| |
| |||||||
Log-Analyse und Auswertung: GVU-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.09.2013, 19:08
| #1 |
| |  GVU-Trojaner Guten Abend, ich habe seit heute auch mit dem GVU-Trojaner zu kämpfen und hoffe, ihr könnt mir helfen. Die FRST Logfile konnte ich schon erstellen: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013
Ran by SYSTEM on MININT-40MQ8HP on 01-09-2013 19:49:15
Running from H:\
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-12] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-09-23] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Panda Software Controller Client] - C:\Program Files (x86)\Panda Security\WAC\PSCtrlC.exe [140096 2010-09-21] (Panda Security)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-04-20] (Avira GmbH)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\administrator\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Martin Welsch\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Martin Welsch\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Martin Welsch\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe [80896 2013-09-01] (Valve Corporation) <===== ATTENTION
HKU\Martin Welsch\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Martin Welsch\...\Command Processor: "C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe" <===== ATTENTION!
==================== Services (Whitelisted) =================
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-08] (Akamai Technologies, Inc.)
S2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-20] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-24] (Avira GmbH)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247608 2010-11-21] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-01-01] ()
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 Panda Software Controller; C:\Program Files (x86)\Panda Security\WAC\PsCtrlS.exe [342344 2011-05-17] (Panda Security)
S2 PavAt3Scheduler; C:\Program Files (x86)\Panda Security\WaAgent\Scheduler\PavSched.exe [140544 2011-06-27] (Panda Security)
S3 PavFnSvr; C:\Program Files (x86)\Panda Security\WAC\pavFnSvr.exe [152896 2010-08-05] (Panda Security, S.L.)
S2 PavSrv; C:\Program Files (x86)\Panda Security\WAC\pavsrvx86.exe [313152 2010-07-14] (Panda Security, S.L.)
S2 PavWASLpMng; C:\Program Files (x86)\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe [314696 2011-06-10] (Panda Security)
S3 PSHost; C:\Program Files (x86)\Panda Security\WAC\PSHost.exe [226560 2009-11-26] (Panda Security International)
S2 PSImSvc; C:\Program Files (x86)\Panda Security\WAC\PSIMSVC.EXE [107328 2010-06-25] (Panda Security S.L.)
S2 PskSvc; C:\Program Files (x86)\Panda Security\WAC\psksvc.exe [27968 2010-08-16] (Panda Software International)
S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S2 WASAgent; C:\Program Files (x86)\Panda Security\WaAgent\WasAgent\WasAgent.exe [322376 2011-05-31] (Panda Security)
S2 WASWD; C:\Program Files (x86)\Panda Security\WaAgent\WasWD\WasWD.exe [206664 2011-05-31] (Panda Security)
==================== Drivers (Whitelisted) ====================
S2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [70216 2011-03-07] (Panda Security, S.L.)
S2 APPFLT; C:\Windows\system32\Drivers\APPFLT64.SYS [129096 2011-01-31] (Panda Security, S.L.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-10-16] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-10-24] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-10-24] (Avira GmbH)
S2 DSAFLT; C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.)
S2 FNETMON; C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.)
S2 IDSFLT; C:\Windows\system32\Drivers\IDSFLT64.SYS [78920 2010-09-09] (Panda Security, S.L.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-10-16] ()
S2 NETFLTDI; C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.)
S3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\n64i1644.sys [216648 2010-09-30] (Panda Security, S.L.)
S2 nsfim; C:\Windows\system32\Drivers\NSFIM64.SYS [74312 2010-10-19] (Panda Security, S.L.)
S3 WacomVKHid; system32\DRIVERS\WacomVKHid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-01 01:46 - 2013-09-01 01:46 - 01084749 _____ C:\Users\Martin Welsch\AppData\Local\2433f433
2013-09-01 01:46 - 2013-09-01 01:46 - 01084736 _____ C:\Users\Martin Welsch\AppData\Roaming\2433f433
2013-09-01 01:46 - 2013-09-01 01:46 - 01084708 _____ C:\ProgramData\2433f433
2013-08-27 17:21 - 2013-08-27 17:21 - 00000000 __SHD C:\found.001
2013-08-25 02:46 - 2013-08-25 06:09 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-17 14:04 - 2013-08-17 14:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 20:24 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 20:24 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 20:24 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-14 20:24 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 20:24 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-14 20:24 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 20:24 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 20:24 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 20:24 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 20:24 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 20:24 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 20:24 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 20:24 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-14 20:24 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 17:20 - 2013-08-14 17:20 - 00000000 ____D C:\151dfda74b29c59ca4a56a3c9a5a
2013-08-14 12:45 - 2013-08-01 13:58 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Im Bann des Zyklopen
2013-08-14 12:45 - 2013-08-01 13:46 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Percy Jackson, Band 4_ Percy Jackson - D (66)
2013-08-14 12:45 - 2013-08-01 13:46 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Percy Jackson Bd. 5 Die letzte Gottin (67)
2013-08-14 12:45 - 2013-08-01 13:43 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Diebe im Olymp
2013-08-14 12:45 - 2013-08-01 13:43 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Der Fluch des Titanen
2013-08-14 08:45 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 08:45 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 08:45 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 08:45 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 08:45 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 08:45 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 08:45 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-14 08:45 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 08:45 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 08:45 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 08:45 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 08:45 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 08:45 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 08:45 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 08:45 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 08:45 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 08:45 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 08:45 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 08:45 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 08:45 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 08:45 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 08:45 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 08:45 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 08:45 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 08:45 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 08:45 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-14 08:44 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-13 12:52 - 2013-08-13 12:57 - 15253270 _____ C:\Users\Martin Welsch\Downloads\Alles.rar
2013-08-12 14:33 - 2013-08-12 14:33 - 00800336 _____ C:\Windows\Minidump\081313-17940-01.dmp
2013-08-12 00:46 - 2013-08-14 17:19 - 00000000 ____D C:\Windows\System32\MRT
2013-08-11 13:12 - 2013-08-17 15:06 - 00232448 _____ C:\Users\Martin Welsch\Downloads\sai.ssd
2013-08-11 13:12 - 2013-08-17 14:43 - 00000320 _____ C:\Users\Martin Welsch\Downloads\sysinfo.txt
2013-08-11 13:12 - 2013-08-11 13:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 13:12 - 2013-08-11 13:12 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2013-08-11 13:12 - 2011-01-05 11:52 - 00000000 ____D C:\Users\Martin Welsch\Downloads\toolnrm
2013-08-11 13:12 - 2010-05-07 09:57 - 00000621 _____ C:\Users\Martin Welsch\Downloads\brushform.conf
2013-08-11 13:12 - 2010-05-07 09:57 - 00000103 _____ C:\Users\Martin Welsch\Downloads\papertex.conf
2013-08-11 13:12 - 2010-05-07 09:57 - 00000045 _____ C:\Users\Martin Welsch\Downloads\brushtex.conf
2013-08-11 13:12 - 2009-11-18 04:58 - 00120520 _____ C:\Users\Martin Welsch\Downloads\language_DE.conf
2013-08-11 13:12 - 2009-11-18 04:58 - 00120520 _____ C:\Users\Martin Welsch\Downloads\language.conf
2013-08-11 13:12 - 2009-04-20 02:18 - 00051597 _____ C:\Users\Martin Welsch\Downloads\uninstall.exe
2013-08-11 13:12 - 2009-04-20 02:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\toolink
2013-08-11 13:12 - 2009-04-20 02:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\papertex
2013-08-11 13:12 - 2009-04-20 02:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\elemap
2013-08-11 13:12 - 2009-04-20 02:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\do-it-yourself
2013-08-11 13:12 - 2009-04-20 02:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\brushtex
2013-08-11 13:12 - 2008-12-30 06:35 - 00111758 _____ C:\Users\Martin Welsch\Downloads\language_EN.conf
2013-08-11 13:12 - 2008-12-30 06:24 - 00001227 _____ C:\Users\Martin Welsch\Downloads\presetcvsize.conf
2013-08-11 13:12 - 2008-12-24 16:01 - 00005606 _____ C:\Users\Martin Welsch\Downloads\misc.ini
2013-08-11 13:12 - 2008-12-24 12:33 - 00008204 _____ C:\Users\Martin Welsch\Downloads\history.txt
2013-08-11 13:12 - 2008-12-24 12:29 - 00362951 _____ C:\Users\Martin Welsch\Downloads\help.chm
2013-08-11 13:12 - 2008-04-09 23:42 - 00045568 _____ C:\Users\Martin Welsch\Downloads\start-sai.exe
2013-08-11 13:12 - 2008-03-14 11:08 - 01626112 _____ C:\Users\Martin Welsch\Downloads\sai.exe
2013-08-11 13:12 - 2008-03-01 01:28 - 00622592 _____ C:\Users\Martin Welsch\Downloads\sfl.dll
2013-08-11 13:11 - 2009-04-20 02:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\blotmap
2013-08-11 13:08 - 2013-08-11 13:09 - 02633921 _____ C:\Users\Martin Welsch\Downloads\PaintToolSAI.zip
2013-08-11 03:43 - 2013-08-11 03:43 - 00754894 _____ C:\Users\Martin Welsch\Downloads\psd_10_purple_and_brown_by_seolilihyun-d6hhjp7.psd
2013-08-11 03:42 - 2013-08-11 03:42 - 00704050 _____ C:\Users\Martin Welsch\Downloads\psd_3_green_and_yellow_by_seolilihyun-d64rhse.psd
2013-08-11 03:41 - 2013-08-11 03:42 - 00772008 _____ C:\Users\Martin Welsch\Downloads\psd_8_red_and_orange_by_seolilihyun-d699jx5.psd
2013-08-11 03:41 - 2013-08-11 03:42 - 00675848 _____ C:\Users\Martin Welsch\Downloads\psd_9_brown_and_blue_by_seolilihyun-d6bwlym.psd
2013-08-09 13:05 - 2013-08-09 13:06 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Neuer Ordner
2013-08-09 12:51 - 2013-08-09 13:53 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Macklemore and Ryan Lewis - The Heist (2012)
2013-08-09 11:38 - 2009-08-14 10:59 - 00619868 _____ C:\Users\Martin Welsch\Downloads\horses.csh
2013-08-09 11:38 - 2009-08-14 10:51 - 01297909 _____ C:\Users\Martin Welsch\Downloads\vector-horses-silhouettes.ai
2013-08-09 11:38 - 2009-04-30 10:11 - 00000117 _____ C:\Users\Martin Welsch\Downloads\All-Silhouettes.com.url
2013-08-09 11:38 - 2008-07-29 00:08 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Vector - Horse Silhouettes by DragonArt
2013-08-09 11:33 - 2013-08-09 11:34 - 04529490 _____ C:\Users\Martin Welsch\Downloads\Vector_-_Horse_Silhouettes_by_DragonArt.zip
2013-08-09 11:33 - 2013-08-09 11:33 - 00956623 _____ C:\Users\Martin Welsch\Downloads\horses.zip
==================== One Month Modified Files and Folders =======
2013-09-01 01:53 - 2013-01-17 10:23 - 00196608 _____ C:\Windows\System32\Ikeext.etl
2013-09-01 01:53 - 2010-09-23 21:42 - 01371461 _____ C:\Windows\WindowsUpdate.log
2013-09-01 01:49 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 01:49 - 2009-07-13 20:51 - 00244431 _____ C:\Windows\setupact.log
2013-09-01 01:48 - 2011-07-26 01:53 - 00000136 _____ C:\Windows\System32\Drivers\etc\NetAdapt.cfg
2013-09-01 01:46 - 2013-09-01 01:46 - 01084749 _____ C:\Users\Martin Welsch\AppData\Local\2433f433
2013-09-01 01:46 - 2013-09-01 01:46 - 01084736 _____ C:\Users\Martin Welsch\AppData\Roaming\2433f433
2013-09-01 01:46 - 2013-09-01 01:46 - 01084708 _____ C:\ProgramData\2433f433
2013-09-01 01:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-09-01 01:15 - 2013-02-20 07:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-31 11:34 - 2012-09-23 08:52 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\Skype
2013-08-30 03:28 - 2011-08-05 08:17 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\ICQ
2013-08-30 01:26 - 2009-07-13 20:45 - 00009712 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 01:26 - 2009-07-13 20:45 - 00009712 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 21:42 - 2011-07-26 01:53 - 00000152 _____ C:\Windows\System32\Drivers\etc\NetLoc.wlt
2013-08-27 17:23 - 2009-07-13 21:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-27 17:21 - 2013-08-27 17:21 - 00000000 __SHD C:\found.001
2013-08-25 06:09 - 2013-08-25 02:46 - 00000000 ____D C:\Users\Martin Welsch\Documents\Schule - GSS
2013-08-23 14:25 - 2010-09-24 07:33 - 00656294 _____ C:\Windows\System32\perfh007.dat
2013-08-23 14:25 - 2010-09-24 07:33 - 00130894 _____ C:\Windows\System32\perfc007.dat
2013-08-23 14:25 - 2009-07-13 21:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-22 11:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-19 11:03 - 2012-10-17 04:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 11:03 - 2010-09-06 22:20 - 00010706 _____ C:\Windows\PFRO.log
2013-08-18 14:07 - 2013-07-08 04:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-08-17 15:06 - 2013-08-11 13:12 - 00232448 _____ C:\Users\Martin Welsch\Downloads\sai.ssd
2013-08-17 14:43 - 2013-08-11 13:12 - 00000320 _____ C:\Users\Martin Welsch\Downloads\sysinfo.txt
2013-08-17 14:04 - 2013-08-17 14:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 17:20 - 2013-08-14 17:20 - 00000000 ____D C:\151dfda74b29c59ca4a56a3c9a5a
2013-08-14 17:19 - 2013-08-12 00:46 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 17:09 - 2012-11-07 03:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-14 16:36 - 2013-08-01 06:18 - 00000000 ____D C:\Users\Martin Welsch\Downloads\tumblr
2013-08-14 12:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-13 12:57 - 2013-08-13 12:52 - 15253270 _____ C:\Users\Martin Welsch\Downloads\Alles.rar
2013-08-12 14:33 - 2013-08-12 14:33 - 00800336 _____ C:\Windows\Minidump\081313-17940-01.dmp
2013-08-12 14:33 - 2012-07-04 09:17 - 256433944 _____ C:\Windows\MEMORY.DMP
2013-08-12 14:33 - 2012-07-04 09:17 - 00000000 ____D C:\Windows\Minidump
2013-08-11 13:12 - 2013-08-11 13:12 - 00000000 ____D C:\Users\Martin Welsch\AppData\Roaming\SYSTEMAX Software Development
2013-08-11 13:12 - 2013-08-11 13:12 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2013-08-11 13:09 - 2013-08-11 13:08 - 02633921 _____ C:\Users\Martin Welsch\Downloads\PaintToolSAI.zip
2013-08-11 03:43 - 2013-08-11 03:43 - 00754894 _____ C:\Users\Martin Welsch\Downloads\psd_10_purple_and_brown_by_seolilihyun-d6hhjp7.psd
2013-08-11 03:42 - 2013-08-11 03:42 - 00704050 _____ C:\Users\Martin Welsch\Downloads\psd_3_green_and_yellow_by_seolilihyun-d64rhse.psd
2013-08-11 03:42 - 2013-08-11 03:41 - 00772008 _____ C:\Users\Martin Welsch\Downloads\psd_8_red_and_orange_by_seolilihyun-d699jx5.psd
2013-08-11 03:42 - 2013-08-11 03:41 - 00675848 _____ C:\Users\Martin Welsch\Downloads\psd_9_brown_and_blue_by_seolilihyun-d6bwlym.psd
2013-08-10 00:07 - 2009-07-13 20:45 - 00403696 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-09 13:53 - 2013-08-09 12:51 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Macklemore and Ryan Lewis - The Heist (2012)
2013-08-09 13:19 - 2011-07-26 07:14 - 00103808 _____ C:\Users\Martin Welsch\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-09 13:06 - 2013-08-09 13:05 - 00000000 ____D C:\Users\Martin Welsch\Downloads\Neuer Ordner
2013-08-09 11:51 - 2013-02-25 04:34 - 00000000 ____D C:\Users\Martin Welsch\Documents\Adobe Photoshop CS6 Extended Portable
2013-08-09 11:34 - 2013-08-09 11:33 - 04529490 _____ C:\Users\Martin Welsch\Downloads\Vector_-_Horse_Silhouettes_by_DragonArt.zip
2013-08-09 11:33 - 2013-08-09 11:33 - 00956623 _____ C:\Users\Martin Welsch\Downloads\horses.zip
Files to move or delete:
====================
C:\Users\MARTIN~1\AppData\Local\Temp\fhgneuomrpfeddvut.exe
C:\Users\Martin Welsch\AppData\Local\Temp\AskSLib.dll
C:\Users\Martin Welsch\AppData\Local\Temp\comver.dll
C:\Users\Martin Welsch\AppData\Local\Temp\fhgneuomrpfeddvut.exe
C:\Users\Martin Welsch\AppData\Local\Temp\instloffer.exe
C:\Users\Martin Welsch\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Martin Welsch\AppData\Local\Temp\_isF7E5.exe
C:\Users\Martin Welsch\AppData\Local\Temp\{E401D299-E7B9-4C97-8865-672096437FB8}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{A9941093-4132-4D19-88E2-9B8D37553F77}\ISSetup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{A9941093-4132-4D19-88E2-9B8D37553F77}\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{83B8800F-ED30-4007-BE6B-353B682CF7E6}\ICQ7.exe
C:\Users\Martin Welsch\AppData\Local\Temp\{47FE8B30-974F-4B99-B42F-914256AF4022}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\{183B734F-6DAF-404E-AFF4-F20A29CBD4F1}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\MoveIt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\HttpInterface.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\libgcc_s_dw2-1.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\LiveUpd.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\mingwm10.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\ouc.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtCore4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtGui4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QtNetwork4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\QueryStrategy.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\RunLiveUpd.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\RunOuc.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\plugins\imageformats\qgif4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\UpdateDog\plugins\imageformats\qico4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\devsetup32.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\devsetup64.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\DriverSetup.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\DriverUninstall.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\LocateDevice.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X86\hwgpssensor.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X86\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X64\hwgpssensor.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\Driver\Driver\X64\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\AutoRun\AutoRunSetup.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\O2_C705\AutoRun\AutoRunUninstall.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AboutPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddPbk.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AddrBookUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\AtCodec.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\ATR2SMgr.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallAppPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallLogSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallLogUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\CallUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Common.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\core.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DataServicePlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceAppPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceInfoExPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceMgrUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DeviceSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DiagnosisPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DialUpPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\DialupUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\LayoutPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\LiveUpdateInterface.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mcciwin32.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\MenuMgrPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mobilepartner.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\msvcp60.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\mt.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NDISAPI.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NDISPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetConnectPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetConnectSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoRecordUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetInfoUIExPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetSettingPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NetSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\NotifyServicePlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSAdapt.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSCall.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSDialup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSNDIS.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\OSPowerMgr.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\PluginContainer.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Proxy.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\sdk.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SettingUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SmsAppPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SmsSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\SMSUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\StatusBarMgrPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\STKPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\STKSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\subinacl.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\ToolBarMgrPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Trace.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\UnblockPin.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\USSDSrvPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\USSDUIPlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\Win7Support.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XCodec.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XFramePlugin.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\XStartScreen.exe
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\libgcc_s_dw2-1.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\mingwm10.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtCore4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtGui4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtNetwork4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\qtlib\QtXml4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qgif4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qico4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qjpeg4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qmng4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\imageformats\qtiff4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\UTPS\common\plugins\codecs\qcncodecs4.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\atl80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Installer.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfc80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfc80u.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfcm80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\mfcm80u.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcm80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcp80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\msvcr80.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\OSU.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\OSU64.exe
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WtgDriverInstall.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WtgDriverInstallX.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\WTGXMLUtil.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\64\Vista\Huawei.4.20.07\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\32\Xp\Huawei.4.20.07\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\Drivers\OnDemand\32\Vista\Huawei.4.20.07\WdfCoInstaller01007.dll
C:\Users\Martin Welsch\AppData\Local\Temp\Setup\AdditionalFiles\Huaweiregcleaner.exe
C:\Users\Martin Welsch\AppData\Local\Temp\SDIAG_ee55fec6-d1fd-4f34-b136-b5c1d5258764\DiagPackage.dll
C:\Users\Martin Welsch\AppData\Local\Temp\SDIAG_4b6a1991-bc81-4b0b-9a7c-aa539bf74ea1\DiagPackage.dll
C:\Users\Martin Welsch\AppData\Local\Temp\mia20\bokeh_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\mia2\fusion2_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\mia14\remask3_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\mia10\denoise5_setup_ext.exe
C:\Users\Martin Welsch\AppData\Local\Temp\ispC229.tmp\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\isp82AA.tmp\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\isp1FA4.tmp\_Setup.dll
C:\Users\Martin Welsch\AppData\Local\Temp\isp1CA7.tmp\_Setup.dll
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-08-06 08:15:56
Restore point made on: 2013-08-12 00:45:45
Restore point made on: 2013-08-14 17:04:18
Restore point made on: 2013-08-14 20:16:00
Restore point made on: 2013-08-20 12:47:13
Restore point made on: 2013-08-27 01:56:26
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 1977.97 MB
Available physical RAM: 1341.88 MB
Total Pagefile: 1977.97 MB
Available Pagefile: 1330.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:214.38 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.3 GB) NTFS
Drive h: (ALI) (Removable) (Total:1.95 GB) (Free:0.41 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: CAD78C25)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 221E5780)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)
LastRegBack: 2013-09-01 00:16
==================== End Of Log ============================
Ich bin für jede Hilfe dankbar! Viele Grüße Ciel |
| Themen zu GVU-Trojaner |
| .dll, adobe, akamai, antivir, association, autorun, avg, avira, desktop, explorer, farbar, farbar recovery scan tool, flash player, launch, logfile, minidump, mozilla, photoshop, realtek, registry, scan, security, services.exe, software, svchost.exe, symantec, system, temp, vista, winlogon.exe |
Baum-Darstellung