|
Log-Analyse und Auswertung: Antivir zeigt TR/ATRAPS.GEN; TR/ATRAPS.GEN2 und BDS/ZAccess.wka an.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.07.2012, 19:15 | #1 |
| Antivir zeigt TR/ATRAPS.GEN; TR/ATRAPS.GEN2 und BDS/ZAccess.wka an. Hallo! Leider habe ich mir anscheinend den TR/ATRAPS.GEN eingefangen. Mein Antivir zeigt seit gestern diesen Virus und den Virus TR/ATRAPS.GEN2 an. Ich habe versucht, nach dieser Anleitung vorzugehen: http://www.trojaner-board.de/119941-tr-atraps-gen.html scheiterte aber bereits an der Datensicherung mit PartedMagic, weil ich keine ISO Datei brennen konnte. Nun eröffne ich wie befohlen einen eigenen Threat! und poste euch meine Scan Ergebnisse. Der Scan ist zwischendrin kurz abgestürzt "Ohne Rückmeldung" während er unten anzeigte: Manual File Scan - Getting folder structure. Nach 20sekunden ging er wieder weiter..? Braucht ihr die defogger_disable auch? Der Defogger Scan war bei mir ohne Fehlermeldung erfolgreich. Danke für eure Hilfe! Ich hätte nichts dagegen neu zu formatieren, bzw. würde das sowieso gerne einmal fürs nächste Mal "lernen".., habe jedoch keine Windows CD und meine Daten nicht gesichert. Wie Ernst ist das mit dem Rootkit etc.? Soll ich meine Online-Banking Konten sperren? (Plus Neubantragung bei der Bank etc..??) und alle Passwörter ändern? Ist das dringend? Danke und viele Grüße! Facez P.S. Unnützerweise habe ich meinem Computer meinen namen (C://Users/***) gegeben. Das bedeutet ich muss unglaublich viel ersetzen. Um das zu verhindern, habe ich nach dem 1. Scan meinen in der regedit Datei geändert. Nach dieser Anleitung : hxxp://forum.chip.de/windows-7/windows-benutzer-namen-aendern-1499711.html -> 2. Antwort von MK1989 Danach habe ich den PC neugestartet. Nun sind : 1. die Desktopsymbole groß und 2. hat mir Antivir nun diesen Virus anezeigt: BDS/ZAccess.wka. Ich habe nochmal den OTL Scan gemacht. Der Name wurde jedoch nicht geändert. Wisst ihr wieso? Die Extras.txt wurde beim zweiten Mal nicht erstellt. Ohne, dass ich was geändert habe, wurde die Extra Registrierung beim 2. Scan ausgeschaltet. Daher nun die wieder aus dem Papierkorb hervogeholte Extras.Txt Viel Text ich weiß, danke trotzdem! LG P.P.S So und weil es kein Ende nimmt. Ich wollte die Dateien zippen. und hier: hxxp://filepony.de/download-7-zip/get-mirror-server.html 7Zip runterladen. Das hat aber erst beim 2. Mal geklappt. Das 1. Mal ging es nicht, "weil ein Ordner nicht geändert werden durfte". Jetzt ungezippt, für alle! Dies auch nur als Info, vielleicht hat es mit dem Virus zu tun. Kein Plan. OTL: OTL logfile created on: 31.07.2012 19:40:08 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\****\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 50,55% Memory free 5,93 Gb Paging File | 4,30 Gb Available in Paging File | 72,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 420,55 Gb Total Space | 211,31 Gb Free Space | 50,25% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 29,51 Gb Free Space | 97,55% Space Free | Partition Type: NTFS Computer Name: JUDGE | User Name: ****| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.31 19:00:34 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2012.07.20 19:59:18 | 000,830,048 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe PRC - [2012.07.20 19:59:17 | 001,147,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012.07.20 11:15:43 | 003,153,920 | ---- | M] (pdfforge hxxp://www.pdfforge.org/) -- C:\Program Files\PDFCreator\PDFCreator.exe PRC - [2012.07.18 16:12:04 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.07.15 19:20:04 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe PRC - [2012.05.16 17:31:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.16 17:31:44 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\avscan.exe PRC - [2012.05.16 17:31:44 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.16 17:31:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.16 17:31:44 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.21 16:08:42 | 000,213,376 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe PRC - [2011.10.21 16:08:34 | 000,724,352 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenBroker32.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.02.02 01:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\Open Office 3.2\OpenOffice.org 3\program\soffice.bin PRC - [2010.02.02 01:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\Open Office 3.2\OpenOffice.org 3\program\soffice.exe PRC - [2009.07.15 16:29:54 | 004,081,480 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe PRC - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\windows\System32\wbem\WMIADAP.EXE PRC - [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe PRC - [2009.07.01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe PRC - [2009.07.01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe PRC - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe PRC - [2009.06.25 11:46:08 | 005,064,520 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe PRC - [2009.06.04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.03.05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.07.20 19:59:18 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\SiteSafety.dll MOD - [2012.07.20 19:59:17 | 002,086,496 | ---- | M] () -- C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll MOD - [2012.07.20 19:59:17 | 001,147,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012.07.18 16:12:03 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.07.15 19:20:03 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll MOD - [2012.02.08 11:23:22 | 012,378,112 | ---- | M] () -- C:\Program Files\PDFCreator\GS9.05\gs9.05\Bin\gsdll32.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2010.02.24 13:22:58 | 000,970,752 | ---- | M] () -- C:\Program Files\Open Office 3.2\OpenOffice.org 3\program\libxml2.dll MOD - [2010.02.24 13:22:58 | 000,166,400 | ---- | M] () -- C:\Program Files\Open Office 3.2\OpenOffice.org 3\program\libxslt.dll MOD - [2009.07.01 18:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll MOD - [2008.12.20 05:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll MOD - [2008.12.20 05:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.07.20 19:59:18 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe -- (vToolbarUpdater12.1.3) SRV - [2012.07.18 16:12:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.16 17:31:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.16 17:31:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.21 16:08:42 | 000,213,376 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009.07.28 16:41:06 | 000,472,328 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV - [2009.07.28 16:41:04 | 000,414,984 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP) SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS) SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012.07.20 19:59:19 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012.05.16 17:31:45 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.16 17:31:45 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009.11.18 17:17:07 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm) DRV - [2009.07.30 11:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.28 23:09:38 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0) DRV - [2009.07.27 23:28:00 | 009,817,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror) DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2009.06.26 22:25:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.06.19 18:18:26 | 000,168,704 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi) DRV - [2009.06.15 04:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.05.19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2009.05.14 02:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) DRV - [2008.08.06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008.03.14 15:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={89DFC590-F4BE-4A31-91BB-5B84D7E86CE6}&mid=c3c773a8c4af47d0bc66d16f64334c90-3b6b74d07a37dc5326afc136cd7f02e0b2c76e37&lang=de&ds=od011&pr=sa&d=2012-07-20 19:59:19&v=12.1.0.20&sap=hp IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={89DFC590-F4BE-4A31-91BB-5B84D7E86CE6}&mid=c3c773a8c4af47d0bc66d16f64334c90-3b6b74d07a37dc5326afc136cd7f02e0b2c76e37&lang=de&ds=od011&pr=sa&d=2012-07-20 19:59:19&v=12.1.0.20&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.02 21:58:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.20\ [2012.07.20 19:59:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 16:12:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.02 21:58:48 | 000,000,000 | ---D | M] [2012.07.16 05:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2010.10.29 01:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.16 07:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\e14irdvz.default\extensions [2012.07.15 19:08:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\e14irdvz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.10.11 19:07:40 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\e14irdvz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.21 09:19:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\e14irdvz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.05.07 15:08:10 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\e14irdvz.default\extensions\engine@conduit.com [2010.10.23 16:43:28 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\e14irdvz.default\extensions\firefox@tvunetworks.com [2010.12.11 18:47:48 | 000,001,748 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\e14irdvz.default\searchplugins\leo-deu-fra.xml [2010.09.22 16:48:58 | 000,001,740 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\e14irdvz.default\searchplugins\leo-deu-spa.xml [2012.07.15 19:30:42 | 000,002,519 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\e14irdvz.default\searchplugins\Search_Results.xml [2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\e14irdvz.default\searchplugins\startsear.xml [2010.11.18 19:58:28 | 000,001,330 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\e14irdvz.default\searchplugins\wikipedia-en.xml [2010.08.19 23:28:29 | 000,002,057 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\e14irdvz.default\searchplugins\youtube-videosuche.xml [2012.07.16 05:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.03.25 12:55:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.18 16:12:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2011.10.06 20:59:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.20 19:59:17 | 000,003,752 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011.10.06 20:59:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.06 20:59:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.06 20:59:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.15 19:30:42 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2011.10.06 20:59:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.06 20:59:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.05.21 09:14:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [quifr] rundll32.exe ",CleanupGlobalTempFiles File not found O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe File not found O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [XSECVA] C:\Users\****\AppData\Roaming\xsecva\xsecva.exe -s File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Validator] C:\Users\****\AppData\Roaming\Google Inc.\{E7BA0C66-9F9D-4C84-9078-874B1CEEEFD5}\Validator.exe () O4 - Startup: C:\Users****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\Open Office 3.2\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2891B248-3FE2-45A1-95BC-6A8DA81DFF39}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76BF7434-AA30-44B3-956C-63FABD143142}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8310E72B-231D-4591-AEB8-1C3F26C5EE88}: DhcpNameServer = 10.205.65.68 10.205.65.68 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.31 19:00:34 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.07.30 20:09:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2012.07.30 20:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.07.30 20:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2012.07.30 20:08:18 | 005,307,840 | ---- | C] (Canneverbe Limited ) -- C:\Users****\Desktop\cdbxp_setup_4.4.1.3099.exe [2012.07.30 20:06:51 | 004,754,944 | ---- | C] (Geza Kovacs) -- C:\Users\****\Desktop\unetbootin-windows-568.exe [2012.07.29 21:59:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Help [2012.07.29 21:55:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\TeamViewer [2012.07.29 21:55:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Google Inc [2012.07.27 14:34:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.21 08:54:22 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Jobs [2012.07.20 19:59:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\AVG Secure Search [2012.07.20 19:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012.07.20 19:59:19 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys [2012.07.20 19:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012.07.20 19:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search [2012.07.20 19:59:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.07.20 11:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.07.20 11:15:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\pdfforge [2012.07.20 11:15:38 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\windows\System32\pdfcmon.dll [2012.07.20 11:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.07.20 10:41:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\OpenCandy [2012.07.20 10:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\gs [2012.07.20 10:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Ghostgum [2012.07.16 19:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.07.16 05:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.07.15 19:43:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\xsecva [2012.07.15 19:20:38 | 000,000,000 | ---D | C] -- C:\Users****\AppData\Local\Macromedia [1 C:\Users\****\Desktop\*.tmp files -> C:\Users****\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.31 19:42:32 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 19:42:32 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 19:41:02 | 000,708,696 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.07.31 19:41:02 | 000,661,084 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.07.31 19:41:02 | 000,149,482 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.07.31 19:41:02 | 000,126,024 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.07.31 19:37:49 | 000,000,132 | -H-- | M] () -- C:\Users\****\Desktop\.~lock.M.odt# [2012.07.31 19:34:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.31 19:34:16 | 2388,078,592 | -HS- | M] () -- C:\hiberfil.sys [2012.07.31 19:33:14 | 000,015,887 | ---- | M] () -- C:\Users****\Desktop\M.odt [2012.07.31 19:15:00 | 000,000,270 | ---- | M] () -- C:\windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2012.07.31 19:01:50 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2012.07.31 19:00:34 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.07.31 19:00:29 | 000,050,477 | ---- | M] () -- C:\Users****\Desktop\Defogger.exe [2012.07.30 20:09:28 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.07.30 20:08:21 | 005,307,840 | ---- | M] (Canneverbe Limited ) -- C:\Users\****\Desktop\cdbxp_setup_4.4.1.3099.exe [2012.07.30 20:07:01 | 004,754,944 | ---- | M] (Geza Kovacs) -- C:\Users\****\Desktop\unetbootin-windows-568.exe [2012.07.27 14:34:59 | 000,000,876 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012.07.20 19:59:19 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys [2012.07.20 11:21:55 | 000,009,024 | ---- | M] () -- C:\Users\****\Documents\CV ****.pdf [2012.07.20 11:15:42 | 000,001,841 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk [2012.07.20 10:38:51 | 000,011,074 | ---- | M] () -- C:\Users\****\gsview32.ini [2012.07.15 19:05:57 | 000,446,360 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.07.05 13:02:30 | 000,081,920 | ---- | M] (pdfforge GbR) -- C:\windows\System32\pdfcmon.dll [1 C:\Users\****\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.31 19:37:49 | 000,000,132 | -H-- | C] () -- C:\Users****\Desktop\.~lock.M.odt# [2012.07.31 19:01:50 | 000,000,000 | ---- | C] () -- C:\Users****\defogger_reenable [2012.07.31 19:00:28 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe [2012.07.30 20:09:28 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.07.30 20:09:28 | 000,001,805 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.07.30 20:06:54 | 000,019,968 | ---- | C] () -- C:\Users\****\AppData\Local\{8fd40329-d733-4712-6c32-c741c947e668}\U\800000cb.@ [2012.07.30 20:06:54 | 000,013,312 | ---- | C] () -- C:\Users\****\AppData\Local\{8fd40329-d733-4712-6c32-c741c947e668}\U\80000000.@ [2012.07.30 19:43:47 | 000,015,887 | ---- | C] () -- C:\Users\****\Desktop\M.odt [2012.07.30 08:40:41 | 000,001,712 | ---- | C] () -- C:\Users\****\AppData\Local\{8fd40329-d733-4712-6c32-c741c947e668}\U\00000001.@ [2012.07.20 11:21:55 | 000,009,024 | ---- | C] () -- C:\Users\****\Documents\CV ****.pdf [2012.07.20 11:15:42 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk [2012.07.20 10:33:17 | 000,011,074 | ---- | C] () -- C:\Users\****\gsview32.ini [2012.01.11 00:48:13 | 000,002,048 | -HS- | C] () -- C:\Users\****\AppData\Local\{8fd40329-d733-4712-6c32-c741c947e668}\@ [2011.12.24 04:10:36 | 000,007,047 | ---- | C] () -- C:\Users\****\.recently-used.xbel [2010.11.07 12:47:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.11.07 12:40:15 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys [2010.08.19 00:49:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2012.07.16 05:45:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon [2012.07.30 20:09:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2011.01.07 14:16:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox [2011.07.25 00:18:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2011.05.08 19:40:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.09 22:33:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EasyCapture [2011.11.10 14:03:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileOpen [2011.12.24 04:10:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0 [2012.07.20 11:15:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenCandy [2010.02.24 13:23:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org [2012.07.20 11:21:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\pdfforge [2012.02.13 22:47:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\redsn0w [2010.11.07 12:57:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Samsung [2012.07.29 22:47:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer [2010.10.29 01:54:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2012.07.18 00:24:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\xsecva [2012.07.31 19:15:00 | 000,000,270 | ---- | M] () -- C:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job [2012.06.02 06:13:58 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt.: ******OTL Extras logfile created on: 31.07.2012 19:02:46 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 57,68% Memory free 5,93 Gb Paging File | 4,46 Gb Available in Paging File | 75,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 420,55 Gb Total Space | 211,46 Gb Free Space | 50,28% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 29,51 Gb Free Space | 97,55% Space Free | Partition Type: NTFS Computer Name: JUDGE | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== [color=#E56717]========== File Associations ==========[/cMicolor] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05DBE27D-2599-44F6-85AC-8981BE95B8EB}" = rport=137 | protocol=17 | dir=out | app=system | "{0B288F6D-1FE2-403C-B0B2-691E6701E5A7}" = lport=445 | protocol=6 | dir=in | app=system | "{0B2E79A5-F369-476A-8DB0-DFDEB29596C1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{27506FDA-AB92-4C0F-AD8B-D1FDB76DD715}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{27EA8DF6-03A8-4528-9E90-A34EEBD382AF}" = rport=445 | protocol=6 | dir=out | app=system | "{33AB6564-DE43-4BDF-89A5-0D79D3236D49}" = lport=138 | protocol=17 | dir=in | app=system | "{3B29B661-091D-4089-BD00-E3E7CE4D0098}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3C327DF0-10E9-43C4-8810-70B271774062}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5E52FA62-A241-4952-AE58-B1A7706C733F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5FE7FD0D-6A10-4EC7-9676-644D6EC3627D}" = lport=137 | protocol=17 | dir=in | app=system | "{6BF53452-0E9C-4BD6-B6D7-767E9B589573}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{78D39AFE-6983-49A3-A637-940A51D5C3C7}" = rport=138 | protocol=17 | dir=out | app=system | "{8E24E6AA-4B51-452C-8999-D0FD3B1F0B96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9CC837D3-8621-42F4-8502-2443DE51D5DA}" = rport=139 | protocol=6 | dir=out | app=system | "{A379A26D-0E19-44CC-9E77-0C6A8AD316C3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B71EDFBC-8D54-4F30-862D-E0D749679C6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BF14A0B6-E856-4E46-9060-5461908FE65F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C1756725-7B10-4847-BC70-D91488031AC2}" = lport=139 | protocol=6 | dir=in | app=system | "{D01E4970-73BE-4FFE-828F-4E8CBAD5675D}" = rport=10243 | protocol=6 | dir=out | app=system | "{E0C87553-D262-4425-9CD0-D2CA534D2C31}" = lport=2869 | protocol=6 | dir=in | app=system | "{EA5960A9-0085-47C0-A870-2CA3D6690164}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ECF17A71-AE9C-402F-928F-4B9558F20185}" = lport=10243 | protocol=6 | dir=in | app=system | "{EFD409BF-728E-48A9-AF4A-5E8F63CC9EDA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DC009A3-76A0-47D1-96CC-63F60DF9B32D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0E5D4ABE-D34F-4736-B642-0379B29C00A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{15CC96A8-B0E6-4940-904B-C28F0557813B}" = dir=in | app=c:\windows\system32\igrssvcs.exe | "{1633BC72-FBAA-4D9E-A9C4-198F31A3E2A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1E70D5BF-9555-452F-9A7B-5FDBAA955CD4}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe | "{2F415655-87B0-4263-8CD2-34F470F97448}" = dir=out | app=c:\windows\system32\igrssvcs.exe | "{317D468E-E3A2-4E76-B14A-F7EA7C4E3A91}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe | "{33079563-E666-49A0-9529-AAC6F41E1798}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3637B458-30A1-4613-A8E3-7C8092E4625F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{50C19477-E217-47FB-BC2C-254D441C7997}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5338B95C-2064-4B08-9D01-E3E890F80321}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5ACE411C-B8AA-4E0E-A05C-4B6739A6764B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5BF69926-FFB2-43A8-8FA2-F353F9E4600B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{76FB73E1-2228-47F1-B3A0-D446945FFAF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{98B68BF8-B141-4538-B727-244DB8470B85}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe | "{9922FDF9-53E8-4356-8F1A-A48AE5BC640E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9E56BE10-F6BE-4847-9A12-915DBC2B9A0E}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe | "{A84FAE57-77AB-472D-A31C-107285C6C7E8}" = protocol=6 | dir=in | app=c:\program files\itunes.exe | "{AA0AF3EB-6500-4750-B0DD-718A2270FD58}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe | "{B9FCEFC8-03AB-4AC4-9F30-2654992ED2D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA32F621-8277-4EAA-898A-A49658D19DCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BEBD0943-EAEF-469A-B611-7765C48E9A16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C4128361-FB65-484D-9541-1546C986D740}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe | "{C5D33850-0CF7-49D6-BCE9-26D3A6E166F9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{C6AD396B-96E0-40BA-ACB3-F1B8B061F471}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe | "{CF5E858B-B30C-4288-AC16-A71685C7FFC2}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | "{D0CA0E5B-99DB-4C63-9505-ACF05FF6E507}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | "{D28715B6-EFD0-40B5-9D80-48007BED2A10}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe | "{DB0EDA7A-8FCC-4632-B10C-E7D832D94A8C}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | "{DDE62D8D-90C7-4C10-AB0D-A06AED756B90}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe | "{DE2C98C1-3327-40F2-B862-61485E6CD2E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E2C7CDF0-520D-4548-BC9C-2B2E6BE3CD5B}" = protocol=6 | dir=out | app=system | "{EAB2279D-D8F3-49A9-BB4C-ED6EA8EE4C62}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | "{FBB23516-EF13-468C-B429-E9BC1010B9E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{04C50E17-9929-4429-8B04-2879DF6DB44A}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{30E3C505-AAA8-466A-9DDB-69578FA59734}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{6DDFEAD5-FB29-4ABF-BBCB-28669602AD75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{90E86043-0FE5-4597-A7C0-2349163EBDB0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{B344DA90-78BE-48AF-8BF4-92C3DD435020}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{DE220C15-1F2F-4343-BE4F-34635BF3F4CC}C:\users\***\desktop\tinyumbrella-4.1.13.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\tinyumbrella-4.1.13.exe | "TCP Query User{E9F793E8-3C7D-4B92-8F81-7EEEE0DE0841}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{EC3B3253-1387-474A-86E2-7E321814368D}C:\users\***\desktop\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\starcraft_2_eu_en-gb.exe | "UDP Query User{86CC0B60-A8FA-4B30-BC30-3C22239E7439}C:\users\***\desktop\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\starcraft_2_eu_en-gb.exe | "UDP Query User{88C9D2FE-F3E4-488E-AADF-467103560F46}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{8D3AB615-4FE3-4A48-A8B5-D1ADC26F39AC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{8E11FB3A-2A26-44C1-B61E-E487D951F667}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{944BBD15-6D0E-4C78-BE90-24026209A790}C:\users\***\desktop\tinyumbrella-4.1.13.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\tinyumbrella-4.1.13.exe | "UDP Query User{AABBC725-DE4B-4560-A042-F8E51D3C97C7}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{ABAB2E5F-73BB-401F-A35B-24513B24FA7B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{B08DB811-EA16-41D4-AE00-2A31B6A9D442}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar "{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5 "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{E21115EF-2B96-44F2-83CB-6347E017AC5F}" = FileOpen Client "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera "AC3Filter" = AC3Filter (remove only) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG Secure Search" = AVG Security Toolbar "Avira AntiVir Desktop" = Avira Free Antivirus "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1 "CNXT_AUDIO_HDA" = Conexant HD Audio "DivX Setup" = DivX-Setup "EasyCapture4.0" = EasyCapture "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722 "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "Lenovo EasyCamera" = Lenovo EasyCamera "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "PROHYBRIDR" = 2007 Microsoft Office system "SopCast" = SopCast 3.2.9 "Uninstall_is1" = Uninstall 1.0.0.1 "Veetle TV" = Veetle TV "VLC media player" = VLC media player 2.0.1 "vShare.tv plugin" = vShare.tv plugin 1.3 "Windows Live Toolbar" = Windows Live Toolbar "WinRAR archiver" = WinRAR archiver ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30.07.2012 14:00:01 | Computer Name = Judge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 265748 Error - 30.07.2012 14:00:02 | Computer Name = Judge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 30.07.2012 14:00:02 | Computer Name = Judge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 266746 Error - 30.07.2012 14:00:02 | Computer Name = Judge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 266746 Error - 30.07.2012 14:00:03 | Computer Name = Judge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 30.07.2012 14:00:03 | Computer Name = Judge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 267807 Error - 30.07.2012 14:00:03 | Computer Name = Judge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 267807 Error - 30.07.2012 14:00:06 | Computer Name = Judge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 30.07.2012 14:00:06 | Computer Name = Judge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 270506 Error - 30.07.2012 14:00:06 | Computer Name = Judge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 270506 [ Media Center Events ] Error - 06.09.2010 05:28:50 | Computer Name = **** | Source = MCUpdate | ID = 0 Description = 11:28:49 - Fehler beim Herstellen der Internetverbindung. 11:28:50 - Serververbindung konnte nicht hergestellt werden.. Error - 06.09.2010 05:29:01 | Computer Name = **** | Source = MCUpdate | ID = 0 Description = 11:28:55 - Fehler beim Herstellen der Internetverbindung. 11:28:55 - Serververbindung konnte nicht hergestellt werden.. Error - 07.09.2010 06:02:46 | Computer Name = **** | Source = MCUpdate | ID = 0 Description = 12:02:46 - Fehler beim Herstellen der Internetverbindung. 12:02:46 - Serververbindung konnte nicht hergestellt werden.. Error - 07.09.2010 06:02:55 | Computer Name = **** | Source = MCUpdate | ID = 0 Description = 12:02:51 - Fehler beim Herstellen der Internetverbindung. 12:02:51 - Serververbindung konnte nicht hergestellt werden.. Error - 08.09.2010 04:37:21 | Computer Name = **** | Source = MCUpdate | ID = 0 Description = 10:37:21 - Fehler beim Herstellen der Internetverbindung. 10:37:21 - Serververbindung konnte nicht hergestellt werden.. Error - 08.09.2010 04:37:32 | Computer Name = **** | Source = MCUpdate | ID = 0 Description = 10:37:26 - Fehler beim Herstellen der Internetverbindung. 10:37:26 - Serververbindung konnte nicht hergestellt werden.. Error - 09.09.2010 04:32:51 | Computer Name = ****| Source = MCUpdate | ID = 0 Description = 10:32:51 - Fehler beim Herstellen der Internetverbindung. 10:32:51 - Serververbindung konnte nicht hergestellt werden.. Error - 09.09.2010 04:33:00 | Computer Name = ****| Source = MCUpdate | ID = 0 Description = 10:32:56 - Fehler beim Herstellen der Internetverbindung. 10:32:56 - Serververbindung konnte nicht hergestellt werden.. Error - 10.09.2010 04:32:52 | Computer Name = **** | Source = MCUpdate | ID = 0 Description = 10:32:52 - Fehler beim Herstellen der Internetverbindung. 10:32:52 - Serververbindung konnte nicht hergestellt werden.. Error - 10.09.2010 04:33:01 | Computer Name = **** | Source = MCUpdate | ID = 0 Description = 10:32:57 - Fehler beim Herstellen der Internetverbindung. 10:32:57 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 18.02.2010 16:27:35 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37800 seconds with 20220 seconds of active time. This session ended with a crash. Error - 19.02.2010 20:28:22 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7992 seconds with 1440 seconds of active time. This session ended with a crash. Error - 07.04.2010 14:06:57 | Computer Name =**** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22207 seconds with 0 seconds of active time. This session ended with a crash. Error - 07.11.2010 07:00:49 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 02.06.2012 05:27:45 | Computer Name = Judge | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 07.06.2012 10:48:13 | Computer Name = Judge | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?07.?06.?2012 um 14:34:08 unerwartet heruntergefahren. Error - 09.06.2012 05:41:46 | Computer Name = Judge | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?09.?06.?2012 um 02:46:49 unerwartet heruntergefahren. Error - 12.06.2012 07:14:43 | Computer Name = Judge | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?11.?06.?2012 um 22:54:37 unerwartet heruntergefahren. Error - 12.06.2012 09:04:52 | Computer Name = Judge | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?12.?06.?2012 um 14:10:34 unerwartet heruntergefahren. Error - 24.06.2012 20:36:03 | Computer Name = Judge | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?12.?06.?2012 um 23:16:43 unerwartet heruntergefahren. Error - 21.07.2012 09:08:53 | Computer Name = Judge | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?21.?07.?2012 um 15:07:16 unerwartet heruntergefahren. Error - 21.07.2012 13:24:08 | Computer Name = Judge | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?21.?07.?2012 um 19:22:15 unerwartet heruntergefahren. Error - 22.07.2012 05:32:13 | Computer Name = Judge | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?22.?07.?2012 um 00:29:06 unerwartet heruntergefahren. Error - 26.07.2012 06:48:34 | Computer Name = Judge | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?26.?07.?2012 um 09:38:04 unerwartet heruntergefahren. < End of report > |
01.08.2012, 07:46 | #2 | |||
/// Helfer-Team | Antivir zeigt TR/ATRAPS.GEN; TR/ATRAPS.GEN2 und BDS/ZAccess.wka an. Hallo und Herzlich Willkommen!
__________________Habe leider schlechte Nachricht für Dich, da hast Du Dir ein grausliches Tierchen eingefangen: Zitat:
- einen Backdoor mit Rootkitfunktionalität diese Malware verwendet Rootkit-Technologie und Backdoor-Routine *was sind Backdoors und Rootkits* Verhaltensweise: "speicherresident" Zitat:
Tipps & Rat: ➊ Datensicherung: ► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen - Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall! - Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren! -> Daten sichern mit Hilfe von http://www.trojaner-board.de/75619-a...x-live-cd.html *Was ist KNOPPIX* Knoppix extrem schnell (das Live-System startet in rund 30 Sekunden) und ist überaus stabil, besonders User die mit Linux keine Erfahrung haben tun sich mit Knoppix um einiges leichter da es äußerst einfach zu bedienen ist, alle Einstellungen werden automatisch erkannt und vorgenommen - Knoppix läuft ohne Probleme mit aktueller Hardware - und hat alle notwendigen Programme zur Datenrettung installiert, weiters ist es nicht so spartanisch aufgebaut wie etwa andere Rettungssysteme - so eignet sich Knoppix ohne weiteres um Linux und viel Linux-Software kennen zu lernen ohne Installation auf Festplatte. Ebenso bringt Knoppix viele Treiber standardmäßig mit. - Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...: - die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung Absolut empfehlenswerter Scanner: Zitat:
➋ -> Anleitung: Neuaufsetzen des Systems + Absicherung -> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7 ➌ Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) gruß kira
__________________ |
03.08.2012, 15:01 | #3 |
| Antivir zeigt TR/ATRAPS.GEN; TR/ATRAPS.GEN2 und BDS/ZAccess.wka an. Ok, dachte ich mir.
__________________Aber nun, wie kann ich ohne cd, ohne verfügbaren zweit pc windows 7 installieren? Ich habe es ja bereits drauf, müsste also irgendwo einen key haben oder? Vielen dank! Alles klar kleber auf dem laptop.. merci! Geändert von Facez (03.08.2012 um 15:14 Uhr) |
04.08.2012, 06:46 | #4 |
/// Helfer-Team | Antivir zeigt TR/ATRAPS.GEN; TR/ATRAPS.GEN2 und BDS/ZAccess.wka an. Die eigene Installations-CD ist leider nicht mehr Bestandteil des PC`s und Laptops... - Von welchem Hersteller ist dein PC / Notebook? - Mit Hilfe eine auf der Platte liegende Recovery (versteckte Partition auf der Platte) kannst "per Hand" das System in den Auslieferungszustand zurück versetzen. Musst nur eine belibige Taste drücken. Das erreichst über ALT + F? (hat jeder Hersteller die Tastaturangabe anders geregelt) - wie Du aus dem Handbuch der Herstellers entnehmen kannst, oder der technischer Support wenden. Ausserdem ist es möglich sich eine Recovery CD zu erstellen, die Dir hilft das System später neu aufzusetzen, oder zu Reparieren.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
05.08.2012, 23:00 | #5 |
| Antivir zeigt TR/ATRAPS.GEN; TR/ATRAPS.GEN2 und BDS/ZAccess.wka an. Ich habe ein Lenovo G550. "One Key Recovery" ist wohl das von dir gemeinte Programm: hxxp://forums.lenovo.com/t5/IdeaPad-Notebooks/lenovo-onekey-recovery-7-hilfe/ta-p/339839 Ich habe nun aber noch 2 Fragen: Da mein PC verseucht ist, kann ich momentan keine externe Festplatte anschließen um auf diese über Knoppix die zu sichernden Dateien zu übertragen, oder? Bzw. ich sollte sie erst online scannen lassen (wie von dir vorgschlagen) um sicher zu sein, dass der Virus nicht auf der ext. Festplatte ist. Muss das von einem sauberen System aus gemacht werden, oder kann ich das auch, über den infizierten Pc? Momentan bin ich wie hier im forum immer über den infizierten PC aktiv.. |
06.08.2012, 12:42 | #6 | ||
/// Helfer-Team | Antivir zeigt TR/ATRAPS.GEN; TR/ATRAPS.GEN2 und BDS/ZAccess.wka an.Zitat:
Zitat:
kannst deine Daten sichern, aber um sicher zu gehen mit mindestens 3 Online-Virenscanner prüfst
__________________ --> Antivir zeigt TR/ATRAPS.GEN; TR/ATRAPS.GEN2 und BDS/ZAccess.wka an. |
06.08.2012, 14:09 | #7 |
| Antivir zeigt TR/ATRAPS.GEN; TR/ATRAPS.GEN2 und BDS/ZAccess.wka an. Mhmh. Mir steht momentan nich wirklich ein pc zur verfügung. 1. Kann eine infizierte festplatte einem sauberen fremdpc schaden, wenn ich nur scanne? 2. Was tun, wenn ich keinen sauberen pc zur verf habe? Danke für die hilfe! |
09.08.2012, 07:40 | #8 | |||||
/// Helfer-Team | Antivir zeigt TR/ATRAPS.GEN; TR/ATRAPS.GEN2 und BDS/ZAccess.wka an.Zitat:
2. formatierst die Festplatte + Windows neu einrichten -> Anleitung: Neuaufsetzen des Systems + Absicherung -> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7 3. hast Du ein sauberes System 4. - die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung Absolut empfehlenswerter Scanner: Zitat:
Zitat:
deinstalliere: Zitat:
TDSSKiller von Kaspersky
3.
4. erneut einen Scan mit OTL:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (09.08.2012 um 07:54 Uhr) |
Themen zu Antivir zeigt TR/ATRAPS.GEN; TR/ATRAPS.GEN2 und BDS/ZAccess.wka an. |
antivir, avg secure search, avg security toolbar, avira, bho, bonjour, computer, conduit, converter, dringend, e-banking, error, excel, firefox, flash player, home, install.exe, lenovo, logfile, microsoft office 2003, mp3, office 2007, plug-in, realtek, rootkit, safer networking, scan, secure search, security, sekunden, software, svchost.exe, updates, usb 2.0, virus, vtoolbarupdater, windows, wlansvc, ändern |