Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner restlos entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 08.12.2012, 23:45   #1
modchris
 
GVU Trojaner restlos entfernen - Standard

GVU Trojaner restlos entfernen



Hallo,
ich wurde gestern vom GVU Trojaner "befallen". Der Rechner ließ sich noch normal starten, aber nach kurzer Zeit erschien die Meldung "Rechner gesperrt, 100€ zahlen...". Ich habe daraufhin bereits die folgenden Schritte unternommen:

- Scan mit TrendMicro Office Scan hat zwei Viren gefunden und angeblich gelöscht
- Scan mit Malwarebytes Anti-Malware (aktuellste Version) hat auch was gefunden (Exploit.Drop.GS, Trojan.Ransom.SUGen)

Kann der Virus auch über eine externe Festplatte reinkommen?

Zuguterletzt habe ich von einer OTL CD gebootet und einen Scan durchgeführt, anbei die Log-Datei

Code:
ATTFilter
OTL logfile created on: 12/8/2012 7:42:08 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Enterprise Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 200.00 Mb Total Space | 171.87 Mb Free Space | 85.94% Space Free | Partition Type: NTFS
Drive D: | 231.87 Gb Total Space | 83.17 Gb Free Space | 35.87% Space Free | Partition Type: NTFS
Drive E: | 14.81 Gb Total Space | 13.39 Gb Free Space | 90.42% Space Free | Partition Type: FAT32
Drive F: | 232.69 Gb Total Space | 136.84 Gb Free Space | 58.81% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/10/30 05:53:14 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto] -- F:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/10/30 05:53:13 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto] -- F:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/21 22:30:34 | 000,510,536 | ---- | M] (Aventail Corporation) [Auto] -- F:\Windows\System32\ngvpnmgr.exe -- (NgVpnMgr)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/28 04:09:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/19 08:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto] -- F:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 05:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto] -- F:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/09/29 13:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 13:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/23 14:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/14 10:27:24 | 018,237,320 | ---- | M] (Enterasys Networks, Inc) [Auto] -- F:\Program Files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe -- (NACAgentService)
SRV - [2012/04/12 06:30:22 | 000,057,344 | ---- | M] (IT) [Auto] -- F:\Windows\Managed\Service\SENSubstService.exe -- (SENSuSrv)
SRV - [2011/08/04 11:54:52 | 002,416,240 | ---- | M] (Trend Micro Inc.) [Auto] -- F:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2011/08/04 11:46:44 | 002,134,792 | ---- | M] (Trend Micro Inc.) [Auto] -- F:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2011/06/04 23:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/15 06:17:44 | 000,918,032 | ---- | M] (Trend Micro Inc.) [On_Demand] -- F:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2011/01/25 09:33:34 | 006,080,000 | ---- | M] (Riverbed Technology, Inc) [Auto] -- F:\Program Files (x86)\Riverbed\Steelhead Mobile\rbtmon.exe -- (RVBD_SH_Mobile_Monitor)
SRV - [2011/01/25 09:33:34 | 000,864,768 | ---- | M] (Riverbed Technology, Inc) [Auto] -- F:\Program Files (x86)\Riverbed\Steelhead Mobile\rbtlogger.exe -- (RVBD_SH_Mobile_Logger)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 10:24:12 | 000,028,747 | ---- | M] (British Telecommunications Plc.) [Auto] -- F:\Program Files (x86)\MobileXpress\btomosrv.exe -- (MobileXpress)
SRV - [2009/09/17 22:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/17 22:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/10/30 05:54:49 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/10/30 05:54:30 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2012/10/30 05:53:47 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2012/10/30 05:53:45 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2012/10/30 05:53:41 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2012/10/30 05:53:23 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2012/10/30 05:53:19 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2012/10/30 05:53:19 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless  HSPA Mini-Card Device Management Driver (WDM)
DRV:64bit: - [2012/10/30 05:53:19 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless 5540 HSPA Mini-Card Device (WDM)
DRV:64bit: - [2012/10/30 05:53:19 | 000,276,520 | ---- | M] (Ericsson AB) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2012/10/30 05:53:19 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand] -- F:\Windows\System32\drivers\d554gps64.sys -- (d554gps)
DRV:64bit: - [2012/10/30 05:53:19 | 000,061,992 | ---- | M] (Ericsson AB) [Kernel | On_Demand] -- F:\Windows\System32\drivers\d554scard.sys -- (d554scard)
DRV:64bit: - [2012/10/30 05:53:19 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2012/10/30 05:53:18 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2012/10/30 05:53:18 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2012/10/30 05:53:16 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto] -- F:\Windows\System32\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2012/10/30 05:53:16 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2012/10/30 05:53:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/10/30 05:53:09 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand] -- F:\Windows\System32\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2012/09/29 13:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- F:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 04:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2011/09/21 22:00:48 | 000,103,496 | ---- | M] (Aventail Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ngvpn.sys -- (NgVpn)
DRV:64bit: - [2011/09/21 22:00:48 | 000,031,304 | ---- | M] (Aventail Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nglog.sys -- (NgLog)
DRV:64bit: - [2011/09/21 22:00:48 | 000,028,744 | ---- | M] (Aventail Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ngwfp.sys -- (NgWfp)
DRV:64bit: - [2011/09/21 22:00:48 | 000,026,184 | ---- | M] (Aventail Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ngfilter.sys -- (NgFilter)
DRV:64bit: - [2011/07/15 15:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot] -- F:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/01/25 09:33:38 | 000,474,624 | ---- | M] (Riverbed Technology, Inc) [Kernel | System] -- F:\Windows\System32\drivers\rbtnfd64.sys -- (rbtnfd_srv)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/08 13:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- F:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- F:\Windows\System32\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2011/07/12 04:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- F:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 04:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- F:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 04:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- F:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2009/09/17 22:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\chris_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
IE - HKU\chris_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\SEN_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..network.proxy.type: 2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: F:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4: F:\Program Files (x86)\VideoLAN\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\SteelheadMobileCertificateManager@riverbed.com: C:\Program Files (x86)\Riverbed\Steelhead Mobile\shmcert [2012/10/30 06:46:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/08 13:06:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/10/30 07:30:40 | 000,000,000 | ---D | M] (No name found) -- F:\Users\chris\AppData\Roaming\Mozilla\Extensions
[2012/12/08 13:06:58 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/31 06:09:44 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
[2012/10/31 09:08:03 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) -- 
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- F:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [Apoint] F:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [NVHotkey] F:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] F:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] F:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] F:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime]  File not found
O4 - HKLM..\Run: [EKStatusMonitor] F:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [JavaProfileFix] F:\Program Files (x86)\Java\Profile Fix\JAVA_Fix 4.exe (Siemens and Partners)
O4 - HKLM..\Run: [JavaProfileFix2] F:\Program Files (x86)\Java\Profile Fix\Java_Profile_2.exe (Siemens AG)
O4 - HKLM..\Run: [OfficeScanNT Monitor] F:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Steelhead Mobile] F:\Program Files (x86)\Riverbed\Steelhead Mobile\shmobile.exe (Riverbed Technology, Inc)
O4 - HKU\chris_ON_F..\Run: [Push Client] F:\Users\chris\AppData\Local\ATT Connect\Participant\pull.exe (AT&T Inc.)
O4 - HKU\chris_ON_F..\Run: [Xeobxoxai] F:\Users\chris\AppData\Roaming\Wute\ylxa.exe ()
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - Startup: F:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X Client.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\chris_ON_F\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\chris_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\chris_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\chris_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\LocalService_ON_F\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\NetworkService_ON_F\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\SEN_ON_F\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\SEN_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_F\Software\Policies\Microsoft\Internet Explorer\Main present
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: JavaSelector - {12345678-1A7A-1A7A-1A7A-123456789012} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Java Selector - {12345678-1A7A-1A7A-1A7A-123456789012} - F:\Program Files (x86)\JavaSelector\sjs.exe (UD. Solutions)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - chris_ON_F\..Trusted Domains: abatos.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: acuson.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: adb.be ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: adp.com ([*.globalview] * in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: anfdata.cz ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: any4swat.net ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: ardentek.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: ariba.com ([]* in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: atea.be ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: audioservice.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: bbcom-hh.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: bmw.de ([ikom] * in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: cerberus.ch ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: comneon.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: dematic.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: dematic.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: efficient.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: elmo-vacuum.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: emcom.ro ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: empros.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: englishtown.com ([siemens] * in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: entex.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: epos-d.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: eupec.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: eupec.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: e-utile.it ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: e-wsi.com ([]* in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: gepas.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: gepas.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: gskv.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: hspkoeln.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: ictraining.de ([]* in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: ind.br ([*.cvl] * in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: infineon.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: infineon.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: italdata.it ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: kordoba.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: landisgyr.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: landisstaefa.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: lufthansa.com ([]* in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: mchp249A ([]* in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: milltronics.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: mobile-travel.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: mobisphere.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: my-siemens.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: nokia.com ([*.ext] * in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: opentext.com ([]* in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: osram-os.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: osram-os.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: rolm.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: rxs.fr ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: salesforce.com ([]* in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: sap.com ([]* in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: sap-ag.de ([]* in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: sbi-jena.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sbk.org ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sbs.at ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sbs.be ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sbs.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sbs.de ([erls9w6a.erl] http in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sbs.fr ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sbs.pl ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sbs.ru ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sbs.sk ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sbsitalia.it ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sesa.net ([mail] * in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: sgpvt.at ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: shs-online.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sibt.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sicad.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sietec.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sim-immobilien.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sitest.net ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: smsocs.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sni.at ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sni.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sni.fi ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sni.it ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sni.nl ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sni.no ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sni.se ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: s-partners.net ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: spls.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sri.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sri-online.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sta-augsburg.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: swh.sk ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sykatec.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: sysdata.hu ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: trangosoft.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: vdogrp.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: vvk.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: weissgmbh.de ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: whiteoaksemi.com ([]* in Local intranet)
O15:64bit: - chris_ON_F\..Trusted Domains: wsistudents.com ([]* in Trusted sites)
O15:64bit: - chris_ON_F\..Trusted Domains: wts-ag.de ([]* in Local intranet)
O15 - HKU\chris_ON_F\..Trusted Domains: abatos.com ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://195.243.48.116/+CSCOL+/cscopf.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_01-win.cab (Java Plug-in 1.3.1_01)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} https://www.g-dms.com/img/webedit/lledit.cab (Open Text Content Server Office Editor)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global-ad.net
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4088533c-22c2-11e2-a6fe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4088533c-22c2-11e2-a6fe-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/08 04:20:40 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Roaming\Malwarebytes
[2012/12/08 04:20:09 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/08 04:20:08 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2012/12/08 04:20:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbam.sys
[2012/12/08 04:20:06 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/07 17:42:47 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Roaming\Wute
[2012/12/07 17:42:47 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Roaming\Loeb
[2012/12/07 17:42:47 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Roaming\Fykulo
[2012/12/04 06:31:10 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/12/04 06:30:20 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/04 06:29:48 | 000,000,000 | ---D | C] -- F:\Program Files\iPod
[2012/12/04 06:29:47 | 000,000,000 | ---D | C] -- F:\Program Files\iTunes
[2012/12/04 06:29:47 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\iTunes
[2012/12/04 06:29:47 | 000,000,000 | ---D | C] -- F:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/29 10:06:18 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AT&T Connect
[2012/11/29 10:06:16 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Roaming\ATT Connect
[2012/11/29 10:06:16 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Local\ATT Connect
[2012/11/29 10:05:35 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Local\Downloaded Installations
[2012/11/29 09:38:08 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Roaming\Download Manager
[2012/11/29 03:05:52 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Roaming\pdfforge
[2012/11/29 03:05:50 | 000,662,288 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\MSCOMCT2.OCX
[2012/11/29 03:05:50 | 000,137,000 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\MSMAPI32.OCX
[2012/11/29 03:05:50 | 000,100,864 | ---- | C] (pdfforge GbR) -- F:\Windows\System32\pdfcmon.dll
[2012/11/29 03:05:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\MSMPIDE.DLL
[2012/11/29 03:05:48 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Local\Programs
[2012/11/29 03:05:46 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\PDFCreator
[2012/11/28 04:11:01 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Local\Macromedia
[2012/11/28 04:09:12 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/28 04:09:12 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/28 04:08:26 | 000,000,000 | ---D | C] -- F:\Windows\System32\Macromed
[2012/11/28 04:07:42 | 000,000,000 | ---D | C] -- F:\Windows\SysWow64\Adobe
[2012/11/22 10:31:54 | 000,000,000 | ---D | C] -- F:\TAP
[2012/11/21 09:51:36 | 000,000,000 | ---D | C] -- F:\Program Files\OpenSmart Designer 2
[2012/11/21 08:21:41 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Common Files\Siemens AG
[2012/11/21 07:52:10 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Roaming\IDMComp
[2012/11/21 07:52:10 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\IDM Computer Solutions
[2012/11/21 05:02:53 | 000,000,000 | ---D | C] -- F:\ProgramData\Adobe
[2012/11/21 04:40:49 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Common Files\Adobe
[2012/11/21 04:40:49 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Adobe
[2012/11/21 03:28:41 | 000,226,816 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\dhcpcore6.dll
[2012/11/21 03:28:41 | 000,193,536 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\dhcpcore6.dll
[2012/11/21 03:28:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\dhcpcsvc6.dll
[2012/11/21 03:28:41 | 000,044,032 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\dhcpcsvc6.dll
[2012/11/21 03:26:34 | 000,054,376 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\drivers\WdfLdr.sys
[2012/11/21 03:26:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\Wdfres.dll
[2012/11/21 03:26:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\RdpGroupPolicyExtension.dll
[2012/11/21 03:26:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/11/21 03:26:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/11/21 03:26:12 | 000,057,856 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\drivers\TsUsbFlt.sys
[2012/11/21 03:26:12 | 000,044,032 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\tsgqec.dll
[2012/11/21 03:26:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/11/21 03:26:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\drivers\TsUsbGD.sys
[2012/11/21 03:26:12 | 000,029,696 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\drivers\terminpt.sys
[2012/11/21 03:26:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\drivers\rdpvideominiport.sys
[2012/11/21 03:26:12 | 000,018,432 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wksprtPS.dll
[2012/11/21 03:26:11 | 005,773,824 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mstscax.dll
[2012/11/21 03:26:11 | 004,916,224 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mstscax.dll
[2012/11/21 03:26:11 | 003,174,912 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\rdpcorets.dll
[2012/11/21 03:26:11 | 001,123,840 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mstsc.exe
[2012/11/21 03:26:11 | 001,048,064 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mstsc.exe
[2012/11/21 03:26:11 | 000,384,000 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wksprt.exe
[2012/11/21 03:26:11 | 000,322,560 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\aaclient.dll
[2012/11/21 03:26:11 | 000,269,312 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\aaclient.dll
[2012/11/21 03:26:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\rdpudd.dll
[2012/11/21 03:26:11 | 000,228,864 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\rdpendp_winip.dll
[2012/11/21 03:26:11 | 000,192,000 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\rdpendp_winip.dll
[2012/11/21 03:26:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\TSWbPrxy.exe
[2012/11/21 03:26:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\MsRdpWebAccess.dll
[2012/11/21 03:26:11 | 000,046,592 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/11/21 03:26:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\tsgqec.dll
[2012/11/21 03:26:11 | 000,016,896 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\wksprtPS.dll
[2012/11/21 03:26:00 | 000,220,160 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ncrypt.dll
[2012/11/21 03:25:59 | 001,448,448 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\lsasrv.dll
[2012/11/21 03:25:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ncrypt.dll
[2012/11/21 03:23:27 | 000,246,272 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\netcorehc.dll
[2012/11/21 03:23:27 | 000,216,576 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ncsi.dll
[2012/11/21 03:23:27 | 000,175,104 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\netcorehc.dll
[2012/11/21 03:23:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ncsi.dll
[2012/11/21 03:23:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\netevent.dll
[2012/11/21 03:23:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\netevent.dll
[2012/11/21 03:18:42 | 000,744,448 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\WUDFx.dll
[2012/11/21 03:18:42 | 000,229,888 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\WUDFHost.exe
[2012/11/21 03:18:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\WUDFPlatform.dll
[2012/11/21 03:18:42 | 000,045,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\WUDFCoinstaller.dll
[2012/11/21 03:18:38 | 000,095,744 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\synceng.dll
[2012/11/21 03:18:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\synceng.dll
[2012/11/14 03:59:43 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\3CDaemon
[2012/11/14 03:59:12 | 000,303,616 | ---- | C] (InstallShield Software Corporation) -- F:\Windows\IsUninst.exe
[2012/11/09 21:33:47 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\JDownloader 2
[2012/11/09 07:26:11 | 000,000,000 | ---D | C] -- F:\Users\chris\AppData\Roaming\TeamViewer
[2012/11/09 04:16:32 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2012/11/09 04:16:32 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\WinSCP
[1 F:\Windows\*.tmp files -> F:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/08 13:31:25 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/12/08 13:27:46 | 3112,562,688 | -HS- | M] () -- F:\hiberfil.sys
[2012/12/08 13:11:00 | 000,009,176 | ---- | M] () -- F:\Windows\cfgall.ini
[2012/12/08 13:07:12 | 000,002,557 | ---- | M] () -- F:\Users\chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/08 13:07:12 | 000,002,545 | ---- | M] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/08 13:05:00 | 000,000,830 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/08 12:59:30 | 000,687,830 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/12/08 12:59:30 | 000,130,200 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/12/08 05:25:14 | 000,019,104 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 05:25:14 | 000,019,104 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 05:20:22 | 000,000,463 | ---- | M] () -- F:\Windows\SMSCFG.ini
[2012/12/08 05:18:59 | 000,002,004 | ---- | M] () -- F:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X Client.lnk
[2012/12/08 05:16:40 | 000,003,288 | ---- | M] () -- F:\bootsqm.dat
[2012/12/08 04:20:09 | 000,001,120 | ---- | M] () -- F:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/08 04:20:09 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/07 18:17:31 | 095,023,320 | ---- | M] () -- F:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/06 10:21:47 | 000,000,600 | ---- | M] () -- F:\Users\chris\AppData\Roaming\winscp.rnd
[2012/12/06 10:21:45 | 000,000,600 | ---- | M] () -- F:\Users\chris\AppData\Local\PUTTY.RND
[2012/12/04 06:31:10 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/12/04 06:30:20 | 000,001,790 | ---- | M] () -- F:\Users\Public\Desktop\iTunes.lnk
[2012/12/04 06:30:20 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/28 05:35:46 | 000,000,594 | ---- | M] () -- F:\dat.properties
[2012/11/28 04:09:56 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/28 04:09:56 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/22 10:25:56 | 000,034,952 | RHS- | M] () -- F:\ProgramData\ntuser.pol
[2012/11/22 07:12:18 | 000,001,144 | ---- | M] () -- F:\Users\chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/11/22 05:41:55 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/22 05:40:52 | 000,356,960 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2012/11/21 08:26:16 | 000,008,197 | ---- | M] () -- F:\Windows\ASS_150E.INI
[2012/11/21 06:49:49 | 000,000,193 | ---- | M] () -- F:\Windows\WORDPAD.INI
[2012/11/21 04:48:06 | 000,830,040 | ---- | M] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/14 03:59:44 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\3CDaemon
[2012/11/12 01:37:29 | 000,007,606 | ---- | M] () -- F:\Users\chris\AppData\Local\Resmon.ResmonCfg
[2012/11/11 10:05:48 | 000,129,024 | ---- | M] () -- F:\Windows\RegBootClean64.exe
[2012/11/11 10:05:46 | 000,102,400 | ---- | M] () -- F:\Windows\RegBootClean.exe
[2012/11/09 21:34:39 | 000,002,044 | ---- | M] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012/11/09 21:34:39 | 000,001,988 | ---- | M] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2012/11/09 04:16:32 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2012/11/09 03:50:43 | 000,000,983 | ---- | M] () -- F:\Windows\ipch.ini
[1 F:\Windows\*.tmp files -> F:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/12/08 13:07:12 | 000,002,557 | ---- | C] () -- F:\Users\chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/08 13:07:12 | 000,002,545 | ---- | C] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/08 05:16:40 | 000,003,288 | ---- | C] () -- F:\bootsqm.dat
[2012/12/08 04:20:09 | 000,001,120 | ---- | C] () -- F:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/07 18:04:08 | 095,023,320 | ---- | C] () -- F:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/04 06:30:20 | 000,001,790 | ---- | C] () -- F:\Users\Public\Desktop\iTunes.lnk
[2012/11/28 05:22:09 | 000,000,594 | ---- | C] () -- F:\dat.properties
[2012/11/28 04:09:13 | 000,000,830 | ---- | C] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/21 08:26:13 | 000,008,197 | ---- | C] () -- F:\Windows\ASS_150E.INI
[2012/11/21 03:26:35 | 000,000,003 | ---- | C] () -- F:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/21 03:18:42 | 000,000,003 | ---- | C] () -- F:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/20 04:30:36 | 000,000,193 | ---- | C] () -- F:\Windows\WORDPAD.INI
[2012/11/12 01:37:29 | 000,007,606 | ---- | C] () -- F:\Users\chris\AppData\Local\Resmon.ResmonCfg
[2012/11/11 10:05:48 | 000,129,024 | ---- | C] () -- F:\Windows\RegBootClean64.exe
[2012/11/11 10:05:46 | 000,102,400 | ---- | C] () -- F:\Windows\RegBootClean.exe
[2012/11/09 04:16:33 | 000,000,600 | ---- | C] () -- F:\Users\chris\AppData\Roaming\winscp.rnd
[2012/11/06 08:26:59 | 000,000,600 | ---- | C] () -- F:\Users\chris\AppData\Local\PUTTY.RND
[2012/11/05 07:00:32 | 000,004,764 | ---- | C] () -- F:\Windows\SysWow64\CcmFramework.ini
[2012/11/05 07:00:08 | 000,000,463 | ---- | C] () -- F:\Windows\SMSCFG.ini
[2012/11/03 10:43:43 | 000,038,466 | ---- | C] () -- F:\Users\chris\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/11/01 05:43:42 | 000,000,983 | ---- | C] () -- F:\Windows\ipch.ini
[2012/10/30 07:33:23 | 000,830,040 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/30 06:43:01 | 000,000,376 | ---- | C] () -- F:\Windows\ODBC.INI
[2012/10/30 06:36:16 | 000,009,176 | ---- | C] () -- F:\Windows\cfgall.ini
[2012/10/30 06:22:07 | 000,034,952 | RHS- | C] () -- F:\ProgramData\ntuser.pol
[2011/09/21 22:36:10 | 000,215,112 | ---- | C] () -- F:\Windows\ngmsi.dll
[2011/09/21 22:34:00 | 000,021,064 | ---- | C] () -- F:\Windows\ngutil.exe
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- F:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- F:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2012/12/04 06:30:16 | 000,000,000 | ---D | M] -- F:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2012/10/30 07:03:07 | 000,000,000 | ---D | M] -- F:\ProgramData\Aventail
[2012/11/05 11:31:45 | 000,000,000 | ---D | M] -- F:\ProgramData\Canneverbe Limited
[2012/12/08 13:02:35 | 000,000,000 | ---D | M] -- F:\ProgramData\DD
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2012/10/30 07:23:46 | 000,000,000 | ---D | M] -- F:\ProgramData\MobileXpress
[2012/10/30 06:09:51 | 000,000,000 | ---D | M] -- F:\ProgramData\NAC Assessment Agent
[2012/11/04 05:31:57 | 000,000,000 | ---D | M] -- F:\ProgramData\PrintProjects
[2012/10/30 06:46:22 | 000,000,000 | ---D | M] -- F:\ProgramData\Riverbed
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2012/11/04 05:31:57 | 000,000,000 | ---D | M] -- F:\ProgramData\Visan
[2012/10/30 06:38:57 | 000,000,000 | ---D | M] -- F:\ProgramData\WinZip
[2009/07/14 00:08:49 | 000,007,430 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
Hab das Geführ irgendwas schränkt mein System noch ein, IE und Firefox spinnen manchmal und reagieren nicht (starten nicht). Auch nachdem der Virus angeblich gelöscht bzw. unter Quarantäne gestellt wurde, taucht hin und wieder noch die Warnung von Malwarebytes, dass ein Zugriff aufs Internet geblockt wurde und eine Datei wieder unter Quarantäne gestellt wurde (zum Schluss Trojan.Fake.MS).

Zumindest kam das Bild bislang nicht mehr und der TastManager geht wieder, der ging gester nicht mehr.

Danke im Voraus für die Hilfe
Chris

 

Themen zu GVU Trojaner restlos entfernen
adobe, adobe flash player, bonjour, defender, entfernen, error, explorer, externe festplatte, festplatte, firefox, flash player, format, gesperrt, intranet, jdownloader, launch, logfile, nodrives, nvidia, plug-in, registry, scan, server, software, starten, starten nicht, trojan.fake.ms, trojaner, viren, virus, warnung




Ähnliche Themen: GVU Trojaner restlos entfernen


  1. Search Protect von Conduit - wie restlos entfernen?
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (9)
  2. Windows 8: Nationzoom restlos bereinigen
    Log-Analyse und Auswertung - 24.01.2014 (7)
  3. Rotbrow restlos entfernt?
    Log-Analyse und Auswertung - 02.01.2014 (7)
  4. Sytem Care Anti-Virus Restlos entfernen
    Plagegeister aller Art und deren Bekämpfung - 30.07.2013 (17)
  5. BKA-Virus restlos entfernen
    Log-Analyse und Auswertung - 06.05.2013 (11)
  6. Trojaner (Bundespolzei) restlos beseitigen
    Log-Analyse und Auswertung - 24.02.2013 (6)
  7. Savings Sidekick auf PC unter Software gefunden, läßt sich nicht restlos entfernen
    Log-Analyse und Auswertung - 12.02.2013 (21)
  8. GVU - Trojaner - restlos entfernt? und weitere Fragen
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (15)
  9. Firefox restlos deinstallieren
    Alles rund um Windows - 17.11.2012 (1)
  10. Bundespolizei Trojaner restlos entfernen
    Log-Analyse und Auswertung - 09.09.2012 (1)
  11. ukash Trojaner restlos entfernt ?
    Log-Analyse und Auswertung - 02.08.2012 (9)
  12. Trojaner nicht restlos entfernt?
    Log-Analyse und Auswertung - 15.03.2012 (5)
  13. Wie kann man den BKA-Virus restlos entfernen?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (1)
  14. 50-Euro-Trojaner - wie restlos entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (1)
  15. ComboFix restlos löschen?
    Alles rund um Windows - 27.02.2010 (1)
  16. ist der trojaner jetzt restlos weg?
    Mülltonne - 14.06.2008 (0)
  17. Malware VX2 läßt sich nicht restlos entfernen
    Log-Analyse und Auswertung - 29.05.2005 (0)

Zum Thema GVU Trojaner restlos entfernen - Hallo, ich wurde gestern vom GVU Trojaner "befallen". Der Rechner ließ sich noch normal starten, aber nach kurzer Zeit erschien die Meldung "Rechner gesperrt, 100€ zahlen...". Ich habe daraufhin bereits - GVU Trojaner restlos entfernen...
Archiv
Du betrachtest: GVU Trojaner restlos entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.