- C:\END
[2012.10.01 20:30:46 | 000,002,451 | ---- | C] () -- C:\Users\Frame\Desktop\Google Chrome.lnk
[2012.10.01 20:28:19 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028804549-2359495096-1494413759-1000UA.job
[2012.10.01 20:28:17 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028804549-2359495096-1494413759-1000Core.job
[2012.10.01 20:26:29 | 000,001,441 | ---- | C] () -- C:\Users\Frame\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.10.01 20:25:21 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012.10.01 19:30:47 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.01 19:30:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.01 18:54:50 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\G Data TotalProtection.lnk
[2012.10.01 18:20:45 | 000,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Client Utility.lnk
[2012.10.01 18:20:27 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.10.01 18:20:27 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2012.10.01 18:20:17 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012.10.01 18:20:17 | 000,792,416 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.dll
[2012.10.01 18:20:17 | 000,000,452 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012.10.01 18:20:17 | 000,000,452 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.ini
[2012.10.01 18:18:56 | 000,002,303 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2012.10.01 18:18:56 | 000,002,271 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2012.10.01 18:06:53 | 000,001,413 | ---- | C] () -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.10.01 18:06:50 | 000,001,447 | ---- | C] () -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.10.01 18:06:29 | 000,000,290 | ---- | C] () -- C:\Users\Frame\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012.10.01 18:06:29 | 000,000,272 | ---- | C] () -- C:\Users\Frame\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012.10.01 18:03:15 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.10.01 18:03:10 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.10.01 18:01:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.10.01 18:00:01 | 3220,578,304 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.01 23:30:34 | 000,000,000 | ---D | M] -- C:\Users\Frame\AppData\Roaming\Babylon
[2012.10.05 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\Frame\AppData\Roaming\DAEMON Tools Lite
[2012.10.02 13:49:16 | 000,000,000 | ---D | M] -- C:\Users\Frame\AppData\Roaming\LolClient
[2012.10.01 18:22:19 | 000,000,000 | ---D | M] -- C:\Users\Frame\AppData\Roaming\TP-LINK
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

So einmal OTL.txt von dem QuickscanOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.10.2012 17:36:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Frame\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,29% Memory free
8,00 Gb Paging File | 6,29 Gb Available in Paging File | 78,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 121,97 Gb Total Space | 77,00 Gb Free Space | 63,13% Space Free | Partition Type: NTFS
Drive G: | 110,81 Gb Total Space | 102,78 Gb Free Space | 92,75% Space Free | Partition Type: NTFS
 
Computer Name: PHILLIP-PC | User Name: phillip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\phillip\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe (Ralink Technology, Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll ()
MOD - C:\Users\Frame\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG)
SRV - (TSNxGService) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software)
SRV - (GDTunerSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG)
SRV - (jswpsapi) -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe (Wireless)
SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe (Ralink Technology, Corp.)
SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (TpMediaServer) -- C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (TS4NT) -- C:\Windows\SysNative\drivers\TS4nt.sys (G Data Software)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4028804549-2359495096-1494413759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediBar.com
IE - HKU\S-1-5-21-4028804549-2359495096-1494413759-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-4028804549-2359495096-1494413759-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-4028804549-2359495096-1494413759-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8H2c9kUP&i=26
IE - HKU\S-1-5-21-4028804549-2359495096-1494413759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\phillip\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\phillip\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
 
[2012.10.01 21:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phillip\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.10.01 21:01:13 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\phillip\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.10.01 23:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\phillip\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\phillip\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\phillip\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\phillip\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Internetradio Deutschland = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\agclceincpmoblobmbhhbdfmplndgndf\1_0\
CHR - Extension: YouTube = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Der Pate: Die F\\u00FCnf Familien = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmamepgbnbl\1.0_0\
CHR - Extension: Stylish = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\
CHR - Extension: Sammourac = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\llljnblgdjpjhmejpiejijklnhkddlnn\1_0\
CHR - Extension: Google Mail = C:\Users\phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4028804549-2359495096-1494413759-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-4028804549-2359495096-1494413759-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4028804549-2359495096-1494413759-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{958BCAC9-D078-4AC9-9DFB-AB81878C0F80}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ed51cafd-0eeb-11e2-817f-001a927cc1e9}\Shell - "" = AutoRun
O33 - MountPoints2\{ed51cafd-0eeb-11e2-817f-001a927cc1e9}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2012.10.08 10:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.10.08 08:10:27 | 000,000,000 | ---D | C] -- C:\Users\phillip\AppData\Roaming\Malwarebytes
[2012.10.08 08:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.08 08:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.08 08:10:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.08 08:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.07 22:11:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\he-IL
[2012.10.07 22:11:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\he
[2012.10.07 22:11:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2012.10.07 22:11:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\he
[2012.10.07 22:11:31 | 000,000,000 | ---D | C] -- C:\Windows\he-IL
[2012.10.07 22:03:03 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\he-IL\pscr.sys.mui
[2012.10.07 22:01:58 | 000,008,704 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrSerIb.sys.mui
[2012.10.07 22:01:56 | 000,008,704 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrSerId.sys.mui
[2012.10.07 22:01:56 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrParwdm.sys.mui
[2012.10.07 21:59:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\sl-SI
[2012.10.07 21:59:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sl-SI
[2012.10.07 21:59:50 | 000,000,000 | ---D | C] -- C:\Windows\sl-SI
[2012.10.07 21:48:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ar-SA
[2012.10.07 21:48:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ar
[2012.10.07 21:48:04 | 000,000,000 | ---D | C] -- C:\Windows\ar-SA
[2012.10.07 21:48:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2012.10.07 21:48:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ar
[2012.10.07 21:34:42 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ar-SA\pscr.sys.mui
[2012.10.07 21:33:51 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ar-SA\BrSerIb.sys.mui
[2012.10.07 21:33:50 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ar-SA\BrSerId.sys.mui
[2012.10.07 21:33:50 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ar-SA\BrParwdm.sys.mui
[2012.10.07 21:31:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\sk-SK
[2012.10.07 21:31:54 | 000,000,000 | ---D | C] -- C:\Windows\sk-SK
[2012.10.07 21:31:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sk-SK
[2012.10.07 18:42:18 | 000,000,000 | ---D | C] -- C:\Windows\fr-FR
[2012.10.07 18:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\fr-FR
[2012.10.07 18:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\fr
[2012.10.07 18:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\040C
[2012.10.07 18:42:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2012.10.07 18:42:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\fr
[2012.10.07 18:42:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2012.10.07 18:32:17 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\fr-FR\pscr.sys.mui
[2012.10.07 18:31:03 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\fr-FR\BrSerIb.sys.mui
[2012.10.07 18:31:01 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\fr-FR\BrSerId.sys.mui
[2012.10.07 18:31:01 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\fr-FR\BrParwdm.sys.mui
[2012.10.07 18:29:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\es-ES
[2012.10.07 18:29:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\es
[2012.10.07 18:29:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0C0A
[2012.10.07 18:28:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\es
[2012.10.07 18:28:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2012.10.07 18:28:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2012.10.07 18:28:47 | 000,000,000 | ---D | C] -- C:\Windows\es-ES
[2012.10.07 18:21:53 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\es-ES\pscr.sys.mui
[2012.10.07 18:21:05 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\es-ES\BrSerIb.sys.mui
[2012.10.07 18:21:02 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\es-ES\BrSerId.sys.mui
[2012.10.07 18:21:02 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\es-ES\BrParwdm.sys.mui
[2012.10.07 18:19:22 | 000,000,000 | ---D | C] -- C:\Windows\it-IT
[2012.10.07 18:19:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\it-IT
[2012.10.07 18:19:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\it
[2012.10.07 18:19:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0410
[2012.10.07 18:19:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2012.10.07 18:19:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2012.10.07 18:19:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\it
[2012.10.07 18:13:13 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\it-IT\pscr.sys.mui
[2012.10.07 18:12:28 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrSerIb.sys.mui
[2012.10.07 18:12:26 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrSerId.sys.mui
[2012.10.07 18:12:26 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrParwdm.sys.mui
[2012.10.07 18:10:47 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2012.10.07 18:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2012.10.07 18:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2012.10.07 18:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2012.10.07 18:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2012.10.07 18:10:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2012.10.07 18:10:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2012.10.07 18:10:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2012.10.07 18:04:10 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2012.10.07 18:03:35 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2012.10.07 18:03:33 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2012.10.07 18:03:33 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2012.10.07 13:24:43 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\WindowsUpdate
[2012.10.06 20:34:39 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\ElevatedDiagnostics
[2012.10.06 12:40:59 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\NVIDIA
[2012.10.05 15:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.10.05 15:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.10.05 15:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.10.05 15:37:41 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.05 15:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.10.05 15:37:35 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\DAEMON Tools Lite
[2012.10.05 15:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.10.05 15:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.10.05 15:36:17 | 000,000,000 | ---D | C] -- C:\temp
[2012.10.05 15:36:06 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.10.05 15:36:06 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.10.05 15:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.10.05 15:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.10.05 15:32:16 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.10.05 15:07:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.10.05 15:06:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.10.03 13:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.10.03 13:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012.10.03 13:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012.10.02 18:20:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.10.02 18:02:18 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\Diagnostics
[2012.10.02 15:55:09 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Skype
[2012.10.02 15:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.10.02 15:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.10.02 15:55:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.10.02 15:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.10.02 13:49:16 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\LolClient
[2012.10.02 13:49:15 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Macromedia
[2012.10.02 13:49:12 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Adobe
[2012.10.02 13:18:08 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012.10.02 13:17:50 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012.10.02 12:19:40 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012.10.02 10:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.10.02 03:59:13 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.10.01 23:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.01 23:30:34 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Babylon
[2012.10.01 23:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.10.01 23:06:10 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\CRE
[2012.10.01 23:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.10.01 23:05:49 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\Conduit
[2012.10.01 22:54:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.10.01 22:02:40 | 000,000,000 | ---D | C] -- C:\Users\Frame\Desktop\Games
[2012.10.01 21:48:14 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\WinRAR
[2012.10.01 21:48:14 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.01 21:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.01 21:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012.10.01 21:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.10.01 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Mozilla
[2012.10.01 21:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012.10.01 21:00:31 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.10.01 20:35:49 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\PMB Files
[2012.10.01 20:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.10.01 20:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.10.01 20:30:44 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.10.01 20:28:17 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\Google
[2012.10.01 18:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data TotalProtection 2013
[2012.10.01 18:55:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BioAPIFFDB
[2012.10.01 18:55:11 | 000,098,760 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys
[2012.10.01 18:55:09 | 000,059,768 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.10.01 18:55:03 | 000,122,744 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.10.01 18:55:03 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.10.01 18:55:03 | 000,054,136 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.10.01 18:55:02 | 000,065,912 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.10.01 18:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA Software
[2012.10.01 18:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.10.01 18:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2012.10.01 18:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012.10.01 18:53:36 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\Downloaded Installations
[2012.10.01 18:31:33 | 432,321,552 | ---- | C] (G Data Software AG) -- C:\Users\Frame\Desktop\GER_R_FUL_2013_TP.exe
[2012.10.01 18:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012.10.01 18:20:27 | 001,547,616 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2012.10.01 18:20:27 | 000,327,008 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2012.10.01 18:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK Driver
[2012.10.01 18:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.10.01 18:20:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.10.01 18:20:17 | 002,399,584 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll
[2012.10.01 18:20:17 | 001,112,928 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll
[2012.10.01 18:20:17 | 001,112,928 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll
[2012.10.01 18:20:17 | 000,128,864 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll
[2012.10.01 18:20:17 | 000,128,864 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll
[2012.10.01 18:20:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RaLanguages
[2012.10.01 18:19:00 | 000,000,000 | ---D | C] -- C:\Users\phillip\AppData\Roaming\TP-LINK
[2012.10.01 18:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2012.10.01 18:18:49 | 000,884,736 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysWow64\jswscsup.dll
[2012.10.01 18:18:49 | 000,026,624 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\jswpslwfx.sys
[2012.10.01 18:18:48 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll
[2012.10.01 18:18:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.10.01 18:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2012.10.01 18:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2012.10.01 18:06:49 | 000,000,000 | R--D | C] -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.10.01 18:06:49 | 000,000,000 | R--D | C] -- C:\Users\Frame\Searches
[2012.10.01 18:06:49 | 000,000,000 | R--D | C] -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.10.01 18:06:49 | 000,000,000 | -H-D | C] -- C:\Users\Frame\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012.10.01 18:06:40 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Identities
[2012.10.01 18:06:38 | 000,000,000 | R--D | C] -- C:\Users\Frame\Contacts
[2012.10.01 18:06:37 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\VirtualStore
[2012.10.01 18:06:29 | 000,000,000 | --SD | C] -- C:\Users\Frame\AppData\Roaming\Microsoft
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Videos
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Saved Games
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Pictures
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Music
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Links
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Favorites
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Downloads
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Documents
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\Desktop
[2012.10.01 18:06:29 | 000,000,000 | R--D | C] -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\AppData\Local\Temporary Internet Files
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Templates
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Start Menu
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\SendTo
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Recent
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\PrintHood
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\NetHood
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Documents\My Videos
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Documents\My Pictures
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Documents\My Music
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\My Documents
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Local Settings
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\AppData\Local\History
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Cookies
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\Application Data
[2012.10.01 18:06:29 | 000,000,000 | -HSD | C] -- C:\Users\Frame\AppData\Local\Application Data
[2012.10.01 18:06:29 | 000,000,000 | -H-D | C] -- C:\Users\Frame\AppData
[2012.10.01 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\Temp
[2012.10.01 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Local\Microsoft
[2012.10.01 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Frame\AppData\Roaming\Media Center Programs
[2012.10.01 18:06:20 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.10.01 18:02:46 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.10.01 18:00:36 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.10.01 18:00:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.15 17:38:01 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 17:38:01 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 17:34:46 | 000,826,405 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.10.15 17:34:46 | 000,044,952 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.10.15 17:30:45 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{AF20604E-4BD5-4AE4-9988-B95687A1D2EC}.job
[2012.10.15 17:30:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.15 17:30:14 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.15 09:45:22 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028804549-2359495096-1494413759-1000UA.job
[2012.10.11 22:45:01 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028804549-2359495096-1494413759-1000Core.job
[2012.10.11 16:27:25 | 000,002,451 | ---- | M] () -- C:\Users\Frame\Desktop\Google Chrome.lnk
[2012.10.08 09:04:49 | 000,000,168 | ---- | M] () -- C:\Users\Frame\defogger_reenable
[2012.10.08 08:37:01 | 000,004,214 | ---- | M] () -- C:\Users\Frame\Documents\G Data Protokoll ID 67.html
[2012.10.08 08:10:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.08 07:39:50 | 004,895,608 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.08 07:39:50 | 000,694,232 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.10.08 07:39:50 | 000,693,256 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012.10.08 07:39:50 | 000,688,910 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.10.08 07:39:50 | 000,651,768 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.08 07:39:50 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.08 07:39:50 | 000,434,288 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2012.10.08 07:39:50 | 000,353,324 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012.10.08 07:39:50 | 000,136,864 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012.10.08 07:39:50 | 000,129,942 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.10.08 07:39:50 | 000,129,468 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.08 07:39:50 | 000,126,946 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.10.08 07:39:50 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.08 07:39:50 | 000,078,786 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2012.10.08 07:39:50 | 000,068,896 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012.10.07 22:11:19 | 000,229,316 | ---- | M] () -- C:\Windows\SysNative\perfi00D.dat
[2012.10.07 22:11:19 | 000,032,166 | ---- | M] () -- C:\Windows\SysNative\perfd00D.dat
[2012.10.07 21:47:37 | 000,289,060 | ---- | M] () -- C:\Windows\SysNative\perfi001.dat
[2012.10.07 21:47:37 | 000,042,056 | ---- | M] () -- C:\Windows\SysNative\perfd001.dat
[2012.10.07 18:41:48 | 000,344,522 | ---- | M] () -- C:\Windows\SysNative\perfi00C.dat
[2012.10.07 18:41:48 | 000,038,160 | ---- | M] () -- C:\Windows\SysNative\perfd00C.dat
[2012.10.07 18:28:19 | 000,341,432 | ---- | M] () -- C:\Windows\SysNative\perfi00A.dat
[2012.10.07 18:28:19 | 000,041,390 | ---- | M] () -- C:\Windows\SysNative\perfd00A.dat
[2012.10.07 18:18:57 | 000,335,478 | ---- | M] () -- C:\Windows\SysNative\perfi010.dat
[2012.10.07 18:18:57 | 000,037,534 | ---- | M] () -- C:\Windows\SysNative\perfd010.dat
[2012.10.07 18:10:19 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2012.10.07 18:10:19 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2012.10.05 16:57:29 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.05 15:38:47 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.10.05 15:37:41 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.03 13:34:50 | 000,000,454 | ---- | M] () -- C:\user.js
[2012.10.02 15:55:05 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.10.01 23:06:24 | 000,000,009 | ---- | M] () -- C:\END
[2012.10.01 21:00:31 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.10.01 20:26:29 | 000,001,441 | ---- | M] () -- C:\Users\Frame\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.10.01 20:25:21 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012.10.01 19:30:47 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.01 19:30:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.01 18:55:11 | 000,098,760 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys
[2012.10.01 18:55:09 | 000,059,768 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.10.01 18:55:03 | 000,122,744 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.10.01 18:55:03 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.10.01 18:55:03 | 000,054,136 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.10.01 18:55:02 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.10.01 18:54:50 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\G Data TotalProtection.lnk
[2012.10.01 18:20:45 | 000,001,999 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Client Utility.lnk
[2012.10.01 18:18:56 | 000,002,303 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2012.10.01 18:18:56 | 000,002,271 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2012.10.01 18:03:26 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.10.01 18:03:26 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.10.01 18:01:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2012.10.08 09:04:49 | 000,000,168 | ---- | C] () -- C:\Users\phillip\defogger_reenable
[2012.10.08 08:37:01 | 000,004,214 | ---- | C] () -- C:\Users\phillip\Documents\G Data Protokoll ID 67.html
[2012.10.08 08:10:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.07 22:13:00 | 000,229,316 | ---- | C] () -- C:\Windows\SysNative\perfi00D.dat
[2012.10.07 22:12:59 | 000,353,324 | ---- | C] () -- C:\Windows\SysNative\perfh00D.dat
[2012.10.07 22:12:59 | 000,068,896 | ---- | C] () -- C:\Windows\SysNative\perfc00D.dat
[2012.10.07 22:12:59 | 000,032,166 | ---- | C] () -- C:\Windows\SysNative\perfd00D.dat
[2012.10.07 21:49:06 | 000,434,288 | ---- | C] () -- C:\Windows\SysNative\perfh001.dat
[2012.10.07 21:49:06 | 000,289,060 | ---- | C] () -- C:\Windows\SysNative\perfi001.dat
[2012.10.07 21:49:06 | 000,042,056 | ---- | C] () -- C:\Windows\SysNative\perfd001.dat
[2012.10.07 21:49:05 | 000,078,786 | ---- | C] () -- C:\Windows\SysNative\perfc001.dat
[2012.10.07 18:43:03 | 000,694,232 | ---- | C] () -- C:\Windows\SysNative\perfh00C.dat
[2012.10.07 18:43:03 | 000,344,522 | ---- | C] () -- C:\Windows\SysNative\perfi00C.dat
[2012.10.07 18:43:03 | 000,129,942 | ---- | C] () -- C:\Windows\SysNative\perfc00C.dat
[2012.10.07 18:43:03 | 000,038,160 | ---- | C] () -- C:\Windows\SysNative\perfd00C.dat
[2012.10.07 18:29:47 | 000,693,256 | ---- | C] () -- C:\Windows\SysNative\perfh00A.dat
[2012.10.07 18:29:47 | 000,341,432 | ---- | C] () -- C:\Windows\SysNative\perfi00A.dat
[2012.10.07 18:29:47 | 000,136,864 | ---- | C] () -- C:\Windows\SysNative\perfc00A.dat
[2012.10.07 18:29:47 | 000,041,390 | ---- | C] () -- C:\Windows\SysNative\perfd00A.dat
[2012.10.07 18:20:01 | 000,688,910 | ---- | C] () -- C:\Windows\SysNative\perfh010.dat
[2012.10.07 18:20:01 | 000,335,478 | ---- | C] () -- C:\Windows\SysNative\perfi010.dat
[2012.10.07 18:20:01 | 000,126,946 | ---- | C] () -- C:\Windows\SysNative\perfc010.dat
[2012.10.07 18:20:01 | 000,037,534 | ---- | C] () -- C:\Windows\SysNative\perfd010.dat
[2012.10.07 18:11:31 | 000,651,768 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.07 18:11:31 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2012.10.07 18:11:31 | 000,129,468 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.07 18:11:31 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2012.10.05 15:38:47 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.10.05 15:33:44 | 000,016,366 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.10.03 13:35:20 | 000,000,416 | -H-- | C] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{AF20604E-4BD5-4AE4-9988-B95687A1D2EC}.job
[2012.10.03 13:34:49 | 000,000,454 | ---- | C] () -- C:\user.js
[2012.10.02 15:55:05 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.10.02 13:19:11 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2012.10.02 13:18:56 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012.10.02 13:17:31 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012.10.02 13:17:21 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012.10.02 13:17:21 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012.10.02 13:17:11 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012.10.02 13:17:11 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012.10.02 10:29:15 | 000,826,405 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.10.02 10:29:15 | 000,044,952 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2012.10.01 23:06:23 | 000,000,009 | ---- | C] () -- C:\END
[2012.10.01 20:30:46 | 000,002,451 | ---- | C] () -- C:\Users\Frame\Desktop\Google Chrome.lnk
[2012.10.01 20:28:19 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028804549-2359495096-1494413759-1000UA.job
[2012.10.01 20:28:17 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4028804549-2359495096-1494413759-1000Core.job
[2012.10.01 20:26:29 | 000,001,441 | ---- | C] () -- C:\Users\Frame\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.10.01 20:25:21 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012.10.01 19:30:47 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.01 19:30:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.01 18:54:50 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\G Data TotalProtection.lnk
[2012.10.01 18:20:45 | 000,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Client Utility.lnk
[2012.10.01 18:20:27 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.10.01 18:20:27 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2012.10.01 18:20:17 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012.10.01 18:20:17 | 000,792,416 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.dll
[2012.10.01 18:20:17 | 000,000,452 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012.10.01 18:20:17 | 000,000,452 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.ini
[2012.10.01 18:18:56 | 000,002,303 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2012.10.01 18:18:56 | 000,002,271 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2012.10.01 18:06:53 | 000,001,413 | ---- | C] () -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.10.01 18:06:50 | 000,001,447 | ---- | C] () -- C:\Users\Frame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.10.01 18:06:29 | 000,000,290 | ---- | C] () -- C:\Users\Frame\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012.10.01 18:06:29 | 000,000,272 | ---- | C] () -- C:\Users\Frame\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012.10.01 18:03:15 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.10.01 18:03:10 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.10.01 18:01:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.10.01 18:00:01 | 3220,578,304 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.01 23:30:34 | 000,000,000 | ---D | M] -- C:\Users\Frame\AppData\Roaming\Babylon
[2012.10.05 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\Frame\AppData\Roaming\DAEMON Tools Lite
[2012.10.02 13:49:16 | 000,000,000 | ---D | M] -- C:\Users\Frame\AppData\Roaming\LolClient
[2012.10.01 18:22:19 | 000,000,000 | ---D | M] -- C:\Users\Frame\AppData\Roaming\TP-LINK
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Nochmal die OTL.txt

Geändert von DarkAscalon (15.10.2012 um 17:07 Uhr)

Alt 15.10.2012, 17:42   #6
DarkAscalon
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


So die OTL.txt und sorry das ich den quickscan so oft hochgeladen hab war noch nie mitglied in einem forum

Alt 15.10.2012, 17:44   #7
schrauber
/// the machine
/// TB-Ausbilder
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.10.2012, 18:52   #8
DarkAscalon
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


So Combofix.txt folgt

Alt 15.10.2012, 19:00   #9
schrauber
/// the machine
/// TB-Ausbilder
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


Logs bitte nicht anhängen sondern im Thread posten.


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Driver::
GLogin
DDS::
uStart Page = hxxp://mystart.incredibar.com/mb139?a=6R8H2c9kUP&i=26
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.




Downloade bitte Grinler's unhide.exe auf deinem Desktop
Starte das Tool mit Doppelklick.

Wenn es seine Arbeit getan hat, wir eine Nachricht mit Done aufpoppen.
Es wird auch eine Logfile, Unhide.txt erstellen. Poste diese bitte hier.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.10.2012, 19:51   #10
DarkAscalon
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


Hier der neue Report von Combofix

Alt 15.10.2012, 19:53   #11
DarkAscalon
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


Die Unhide.txt

Alt 16.10.2012, 13:06   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


Hi,

Wie oben schon erwähnt, Logfiles bitte nicht anhängen, direkt in den Thread posten. ich kann die von der Arbeit aus nicht öffnen. Bitte poste sie erneut.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.10.2012, 20:47   #13
DarkAscalon
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


Unhide by Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
Unhide.exe - A introduction as to what this program does

Program started at: 10/15/2012 08:51:59 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.

Processing the C:\ drive

Die anderen logfiles waren zu groß =) deshalb anhang

Alt 18.10.2012, 06:11   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Falle ständig auf den Desktop Zurück - Standard

Falle ständig auf den Desktop Zurück


Dann teile sie bitte in mehrere Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Falle ständig auf den Desktop Zurück
anderen, datei, desktop, einfach, fenster, folge, forum, games, gdata, google, helft, hintergrund, namen, neu, neu aufgesetzt, nicht mehr, plötzlich, problem, probleme, programme, scan, scanner, totalprotection, verschiedene, virenscan, virenscanner, zugriff, zugriff verweigert


« WIN32.BHO.acw Trojaner | Alle Internetbrowser langsam bezüglich Seitenaufbau , verdacht auf Virus »


Ähnliche Themen: Falle ständig auf den Desktop Zurück


  1. Firefox-Einstellunungen setzen sich ständig zurück
    Log-Analyse und Auswertung - 02.11.2015 (6)
  2. Windows 7: Werde Ständig auf den Desktop geworfen
    Plagegeister aller Art und deren Bekämpfung - 08.05.2015 (27)
  3. Werbebomben, ständig öffnende Browser, neue Programme auf Desktop
    Plagegeister aller Art und deren Bekämpfung - 12.04.2015 (14)
  4. MyPC Backup & Remote Desktop Access (VuuPC) - ständig selbstständige Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 04.11.2014 (19)
  5. UMTS-Stick mit SMS-Falle
    Nachrichten - 02.06.2014 (0)
  6. Systemzeit setzt sich ständig zurück, Anwendungen hängen etc.
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (24)
  7. In die Spyhunter-Falle getappt
    Plagegeister aller Art und deren Bekämpfung - 14.07.2013 (5)
  8. Spiele gehen zurück zum Desktop
    Alles rund um Windows - 05.07.2013 (2)
  9. Virenscanner schlägt ständig an; Desktop anzeige verändert
    Log-Analyse und Auswertung - 09.11.2012 (5)
  10. FBI warnt vor Hotspot-Falle
    Nachrichten - 09.05.2012 (0)
  11. Akm-Virus Falle
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (37)
  12. Alle datein weg , Desktop Schwarz stürzt ständig ab
    Plagegeister aller Art und deren Bekämpfung - 18.10.2011 (13)
  13. System kehrt immerwieder auf Desktop zurück, Google Links rufen unerwünschte Seiten auf
    Plagegeister aller Art und deren Bekämpfung - 10.08.2011 (13)
  14. Schwarzer Desktop, Computer ständig am arbeiten, Daten sind weg
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (5)
  15. HijackThis LogFile - Vista - viele Spiele springen zurück auf Desktop
    Log-Analyse und Auswertung - 17.04.2010 (1)
  16. Blauer Desktop keine Icon und ständig Antivir 2009
    Log-Analyse und Auswertung - 06.08.2008 (3)
  17. Immer wieder auf den Desktop zurück
    Alles rund um Windows - 24.12.2006 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Falle ständig auf den Desktop Zurück - Hallo liebes Trojaner-Board-Team, ich habe folgendes Problem ich falle ständig auf den desktop zurück oder programme setzen sich in den hintergrund (bei games z.b. minimieren die sich einfach) bei anderen - Falle ständig auf den Desktop Zurück...
Archiv
Du betrachtest: Falle ständig auf den Desktop Zurück auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131