Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU-Trojaner mit webcam-bild, otl scan mitgeliefert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.07.2012, 11:13   #1
javi
 
GVU-Trojaner mit webcam-bild, otl scan mitgeliefert - Standard

GVU-Trojaner mit webcam-bild, otl scan mitgeliefert



Guten Tag,
mein Windows 7 Professional 32 bit pc ist leider mit dem gvu trojaner infiziert, und lässt sich weder durch ein anti viren programm, noch sonstige schritte entfernen, die ich bisher googlen konnte.

Hier ist meine otl txt:

Zitat:
OTL logfile created on: 29.07.2012 12:10:31 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\woros\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

2,96 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 73,83% Memory free
5,92 Gb Paging File | 5,31 Gb Available in Paging File | 89,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,81 Gb Total Space | 25,14 Gb Free Space | 23,31% Space Free | Partition Type: NTFS
Drive Q: | 10,25 Gb Total Space | 5,25 Gb Free Space | 51,16% Space Free | Partition Type: NTFS

Computer Name: WOROS-THINK | User Name: woros | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.29 02:06:28 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\woros\Desktop\OTL.exe
PRC - [2012.07.19 00:43:39 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.02.28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.19 00:43:38 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.04.09 22:03:18 | 000,322,986 | ---- | M] () -- C:\Program Files\Git\git-cheetah\git_shell_ext.dll
MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.07.29 01:02:44 | 000,830,048 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012.07.19 00:43:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.06.06 21:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.23 12:01:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.09.04 23:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.09.04 21:28:16 | 000,242,976 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009.09.04 21:28:12 | 000,124,192 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009.08.27 00:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.08.23 20:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.08.07 01:37:08 | 000,424,448 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2009.08.05 06:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009.08.04 05:00:14 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009.08.04 05:00:00 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009.07.15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.03 11:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.02 03:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2012.07.29 01:02:45 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.04.18 20:19:43 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.08.23 20:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009.08.18 18:14:34 | 000,125,824 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2009.07.30 05:00:42 | 000,213,032 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ)
DRV - [2009.07.22 08:37:44 | 000,470,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2009.07.14 00:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress)
DRV - [2009.07.11 00:53:22 | 000,082,984 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36wgps.sys -- (e36wgps)
DRV - [2009.07.02 19:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009.07.02 01:50:00 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009.07.01 00:38:52 | 000,374,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmdm.sys -- (e36gmdm)
DRV - [2009.07.01 00:38:52 | 000,357,376 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmgmt.sys -- (e36gmgmt)
DRV - [2009.07.01 00:38:52 | 000,285,056 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e36gbus.sys -- (e36gbus)
DRV - [2009.07.01 00:38:52 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmdfl.sys -- (e36gmdfl)
DRV - [2009.06.29 22:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009.06.29 22:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.06.23 05:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.05.14 01:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.13 23:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008.05.12 11:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.05.08 21:52:22 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008.05.07 01:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.04.17 16:42:10 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.07.16 23:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007.07.16 23:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007.04.18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6971F7E8-96FB-4F3B-8E46-5247EFD6A231}
IE - HKLM\..\SearchScopes\{6971F7E8-96FB-4F3B-8E46-5247EFD6A231}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://lenovo.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={5268B7C2-EBB6-4252-8291-E012A707E263}&mid=1c8aaa0bcf1a47d0bab65c6d90002fae-e4ae3c2157b055953c5988c695577ddf2e5e749e&lang=de&ds=AVG&pr=fr&d=2012-07-29 01:02:46&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\woros\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\woros\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.29 00:59:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012.07.29 01:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 00:43:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 00:43:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.04.22 04:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\woros\AppData\Roaming\Mozilla\Extensions
[2012.07.25 22:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions
[2012.04.30 00:41:35 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.27 04:12:46 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\searchtoolbar@zugo.com
[2011.04.27 04:12:47 | 000,001,919 | ---- | M] () -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\searchplugins\bing-zugo.xml
[2012.07.17 11:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.19 00:43:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.29 01:02:41 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.03.01 16:08:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012.03.01 16:08:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie= {inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\woros\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\woros\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\woros\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\woros\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files\Lenovo\Rescue and Recovery\rrstrigger.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Updater shortcut] C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe ()
O4 - Startup: C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\woros\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\woros\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FEBD8E-5AE4-4A19-95A6-0520FF567369}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F14F36-5ED2-4A0B-96F9-748403DC7273}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{40c8160e-6e5c-11e0-b7f7-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{40c8160e-6e5c-11e0-b7f7-028037ec0200}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{529dd1f3-69e6-11e0-85b9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{529dd1f3-69e6-11e0-85b9-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{699a7a07-70b7-11e0-90f2-9269cfdbf242}\Shell - "" = AutoRun
O33 - MountPoints2\{699a7a07-70b7-11e0-90f2-9269cfdbf242}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b5e81764-66ce-11e1-a9cb-904ce5de86f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e81764-66ce-11e1-a9cb-904ce5de86f4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b5e8176a-66ce-11e1-a9cb-904ce5de86f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e8176a-66ce-11e1-a9cb-904ce5de86f4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e29265bd-c5b5-11e1-881b-002713b2b1be}\Shell - "" = AutoRun
O33 - MountPoints2\{e29265bd-c5b5-11e1-881b-002713b2b1be}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e29265c2-c5b5-11e1-881b-002713b2b1be}\Shell - "" = AutoRun
O33 - MountPoints2\{e29265c2-c5b5-11e1-881b-002713b2b1be}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.29 02:06:24 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\woros\Desktop\OTL.exe
[2012.07.29 01:03:19 | 000,000,000 | ---D | C] -- C:\Users\woros\AppData\Roaming\AVG2012
[2012.07.29 01:02:59 | 000,000,000 | ---D | C] -- C:\Users\woros\AppData\Local\AVG Secure Search
[2012.07.29 01:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.29 01:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.07.29 01:02:45 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.07.29 01:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.07.29 01:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.07.29 00:59:54 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.07.29 00:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.07.29 00:59:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012.07.29 00:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.07.29 00:58:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.29 00:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.07.27 17:16:42 | 000,000,000 | ---D | C] -- C:\Users\woros\Desktop\loopj-jquery-tokeninput-jquery-tokeninput-1.6.0-40-g641b6dd
[2012.07.22 14:12:23 | 148,981,624 | ---- | C] (AVG Technologies) -- C:\Users\woros\Desktop\avg_free_x86_all_2012_2197a5126.exe
[2012.07.11 23:56:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.11 23:56:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.11 23:56:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.11 23:56:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 23:56:19 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.11 23:56:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.11 23:56:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 23:55:50 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 21:31:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

========== Files - Modified Within 30 Days ==========

[2012.07.29 10:27:44 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[2012.07.29 02:06:28 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\woros\Desktop\OTL.exe
[2012.07.29 02:05:52 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.29 02:05:52 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.29 02:01:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 02:01:36 | 2384,482,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.29 02:00:30 | 004,503,728 | ---- | M] () -- C:\ProgramData\735082sak823222.pad
[2012.07.29 01:41:20 | 101,711,065 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.prepare
[2012.07.29 01:40:14 | 000,027,520 | ---- | M] () -- C:\Users\woros\AppData\Local\dt.dat
[2012.07.29 01:03:06 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2012.07.29 01:02:54 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.07.29 01:02:45 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.07.29 01:00:53 | 101,381,943 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.07.29 00:48:19 | 001,978,992 | ---- | M] () -- C:\Users\woros\Desktop\avira_antivirus_premium.exe
[2012.07.29 00:03:47 | 000,001,910 | ---- | M] () -- C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.28 23:54:46 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 23:54:46 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 22:46:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1515399496-3954608368-3885527475-1001UA.job
[2012.07.27 22:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.07.27 17:16:28 | 000,016,593 | ---- | M] () -- C:\Users\woros\Desktop\loopj-jquery-tokeninput-jquery-tokeninput-1.6.0-40-g641b6dd.zip
[2012.07.27 14:15:00 | 000,018,868 | ---- | M] () -- C:\Users\woros\Desktop\carta.odt
[2012.07.27 14:11:08 | 000,117,190 | ---- | M] () -- C:\Users\woros\Desktop\12-07 UPS auftrag Wolfgang Rose.pdf
[2012.07.22 14:26:11 | 148,981,624 | ---- | M] (AVG Technologies) -- C:\Users\woros\Desktop\avg_free_x86_all_2012_2197a5126.exe
[2012.07.22 13:23:32 | 000,000,610 | ---- | M] () -- C:\SISTodo
[2012.07.22 13:23:32 | 000,000,006 | ---- | M] () -- C:\SISHashTodo
[2012.07.20 01:46:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1515399496-3954608368-3885527475-1001Core.job
[2012.07.19 16:31:18 | 000,000,348 | ---- | M] () -- C:\Users\woros\Desktop\test.html
[2012.07.15 02:10:17 | 000,030,369 | ---- | M] () -- C:\Users\woros\Desktop\image-376453-panoV9free-vget.jpg
[2012.07.12 17:43:32 | 000,002,416 | ---- | M] () -- C:\Users\woros\Desktop\Google Chrome.lnk
[2012.07.12 00:08:35 | 000,395,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012.07.29 10:27:44 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat
[2012.07.29 01:41:01 | 101,711,065 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm.prepare
[2012.07.29 01:40:14 | 000,027,520 | ---- | C] () -- C:\Users\woros\AppData\Local\dt.dat
[2012.07.29 01:03:06 | 000,000,218 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2012.07.29 01:02:54 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.07.29 00:48:12 | 001,978,992 | ---- | C] () -- C:\Users\woros\Desktop\avira_antivirus_premium.exe
[2012.07.29 00:03:47 | 004,503,728 | ---- | C] () -- C:\ProgramData\735082sak823222.pad
[2012.07.29 00:03:47 | 000,001,910 | ---- | C] () -- C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.27 17:16:28 | 000,016,593 | ---- | C] () -- C:\Users\woros\Desktop\loopj-jquery-tokeninput-jquery-tokeninput-1.6.0-40-g641b6dd.zip
[2012.07.27 14:11:07 | 000,117,190 | ---- | C] () -- C:\Users\woros\Desktop\12-07 UPS auftrag Wolfgang Rose.pdf
[2012.07.27 13:13:16 | 000,018,868 | ---- | C] () -- C:\Users\woros\Desktop\carta.odt
[2012.07.22 13:23:32 | 000,000,610 | ---- | C] () -- C:\SISTodo
[2012.07.22 13:23:32 | 000,000,006 | ---- | C] () -- C:\SISHashTodo
[2012.07.15 02:10:16 | 000,030,369 | ---- | C] () -- C:\Users\woros\Desktop\image-376453-panoV9free-vget.jpg
[2012.07.11 20:42:04 | 101,381,943 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.05.09 13:46:27 | 000,000,704 | ---- | C] () -- C:\Users\woros\_viminfo
[2012.05.08 18:20:49 | 000,000,221 | ---- | C] () -- C:\Users\woros\_netrc
[2012.05.07 00:45:36 | 000,000,050 | ---- | C] () -- C:\Users\woros\.eyrc
[2012.05.06 23:19:02 | 000,000,058 | ---- | C] () -- C:\Users\woros\.gitconfig
[2012.03.26 11:03:52 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.26 11:03:52 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7320.DAT
[2011.10.26 02:29:05 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011.10.26 02:29:05 | 000,000,222 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2011.10.26 02:26:16 | 000,176,799 | ---- | C] () -- C:\Windows\hppins12.dat
[2011.10.26 02:26:16 | 000,007,855 | ---- | C] () -- C:\Windows\hppmdl12.dat
[2011.10.26 02:23:55 | 000,000,665 | ---- | C] () -- C:\Windows\System32\hppapr12.dat
[2011.04.26 05:30:39 | 000,003,584 | ---- | C] () -- C:\Users\woros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 20:11:06 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.04.18 20:11:06 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.04.18 20:11:06 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2011.04.18 20:11:06 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

========== LOP Check ==========

[2012.05.13 15:27:22 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Amazon
[2012.07.29 01:03:19 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\AVG2012
[2012.03.05 16:26:06 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Bytemobile
[2012.03.07 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Dev-Cpp
[2012.07.29 02:00:18 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Dropbox
[2012.04.30 00:41:40 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\DVDVideoSoft
[2012.04.30 00:41:35 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.29 01:38:52 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\HCM Updater
[2011.04.22 04:17:26 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Lenovo
[2011.04.29 08:52:16 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\mp3DirectCut
[2012.02.29 15:45:12 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\OpenOffice.org
[2012.03.07 02:07:57 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Pelles C
[2012.05.06 17:47:41 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\Sublime Text 2
[2012.03.05 09:34:37 | 000,000,000 | ---D | M] -- C:\Users\woros\AppData\Roaming\WindSolutions
[2012.07.27 22:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.07 10:42:57 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.29 01:03:06 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\SidebarExecute.job

========== Purity Check ==========



< End of report >
Ich würde mich unglaublich freuen, wenn ich ebenfalls eine personalisierte fix anweisung von euch bekommen könnte so wie in den anderen Threads, die man aber ja leider nicht übernehmen kann, weil sie personalisiert sind. Vielen Dank im vorraus!! Falls irgendeine information fehlt, kann ich diese nachreichen

Alt 29.07.2012, 12:30   #2
t'john
/// Helfer-Team
 
GVU-Trojaner mit webcam-bild, otl scan mitgeliefert - Standard

GVU-Trojaner mit webcam-bild, otl scan mitgeliefert



Was soll der SPAM?
http://www.trojaner-board.de/120680-...bcam-bild.html
__________________

__________________

Alt 29.07.2012, 12:42   #3
javi
 
GVU-Trojaner mit webcam-bild, otl scan mitgeliefert - Standard

GVU-Trojaner mit webcam-bild, otl scan mitgeliefert



Das habe ich ja am Ende des anderen Themas geschrieben. Ich konnte den Beitrag leider nicht editieren oder löschen. Der otl scan war nciht so, wie ich es später in der anleitung gelesen habe. Der spam war nicht gewollt, sorry, falls es so wirkte. Ich hätte das andere Thema ja editiert oder gelöscht, aber es ging nicht. Ich hätte nur meinem eigenen thema antworten können, aber das schien mir unübersichtlicher. sorry
__________________

Alt 29.07.2012, 12:44   #4
t'john
/// Helfer-Team
 
GVU-Trojaner mit webcam-bild, otl scan mitgeliefert - Standard

GVU-Trojaner mit webcam-bild, otl scan mitgeliefert



OK. Im anderen geht es weiter.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU-Trojaner mit webcam-bild, otl scan mitgeliefert
32 bit, adobe, antivirus, auftrag, autorun, avg, avg secure search, avg security toolbar, avira, bho, bingbar, bonjour, cid, defender, entfernen, firefox, format, geliefert, google, helper, hewlett packard, launch, lenovo, logfile, monitor, mozilla, plug-in, programm, registry, scan, searchscopes, secure search, security, software, t-mobile, trojaner, viren, vtoolbarupdater, windows



Ähnliche Themen: GVU-Trojaner mit webcam-bild, otl scan mitgeliefert


  1. Fehlermeldung ".exe - ungültiges Bild" + Ergebniss Farbar's Recovery Scan Tool
    Plagegeister aller Art und deren Bekämpfung - 04.05.2015 (9)
  2. `Österreichischer Polizeivirus mit Webcam-Bild... Hilfe
    Plagegeister aller Art und deren Bekämpfung - 28.08.2013 (4)
  3. gvu Trojaner mit webcam Bild, Windows XP
    Log-Analyse und Auswertung - 06.08.2013 (16)
  4. Win7 GVU/BKA Trojaner / webcam bild / abgesicherter Modus läuft nicht /
    Log-Analyse und Auswertung - 28.07.2013 (18)
  5. BKA - Virus neu "Mit Webcam Bild"
    Log-Analyse und Auswertung - 12.07.2013 (5)
  6. Trojaner mit Zahlungsaufforderung 100€ + Webcam Bild
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (16)
  7. GVU-Trojaner mit Webcam Bild auf WIN7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (10)
  8. Polizei Trojaner mit Webcam Bild
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (13)
  9. GVU Trojaner mit Webcam-Bild
    Log-Analyse und Auswertung - 29.09.2012 (10)
  10. GVU Trojaner mit Webcam-Bild eingefangen
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (14)
  11. GVU Trojaner mit Bild von Webcam auf der rechten Seite im Screen
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (9)
  12. Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (11)
  13. GVU-Trojaner mit webcam-bild
    Log-Analyse und Auswertung - 14.08.2012 (6)
  14. GVU-Trojaner 2.07 mit Webcam-Bild sperrt mein System Win 7 64bit
    Log-Analyse und Auswertung - 20.07.2012 (8)
  15. GVU-Trojaner mit Webcam-Bild
    Log-Analyse und Auswertung - 16.07.2012 (8)
  16. GVU-Trojaner 2.07 mit Webcam-Bild - Ukash 100€ blockiert mein System
    Log-Analyse und Auswertung - 15.07.2012 (14)
  17. WIN 7 Home Premium GVU Trojaner mit Webcam-Bild
    Log-Analyse und Auswertung - 11.07.2012 (1)

Zum Thema GVU-Trojaner mit webcam-bild, otl scan mitgeliefert - Guten Tag, mein Windows 7 Professional 32 bit pc ist leider mit dem gvu trojaner infiziert, und lässt sich weder durch ein anti viren programm, noch sonstige schritte entfernen, die - GVU-Trojaner mit webcam-bild, otl scan mitgeliefert...
Archiv
Du betrachtest: GVU-Trojaner mit webcam-bild, otl scan mitgeliefert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.