Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU-Trojaner mit webcam-bild (https://www.trojaner-board.de/120680-gvu-trojaner-webcam-bild.html)

javi 29.07.2012 01:22
GVU-Trojaner mit webcam-bild
 
Ich war bereits sehr optimistisch, den Trojaner doch entfernen zu können, da es hier im Forum wirklich tollen Support gibt, doch dann sah ich beim mitlesen eines gvu-Trojaner-problems eines anderes users: "Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!"

Deshalb öffne ich nun ein eigenes Thema, und würde mich unglaublich freuen, wenn mir auch geholfen werden könnte.

Ich habe es beim mitlesen so verstanden, dass man sich das otl.exe programm herunterlädt, einen scan durchführt und die dann sich öffnende otl.txt hier posted. Wenn irgendetwas fehlt, poste ich es später.
Mein Betriebssystem ist Windows 7 Professional 32 bit. Es ist ein Lenovo PC.

Hier die otl.txt:

OTL Logfile:
Code:
OTL logfile created on: 29.07.2012 02:10:18 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\woros\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 81,00% Memory free
5,92 Gb Paging File | 5,40 Gb Available in Paging File | 91,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,81 Gb Total Space | 25,17 Gb Free Space | 23,35% Space Free | Partition Type: NTFS
Drive Q: | 10,25 Gb Total Space | 5,25 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
 
Computer Name: WOROS-THINK | User Name: woros | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.29 02:06:28 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\woros\Desktop\OTL.exe
PRC - [2012.07.19 00:43:39 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.02.28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 00:43:38 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.04.09 22:03:18 | 000,322,986 | ---- | M] () -- C:\Program Files\Git\git-cheetah\git_shell_ext.dll
MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.29 01:02:44 | 000,830,048 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012.07.19 00:43:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.06.06 21:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.23 12:01:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.09.04 23:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.09.04 21:28:16 | 000,242,976 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009.09.04 21:28:12 | 000,124,192 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009.08.27 00:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.08.23 20:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.08.07 01:37:08 | 000,424,448 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2009.08.05 06:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009.08.04 05:00:14 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009.08.04 05:00:00 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009.07.15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.03 11:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.02 03:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.29 01:02:45 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.04.18 20:19:43 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.08.23 20:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009.08.18 18:14:34 | 000,125,824 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2009.07.30 05:00:42 | 000,213,032 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ)
DRV - [2009.07.22 08:37:44 | 000,470,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2009.07.14 00:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress)
DRV - [2009.07.11 00:53:22 | 000,082,984 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36wgps.sys -- (e36wgps)
DRV - [2009.07.02 19:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009.07.02 01:50:00 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009.07.01 00:38:52 | 000,374,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmdm.sys -- (e36gmdm)
DRV - [2009.07.01 00:38:52 | 000,357,376 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmgmt.sys -- (e36gmgmt)
DRV - [2009.07.01 00:38:52 | 000,285,056 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e36gbus.sys -- (e36gbus)
DRV - [2009.07.01 00:38:52 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmdfl.sys -- (e36gmdfl)
DRV - [2009.06.29 22:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009.06.29 22:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.06.23 05:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.05.14 01:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.13 23:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008.05.12 11:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.05.08 21:52:22 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008.05.07 01:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.04.17 16:42:10 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.07.16 23:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007.07.16 23:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007.04.18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6971F7E8-96FB-4F3B-8E46-5247EFD6A231}
IE - HKLM\..\SearchScopes\{6971F7E8-96FB-4F3B-8E46-5247EFD6A231}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://lenovo.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={5268B7C2-EBB6-4252-8291-E012A707E263}&mid=1c8aaa0bcf1a47d0bab65c6d90002fae-e4ae3c2157b055953c5988c695577ddf2e5e749e&lang=de&ds=AVG&pr=fr&d=2012-07-29 01:02:46&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\woros\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\woros\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.29 00:59:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012.07.29 01:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 00:43:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 00:43:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.04.22 04:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\woros\AppData\Roaming\Mozilla\Extensions
[2012.07.25 22:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions
[2012.04.30 00:41:35 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.27 04:12:46 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\searchtoolbar@zugo.com
[2011.04.27 04:12:47 | 000,001,919 | ---- | M] () -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\searchplugins\bing-zugo.xml
[2012.07.17 11:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.19 00:43:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.29 01:02:41 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.03.01 16:08:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012.03.01 16:08:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\woros\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\woros\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\woros\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\woros\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files\Lenovo\Rescue and Recovery\rrstrigger.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Updater shortcut] C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe ()
O4 - Startup: C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\woros\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\woros\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FEBD8E-5AE4-4A19-95A6-0520FF567369}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F14F36-5ED2-4A0B-96F9-748403DC7273}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{40c8160e-6e5c-11e0-b7f7-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{40c8160e-6e5c-11e0-b7f7-028037ec0200}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{529dd1f3-69e6-11e0-85b9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{529dd1f3-69e6-11e0-85b9-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{699a7a07-70b7-11e0-90f2-9269cfdbf242}\Shell - "" = AutoRun
O33 - MountPoints2\{699a7a07-70b7-11e0-90f2-9269cfdbf242}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b5e81764-66ce-11e1-a9cb-904ce5de86f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e81764-66ce-11e1-a9cb-904ce5de86f4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b5e8176a-66ce-11e1-a9cb-904ce5de86f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e8176a-66ce-11e1-a9cb-904ce5de86f4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e29265bd-c5b5-11e1-881b-002713b2b1be}\Shell - "" = AutoRun
O33 - MountPoints2\{e29265bd-c5b5-11e1-881b-002713b2b1be}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e29265c2-c5b5-11e1-881b-002713b2b1be}\Shell - "" = AutoRun
O33 - MountPoints2\{e29265c2-c5b5-11e1-881b-002713b2b1be}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.29 02:06:24 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\woros\Desktop\OTL.exe
[2012.07.29 01:03:19 | 000,000,000 | ---D | C] -- C:\Users\woros\AppData\Roaming\AVG2012
[2012.07.29 01:02:59 | 000,000,000 | ---D | C] -- C:\Users\woros\AppData\Local\AVG Secure Search
[2012.07.29 01:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.29 01:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.07.29 01:02:45 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.07.29 01:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.07.29 01:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.07.29 00:59:54 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.07.29 00:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.07.29 00:59:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012.07.29 00:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.07.29 00:58:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.29 00:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.07.27 17:16:42 | 000,000,000 | ---D | C] -- C:\Users\woros\Desktop\loopj-jquery-tokeninput-jquery-tokeninput-1.6.0-40-g641b6dd
[2012.07.22 14:12:23 | 148,981,624 | ---- | C] (AVG Technologies) -- C:\Users\woros\Desktop\avg_free_x86_all_2012_2197a5126.exe
[2012.07.11 23:56:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.11 23:56:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.11 23:56:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.11 23:56:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 23:56:19 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.11 23:56:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.11 23:56:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 23:55:50 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 21:31:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.29 10:27:44 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[2012.07.29 02:06:28 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\woros\Desktop\OTL.exe
[2012.07.29 02:05:52 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.29 02:05:52 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.29 02:01:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 02:01:36 | 2384,482,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.29 02:00:30 | 004,503,728 | ---- | M] () -- C:\ProgramData\735082sak823222.pad
[2012.07.29 01:41:20 | 101,711,065 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.prepare
[2012.07.29 01:40:14 | 000,027,520 | ---- | M] () -- C:\Users\woros\AppData\Local\dt.dat
[2012.07.29 01:03:06 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2012.07.29 01:02:54 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.07.29 01:02:45 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.07.29 01:00:53 | 101,381,943 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.07.29 00:48:19 | 001,978,992 | ---- | M] () -- C:\Users\woros\Desktop\avira_antivirus_premium.exe
[2012.07.29 00:03:47 | 000,001,910 | ---- | M] () -- C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.28 23:54:46 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 23:54:46 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 22:46:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1515399496-3954608368-3885527475-1001UA.job
[2012.07.27 22:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.07.27 17:16:28 | 000,016,593 | ---- | M] () -- C:\Users\woros\Desktop\loopj-jquery-tokeninput-jquery-tokeninput-1.6.0-40-g641b6dd.zip
[2012.07.27 14:15:00 | 000,018,868 | ---- | M] () -- C:\Users\woros\Desktop\carta.odt
[2012.07.27 14:11:08 | 000,117,190 | ---- | M] () -- C:\Users\woros\Desktop\12-07 UPS auftrag Wolfgang Rose.pdf
[2012.07.22 14:26:11 | 148,981,624 | ---- | M] (AVG Technologies) -- C:\Users\woros\Desktop\avg_free_x86_all_2012_2197a5126.exe
[2012.07.22 13:23:32 | 000,000,610 | ---- | M] () -- C:\SISTodo
[2012.07.22 13:23:32 | 000,000,006 | ---- | M] () -- C:\SISHashTodo
[2012.07.20 01:46:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1515399496-3954608368-3885527475-1001Core.job
[2012.07.19 16:31:18 | 000,000,348 | ---- | M] () -- C:\Users\woros\Desktop\test.html
[2012.07.15 02:10:17 | 000,030,369 | ---- | M] () -- C:\Users\woros\Desktop\image-376453-panoV9free-vget.jpg
[2012.07.12 17:43:32 | 000,002,416 | ---- | M] () -- C:\Users\woros\Desktop\Google Chrome.lnk
[2012.07.12 00:08:35 | 000,395,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.29 10:27:44 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat
[2012.07.29 01:41:01 | 101,711,065 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm.prepare
[2012.07.29 01:40:14 | 000,027,520 | ---- | C] () -- C:\Users\woros\AppData\Local\dt.dat
[2012.07.29 01:03:06 | 000,000,218 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2012.07.29 01:02:54 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.07.29 00:48:12 | 001,978,992 | ---- | C] () -- C:\Users\woros\Desktop\avira_antivirus_premium.exe
[2012.07.29 00:03:47 | 004,503,728 | ---- | C] () -- C:\ProgramData\735082sak823222.pad
[2012.07.29 00:03:47 | 000,001,910 | ---- | C] () -- C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.27 17:16:28 | 000,016,593 | ---- | C] () -- C:\Users\woros\Desktop\loopj-jquery-tokeninput-jquery-tokeninput-1.6.0-40-g641b6dd.zip
[2012.07.27 14:11:07 | 000,117,190 | ---- | C] () -- C:\Users\woros\Desktop\12-07 UPS auftrag Wolfgang Rose.pdf
[2012.07.27 13:13:16 | 000,018,868 | ---- | C] () -- C:\Users\woros\Desktop\carta.odt
[2012.07.22 13:23:32 | 000,000,610 | ---- | C] () -- C:\SISTodo
[2012.07.22 13:23:32 | 000,000,006 | ---- | C] () -- C:\SISHashTodo
[2012.07.15 02:10:16 | 000,030,369 | ---- | C] () -- C:\Users\woros\Desktop\image-376453-panoV9free-vget.jpg
[2012.07.11 20:42:04 | 101,381,943 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.05.09 13:46:27 | 000,000,704 | ---- | C] () -- C:\Users\woros\_viminfo
[2012.05.08 18:20:49 | 000,000,221 | ---- | C] () -- C:\Users\woros\_netrc
[2012.05.07 00:45:36 | 000,000,050 | ---- | C] () -- C:\Users\woros\.eyrc
[2012.05.06 23:19:02 | 000,000,058 | ---- | C] () -- C:\Users\woros\.gitconfig
[2012.03.26 11:03:52 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.26 11:03:52 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7320.DAT
[2011.10.26 02:29:05 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011.10.26 02:29:05 | 000,000,222 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2011.10.26 02:26:16 | 000,176,799 | ---- | C] () -- C:\Windows\hppins12.dat
[2011.10.26 02:26:16 | 000,007,855 | ---- | C] () -- C:\Windows\hppmdl12.dat
[2011.10.26 02:23:55 | 000,000,665 | ---- | C] () -- C:\Windows\System32\hppapr12.dat
[2011.04.26 05:30:39 | 000,003,584 | ---- | C] () -- C:\Users\woros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 20:11:06 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.04.18 20:11:06 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.04.18 20:11:06 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2011.04.18 20:11:06 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

< End of report >
--- --- ---


Vielen vielen Dank im Vorraus für jegliche Hilfe!!!!
Ich hab schon viel gegoogled aber all die Anleitungen klappen leider nicht bei mir, und eine systemwiederherstellung wird aus irgendeinem Grund immer bei einem bestimmten Punkt abgebrochen...
Vielen Dank im vorraus!!

ich kann das thema leider nicht mehr editieren oder löschen. Ich habe den otl scan nicht richtig ausgeführt. hatte vergessen LOP und purity prüfung zu aktivieren sowie die safe-list bei der registrierung vorzunehmen. Ich erstelle nochmal ein neues Thema, da ich, wie gesagt, dieses hier leider nicht mehr editieren kann. Vielleicht kann ein Moderator dieses thema hier dann ja löschen. Vielen Dank

t'john 29.07.2012 12:32
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
SRV - [2012.07.29 01:02:44 | 000,830,048 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012.07.19 00:43:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
IE - HKLM\..\SearchScopes,DefaultScope = {6971F7E8-96FB-4F3B-8E46-5247EFD6A231}
IE - HKLM\..\SearchScopes\{6971F7E8-96FB-4F3B-8E46-5247EFD6A231}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={5268B7C2-EBB6-4252-8291-E012A707E263}&mid=1c8aaa0bcf1a47d0bab65c6d90002fae-e4ae3c2157b055953c5988c695577ddf2e5e749e&lang=de&ds=AVG&pr=fr&d=2012-07-29 01:02:46&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z039&form=ZGAADF&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\woros\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\woros\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012.07.29 01:02:52 | 000,000,000 | ---D | M]

[2011.04.27 04:12:46 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\searchtoolbar@zugo.com

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [] File not found
 

O4 - Startup: C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\woros\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{40c8160e-6e5c-11e0-b7f7-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{40c8160e-6e5c-11e0-b7f7-028037ec0200}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{529dd1f3-69e6-11e0-85b9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{529dd1f3-69e6-11e0-85b9-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{699a7a07-70b7-11e0-90f2-9269cfdbf242}\Shell - "" = AutoRun
O33 - MountPoints2\{699a7a07-70b7-11e0-90f2-9269cfdbf242}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b5e81764-66ce-11e1-a9cb-904ce5de86f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e81764-66ce-11e1-a9cb-904ce5de86f4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b5e8176a-66ce-11e1-a9cb-904ce5de86f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e8176a-66ce-11e1-a9cb-904ce5de86f4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e29265bd-c5b5-11e1-881b-002713b2b1be}\Shell - "" = AutoRun
O33 - MountPoints2\{e29265bd-c5b5-11e1-881b-002713b2b1be}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e29265c2-c5b5-11e1-881b-002713b2b1be}\Shell - "" = AutoRun
O33 - MountPoints2\{e29265c2-c5b5-11e1-881b-002713b2b1be}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe


[2012.07.29 02:00:30 | 004,503,728 | ---- | M] () -- C:\ProgramData\735082sak823222.pad
[2012.07.29 00:03:47 | 000,001,910 | ---- | M] () -- C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

 
[2012.07.29 01:03:06 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job

[2012.07.28 22:46:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1515399496-3954608368-3885527475-1001UA.job
[2012.07.27 22:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.07.20 01:46:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1515399496-3954608368-3885527475-1001Core.job
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

javi 29.07.2012 12:50
Der PC ist jetzt neu gestartet im normalen Modus. Bisher ist der Trojaner nicht wieder aufgetaucht. Hoffentlich bleibt das so. Hier die clean log:

Zitat:
All processes killed
========== OTL ==========
Service vToolbarUpdater12.1.5 stopped successfully!
Service vToolbarUpdater12.1.5 deleted successfully!
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe moved successfully.
Service MozillaMaintenance stopped successfully!
Service MozillaMaintenance deleted successfully!
C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe moved successfully.
Service AVGIDSAgent stopped successfully!
Service AVGIDSAgent deleted successfully!
C:\Program Files\AVG\AVG2012\avgidsagent.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6971F7E8-96FB-4F3B-8E46-5247EFD6A231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6971F7E8-96FB-4F3B-8E46-5247EFD6A231}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76E9350E-0392-9C19-F83A-99BC015260AF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "AVG Secure Search" removed from browser.search.selectedEngine
Prefs.js: "www.facebook.com" removed from browser.startup.homepage
Prefs.js: "hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\woros\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\woros\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ not found.
C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\searchtoolbar@zugo.com\defaults\preferences folder moved successfully.
C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\searchtoolbar@zugo.com\defaults folder moved successfully.
C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\searchtoolbar@zugo.com\components folder moved successfully.
C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\searchtoolbar@zugo.com\chrome\skin folder moved successfully.
C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\searchtoolbar@zugo.com\chrome\content folder moved successfully.
C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\searchtoolbar@zugo.com\chrome folder moved successfully.
C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\extensions\searchtoolbar@zugo.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
C:\Program Files\Search Toolbar\SearchToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
C:\Users\woros\AppData\Roaming\Dropbox\bin\Dropbox.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Q:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40c8160e-6e5c-11e0-b7f7-028037ec0200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c8160e-6e5c-11e0-b7f7-028037ec0200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40c8160e-6e5c-11e0-b7f7-028037ec0200}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c8160e-6e5c-11e0-b7f7-028037ec0200}\ not found.
File "D:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{529dd1f3-69e6-11e0-85b9-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{529dd1f3-69e6-11e0-85b9-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{529dd1f3-69e6-11e0-85b9-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{529dd1f3-69e6-11e0-85b9-806e6f6e6963}\ not found.
Q:\LenovoQDrive.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{699a7a07-70b7-11e0-90f2-9269cfdbf242}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{699a7a07-70b7-11e0-90f2-9269cfdbf242}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{699a7a07-70b7-11e0-90f2-9269cfdbf242}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{699a7a07-70b7-11e0-90f2-9269cfdbf242}\ not found.
File "D:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e81764-66ce-11e1-a9cb-904ce5de86f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e81764-66ce-11e1-a9cb-904ce5de86f4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e81764-66ce-11e1-a9cb-904ce5de86f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e81764-66ce-11e1-a9cb-904ce5de86f4}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e8176a-66ce-11e1-a9cb-904ce5de86f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e8176a-66ce-11e1-a9cb-904ce5de86f4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e8176a-66ce-11e1-a9cb-904ce5de86f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e8176a-66ce-11e1-a9cb-904ce5de86f4}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e29265bd-c5b5-11e1-881b-002713b2b1be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e29265bd-c5b5-11e1-881b-002713b2b1be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e29265bd-c5b5-11e1-881b-002713b2b1be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e29265bd-c5b5-11e1-881b-002713b2b1be}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e29265c2-c5b5-11e1-881b-002713b2b1be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e29265c2-c5b5-11e1-881b-002713b2b1be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e29265c2-c5b5-11e1-881b-002713b2b1be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e29265c2-c5b5-11e1-881b-002713b2b1be}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\AutoRun.exe not found.
C:\ProgramData\735082sak823222.pad moved successfully.
C:\Users\woros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\Windows\Tasks\SidebarExecute.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1515399496-3954608368-3885527475-1001UA.job moved successfully.
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1515399496-3954608368-3885527475-1001Core.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\woros\Desktop\cmd.bat deleted successfully.
C:\Users\woros\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: woros
->Temp folder emptied: 253630626 bytes
->Temporary Internet Files folder emptied: 35709889 bytes
->Java cache emptied: 517298 bytes
->FireFox cache emptied: 76663800 bytes
->Google Chrome cache emptied: 43869387 bytes
->Flash cache emptied: 4774 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 298837472 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1668054297 bytes

Total Files Cleaned = 2.267,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: woros
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

OTL by OldTimer - Version 3.2.55.0 log created on 07292012_134749

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Vielen Dank für deine Hilfe und sorry wegen des Spams, das war nicht so gewollt.

t'john 29.07.2012 14:07
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

javi 29.07.2012 16:51
Malwarebytes Anti Malware hat keine infizierten Objekte gefunden.
Hier die AdwCleaner txt Datei:

Vielen vielen Dank für den tollen Support!! :dankeschoen:

Zitat:
# AdwCleaner v1.703 - Logfile created 07/29/2012 at 17:50:16
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional (32 bits)
# User : woros - WOROS-THINK
# Running from : C:\Users\woros\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\woros\AppData\Local\AVG Secure Search
Folder Found : C:\Users\woros\AppData\LocalLow\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Search Toolbar
Folder Found : C:\Program Files\Common Files\AVG Secure Search
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\woros\AppData\Roaming\Mozilla\Firefox\Profiles\guueo61j.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\woros\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4797 octets] - [29/07/2012 17:50:16]

########## EOF - C:\AdwCleaner[R1].txt - [4925 octets] ##########

t'john 29.07.2012 18:22
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

t'john 14.08.2012 05:08
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131