| |  GVU-Trojaner mit webcam-bild, otl scan mitgeliefert
 Guten Tag,
mein Windows 7 Professional 32 bit pc ist leider mit dem gvu trojaner infiziert, und lässt sich weder durch ein anti viren programm, noch sonstige schritte entfernen, die ich bisher googlen konnte.
Hier ist meine otl txt: Zitat:
OTL logfile created on: 29.07.2012 12:10:31 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\woros\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
2,96 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 73,83% Memory free
5,92 Gb Paging File | 5,31 Gb Available in Paging File | 89,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,81 Gb Total Space | 25,14 Gb Free Space | 23,31% Space Free | Partition Type: NTFS
Drive Q: | 10,25 Gb Total Space | 5,25 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Computer Name: WOROS-THINK | User Name: woros | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.29 02:06:28 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\woros\Desktop\OTL.exe
PRC - [2012.07.19 00:43:39 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.02.28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.19 00:43:38 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.04.09 22:03:18 | 000,322,986 | ---- | M] () -- C:\Program Files\Git\git-cheetah\git_shell_ext.dll
MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.07.29 01:02:44 | 000,830,048 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012.07.19 00:43:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.06.06 21:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.23 12:01:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.09.04 23:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.09.04 21:28:16 | 000,242,976 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009.09.04 21:28:12 | 000,124,192 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009.08.27 00:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.08.23 20:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.08.07 01:37:08 | 000,424,448 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2009.08.05 06:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009.08.04 05:00:14 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009.08.04 05:00:00 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009.07.15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.03 11:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.02 03:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - [2012.07.29 01:02:45 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.04.18 20:19:43 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.08.23 20:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009.08.18 18:14:34 | 000,125,824 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2009.07.30 05:00:42 | 000,213,032 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ)
DRV - [2009.07.22 08:37:44 | 000,470,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2009.07.14 00:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress)
DRV - [2009.07.11 00:53:22 | 000,082,984 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36wgps.sys -- (e36wgps)
DRV - [2009.07.02 19:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009.07.02 01:50:00 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009.07.01 00:38:52 | 000,374,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmdm.sys -- (e36gmdm)
DRV - [2009.07.01 00:38:52 | 000,357,376 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmgmt.sys -- (e36gmgmt)
DRV - [2009.07.01 00:38:52 | 000,285,056 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e36gbus.sys -- (e36gbus)
DRV - [2009.07.01 00:38:52 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmdfl.sys -- (e36gmdfl)
DRV - [2009.06.29 22:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009.06.29 22:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.06.23 05:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.05.14 01:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.13 23:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008.05.12 11:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.05.08 21:52:22 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008.05.07 01:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.04.17 16:42:10 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.07.16 23:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007.07.16 23:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007.04.18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6971F7E8-96FB-4F3B-8E46-5247EFD6A231}
IE - HKLM\..\SearchScopes\{6971F7E8-96FB-4F3B-8E46-5247EFD6A231}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://lenovo.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={5268B7C2-EBB6-4252-8291-E012A707E263}&mid=1c8aaa0bcf1a47d0bab65c6d90002fae-e4ae3c2157b055953c5988c695577ddf2e5e749e&lang=de&ds=AVG&pr=fr&d=2012-07-29 01:02:46&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\woros\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\woros\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.29 00:59:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012.07.29 01:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 00:43:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 00:43:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011.04.22 04:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\woros\AppData\Roaming\Mozilla\Extensions
[2012.07.25 22:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions
[2012.04.30 00:41:35 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.27 04:12:46 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\searchtoolbar@zugo.com
[2011.04.27 04:12:47 | 000,001,919 | ---- | M] () -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\searchplugins\bing-zugo.xml
[2012.07.17 11:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.19 00:43:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.29 01:02:41 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.03.01 16:08:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012.03.01 16:08:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie= {inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\woros\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\woros\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\woros\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\woros\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files\Lenovo\Rescue and Recovery\rrstrigger.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Updater shortcut] C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe ()
O4 - Startup: C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\woros\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\woros\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FEBD8E-5AE4-4A19-95A6-0520FF567369}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F14F36-5ED2-4A0B-96F9-748403DC7273}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{40c8160e-6e5c-11e0-b7f7-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{40c8160e-6e5c-11e0-b7f7-028037ec0200}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{529dd1f3-69e6-11e0-85b9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{529dd1f3-69e6-11e0-85b9-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{699a7a07-70b7-11e0-90f2-9269cfdbf242}\Shell - "" = AutoRun
O33 - MountPoints2\{699a7a07-70b7-11e0-90f2-9269cfdbf242}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b5e81764-66ce-11e1-a9cb-904ce5de86f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e81764-66ce-11e1-a9cb-904ce5de86f4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b5e8176a-66ce-11e1-a9cb-904ce5de86f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e8176a-66ce-11e1-a9cb-904ce5de86f4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e29265bd-c5b5-11e1-881b-002713b2b1be}\Shell - "" = AutoRun
O33 - MountPoints2\{e29265bd-c5b5-11e1-881b-002713b2b1be}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e29265c2-c5b5-11e1-881b-002713b2b1be}\Shell - "" = AutoRun
O33 - MountPoints2\{e29265c2-c5b5-11e1-881b-002713b2b1be}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.29 02:06:24 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\woros\Desktop\OTL.exe
[2012.07.29 01:03:19 | 000,000,000 | ---D | C] -- C:\Users\woros\AppData\Roaming\AVG2012
[2012.07.29 01:02:59 | 000,000,000 | ---D | C] -- C:\Users\woros\AppData\Local\AVG Secure Search
[2012.07.29 01:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.29 01:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.07.29 01:02:45 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.07.29 01:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.07.29 01:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.07.29 00:59:54 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.07.29 00:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.07.29 00:59:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012.07.29 00:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.07.29 00:58:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.29 00:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.07.27 17:16:42 | 000,000,000 | ---D | C] -- C:\Users\woros\Desktop\loopj-jquery-tokeninput-jquery-tokeninput-1.6.0-40-g641b6dd
[2012.07.22 14:12:23 | 148,981,624 | ---- | C] (AVG Technologies) -- C:\Users\woros\Desktop\avg_free_x86_all_2012_2197a5126.exe
[2012.07.11 23:56:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.11 23:56:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.11 23:56:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.11 23:56:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 23:56:19 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.11 23:56:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.11 23:56:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 23:55:50 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 21:31:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
========== Files - Modified Within 30 Days ==========
[2012.07.29 10:27:44 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[2012.07.29 02:06:28 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\woros\Desktop\OTL.exe
[2012.07.29 02:05:52 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.29 02:05:52 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.29 02:01:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 02:01:36 | 2384,482,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.29 02:00:30 | 004,503,728 | ---- | M] () -- C:\ProgramData\735082sak823222.pad
[2012.07.29 01:41:20 | 101,711,065 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.prepare
[2012.07.29 01:40:14 | 000,027,520 | ---- | M] () -- C:\Users\woros\AppData\Local\dt.dat
[2012.07.29 01:03:06 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2012.07.29 01:02:54 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.07.29 01:02:45 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.07.29 01:00:53 | 101,381,943 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.07.29 00:48:19 | 001,978,992 | ---- | M] () -- C:\Users\woros\Desktop\avira_antivirus_premium.exe
[2012.07.29 00:03:47 | 000,001,910 | ---- | M] () -- C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.28 23:54:46 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 23:54:46 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 22:46:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1515399496-3954608368-3885527475-1001UA.job
[2012.07.27 22:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.07.27 17:16:28 | 000,016,593 | ---- | M] () -- C:\Users\woros\Desktop\loopj-jquery-tokeninput-jquery-tokeninput-1.6.0-40-g641b6dd.zip
[2012.07.27 14:15:00 | 000,018,868 | ---- | M] () -- C:\Users\woros\Desktop\carta.odt
[2012.07.27 14:11:08 | 000,117,190 | ---- | M] () -- C:\Users\woros\Desktop\12-07 UPS auftrag Wolfgang Rose.pdf
[2012.07.22 14:26:11 | 148,981,624 | ---- | M] (AVG Technologies) -- C:\Users\woros\Desktop\avg_free_x86_all_2012_2197a5126.exe
[2012.07.22 13:23:32 | 000,000,610 | ---- | M] () -- C:\SISTodo
[2012.07.22 13:23:32 | 000,000,006 | ---- | M] () -- C:\SISHashTodo
[2012.07.20 01:46:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1515399496-3954608368-3885527475-1001Core.job
[2012.07.19 16:31:18 | 000,000,348 | ---- | M] () -- C:\Users\woros\Desktop\test.html
[2012.07.15 02:10:17 | 000,030,369 | ---- | M] () -- C:\Users\woros\Desktop\image-376453-panoV9free-vget.jpg
[2012.07.12 17:43:32 | 000,002,416 | ---- | M] () -- C:\Users\woros\Desktop\Google Chrome.lnk
[2012.07.12 00:08:35 | 000,395,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012.07.29 10:27:44 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat
[2012.07.29 01:41:01 | 101,711,065 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm.prepare
[2012.07.29 01:40:14 | 000,027,520 | ---- | C] () -- C:\Users\woros\AppData\Local\dt.dat
[2012.07.29 01:03:06 | 000,000,218 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2012.07.29 01:02:54 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.07.29 00:48:12 | 001,978,992 | ---- | C] () -- C:\Users\woros\Desktop\avira_antivirus_premium.exe
[2012.07.29 00:03:47 | 004,503,728 | ---- | C] () -- C:\ProgramData\735082sak823222.pad
[2012.07.29 00:03:47 | 000,001,910 | ---- | C] () -- C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.27 17:16:28 | 000,016,593 | ---- | C] () -- C:\Users\woros\Desktop\loopj-jquery-tokeninput-jquery-tokeninput-1.6.0-40-g641b6dd.zip
[2012.07.27 14:11:07 | 000,117,190 | ---- | C] () -- C:\Users\woros\Desktop\12-07 UPS auftrag Wolfgang Rose.pdf
[2012.07.27 13:13:16 | 000,018,868 | ---- | C] () -- C:\Users\woros\Desktop\carta.odt
[2012.07.22 13:23:32 | 000,000,610 | ---- | C] () -- C:\SISTodo
[2012.07.22 13:23:32 | 000,000,006 | ---- | C] () -- C:\SISHashTodo
[2012.07.15 02:10:16 | 000,030,369 | ---- | C] () -- C:\Users\woros\Desktop\image-376453-panoV9free-vget.jpg
[2012.07.11 20:42:04 | 101,381,943 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.05.09 13:46:27 | 000,000,704 | ---- | C] () -- C:\Users\woros\_viminfo
[2012.05.08 18:20:49 | 000,000,221 | ---- | C] () -- C:\Users\woros\_netrc
[2012.05.07 00:45:36 | 000,000,050 | ---- | C] () -- C:\Users\woros\.eyrc
[2012.05.06 23:19:02 | 000,000,058 | ---- | C] () -- C:\Users\woros\.gitconfig
[2012.03.26 11:03:52 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.26 11:03:52 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7320.DAT
[2011.10.26 02:29:05 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011.10.26 02:29:05 | 000,000,222 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2011.10.26 02:26:16 | 000,176,799 | ---- | C] () -- C:\Windows\hppins12.dat
[2011.10.26 02:26:16 | 000,007,855 | ---- | C] () -- C:\Windows\hppmdl12.dat
[2011.10.26 02:23:55 | 000,000,665 | ---- | C] () -- C:\Windows\System32\hppapr12.dat
[2011.04.26 05:30:39 | 000,003,584 | ---- | C] () -- C:\Users\woros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 20:11:06 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.04.18 20:11:06 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.04.18 20:11:06 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2011.04.18 20:11:06 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
========== LOP Check ==========
[2012.05.13 15:27:22 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Amazon
[2012.07.29 01:03:19 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\AVG2012
[2012.03.05 16:26:06 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Bytemobile
[2012.03.07 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Dev-Cpp
[2012.07.29 02:00:18 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Dropbox
[2012.04.30 00:41:40 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\DVDVideoSoft
[2012.04.30 00:41:35 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.29 01:38:52 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\HCM Updater
[2011.04.22 04:17:26 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Lenovo
[2011.04.29 08:52:16 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\mp3DirectCut
[2012.02.29 15:45:12 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\OpenOffice.org
[2012.03.07 02:07:57 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Pelles C
[2012.05.06 17:47:41 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Sublime Text 2
[2012.03.05 09:34:37 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\WindSolutions
[2012.07.27 22:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.07 10:42:57 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.29 01:03:06 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\SidebarExecute.job
========== Purity Check ==========
< End of report >
| Ich würde mich unglaublich freuen, wenn ich ebenfalls eine personalisierte fix anweisung von euch bekommen könnte so wie in den anderen Threads, die man aber ja leider nicht übernehmen kann, weil sie personalisiert sind. Vielen Dank im vorraus!! Falls irgendeine information fehlt, kann ich diese nachreichen
|
29.07.2012, 11:13
sorry 
Linear-Darstellung
