| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus TR/ATRAPS.Gen2 + Virus TR/ATRAPS.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.08.2012, 18:04
| #1 |
| |  Virus TR/ATRAPS.Gen2 + Virus TR/ATRAPS.Gen leider habe ich keine ahnung von meinem computer und benutze ihn lediglich zum surfen im internet. seit eben habe ich immer wieder die meldung von antiivir das ich einen virus habe. ich habe diese 2 dateien auch schon mehrmals in quarantäne verschoben, doch es passiert immer wieder. habe hier auch schon mal ein wenig rumgestöbert, aber verstehe das alles nicht richtig, und habe angst irgendwas falsch zu machen. kann mir jemand helfen?  OTL.txt sagt das hier :OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.08.2012 19:23:44 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Dokumente und Einstellungen\User\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 70,99% Memory free 3,84 Gb Paging File | 3,32 Gb Available in Paging File | 86,58% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,88 Gb Total Space | 26,74 Gb Free Space | 47,85% Space Free | Partition Type: NTFS Drive D: | 4,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: NB428 | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.24 19:21:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe PRC - [2012.08.23 01:13:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 16:50:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 16:50:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 16:50:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.05.26 19:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.05.05 20:32:30 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe PRC - [2011.04.14 14:48:52 | 000,193,896 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2011.04.14 14:48:46 | 000,189,800 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe PRC - [2011.04.14 14:48:44 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe PRC - [2011.04.14 14:48:42 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2011.04.14 14:48:40 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2011.04.07 16:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2010.08.25 01:28:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE PRC - [2010.08.25 01:28:00 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2009.11.30 12:00:32 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.07.27 22:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.06.26 10:05:38 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.26 10:04:54 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll MOD - [2012.05.11 16:19:29 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll MOD - [2012.05.11 16:07:50 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll MOD - [2012.05.11 16:07:05 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll MOD - [2012.05.11 16:06:57 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.11 16:06:46 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.11 16:02:25 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2012.05.09 16:50:34 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.01.09 20:44:20 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.05.05 20:32:00 | 000,066,856 | ---- | M] () -- C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll MOD - [2011.04.14 12:39:46 | 000,086,016 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcWrpc.dll MOD - [2011.02.03 14:54:14 | 000,048,128 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll MOD - [2011.02.03 14:54:12 | 000,229,376 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll MOD - [2011.02.03 14:54:06 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll MOD - [2010.08.25 01:28:00 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll MOD - [2010.08.25 01:28:00 | 000,061,952 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL MOD - [2010.08.25 01:28:00 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe MOD - [2010.08.25 01:28:00 | 000,044,544 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.07.19 22:53:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.09 16:50:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 16:50:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.04.14 14:48:42 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2011.04.14 14:48:40 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2011.04.04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.08.25 01:28:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc) SRV - [2010.08.25 01:28:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2009.11.30 12:00:32 | 000,114,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Boot | Stopped] -- System32\DRIVERS\intelide.sys -- (IntelIde) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio) DRV - [2012.05.09 16:50:34 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 16:50:34 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.04.08 17:24:24 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2011.04.08 17:23:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2010.08.25 01:28:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD) DRV - [2010.08.25 01:28:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2010.06.16 14:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf) DRV - [2010.06.16 14:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2010.06.02 15:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2010.06.02 15:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2010.06.02 15:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2010.04.05 10:04:12 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.06 13:52:16 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) DRV - [2008.06.24 17:07:58 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) DRV - [2008.02.15 19:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.07.30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Gebrauchte Notebooks mit Garantie bei Todaysbest Computers! IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 22:53:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.07.16 09:29:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.10.21 14:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions [2011.10.21 14:48:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.07.22 11:25:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.07.22 13:06:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.07.19 22:53:30 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.27 01:49:59 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.27 01:49:59 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.27 01:49:59 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.27 01:49:59 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.27 01:49:59 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.27 01:49:59 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo ) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) O4 - HKLM..\Run: [PSQLLauncher] C:\Programme\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKCU..\Run: [SkypeM] C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe File not found O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{644125FC-9BD4-4545-B903-B4CA9A7F500C}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.01.04 10:28:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.24 19:21:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe [2012.08.24 18:30:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2012.08.24 17:48:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF6A000CFBBE00089D6E7B07D287 [2012.08.23 01:17:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.24 19:24:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.08.24 19:21:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe [2012.08.24 19:20:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Defogger.exe [2012.08.24 18:44:13 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2012.08.24 18:43:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.24 18:43:40 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.08.24 18:42:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.24 06:27:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.08.23 01:43:31 | 000,449,418 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.08.23 01:43:31 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.08.23 01:43:31 | 000,080,936 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.08.23 01:43:31 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.08.23 01:39:32 | 000,121,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.23 01:26:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.08.23 01:21:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.24 19:26:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\Installer\{7a86b63b-11eb-ab56-a975-09f8ccdd35f5}\U\800000cb.@ [2012.08.24 19:20:41 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Defogger.exe [2012.08.24 18:19:16 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{7a86b63b-11eb-ab56-a975-09f8ccdd35f5}\U\80000000.@ [2012.08.24 17:46:54 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Installer\{7a86b63b-11eb-ab56-a975-09f8ccdd35f5}\U\00000001.@ [2012.08.23 01:23:57 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.05.11 16:09:30 | 000,140,248 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.02.16 08:52:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.27 20:12:51 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.04 11:35:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2011.01.04 11:13:18 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2011.01.04 10:59:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.01.04 10:56:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2011.01.04 10:53:12 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2011.01.04 10:53:09 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2011.01.04 10:30:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.01.04 10:25:27 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.01.03 18:03:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.01.03 18:02:01 | 000,121,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.04.14 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{7a86b63b-11eb-ab56-a975-09f8ccdd35f5}\@ [2008.04.14 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\tobi\Lokale Einstellungen\Anwendungsdaten\{7a86b63b-11eb-ab56-a975-09f8ccdd35f5}\@ ========== LOP Check ========== [2012.08.24 17:49:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF6A000CFBBE00089D6E7B07D287 [2011.11.30 00:48:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Resolume Avenue 3 [2011.07.22 10:41:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB [2011.10.24 10:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\OpenOffice.org [2011.11.30 00:48:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Resolume [2012.08.24 18:44:13 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.08.2012 19:23:44 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Dokumente und Einstellungen\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 70,99% Memory free
3,84 Gb Paging File | 3,32 Gb Available in Paging File | 86,58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,88 Gb Total Space | 26,74 Gb Free Space | 47,85% Space Free | Partition Type: NTFS
Drive D: | 4,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: NB428 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"ie8" = Windows Internet Explorer 8
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"MESOL" = Intel(R) Active Management Technology Device Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel(R) Network Connections Drivers
"ShapeCollage" = Shape Collage
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 1.1.10
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.05.2012 03:47:03 | Computer Name = NB428 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 12.0.0.4493, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.05.2012 03:55:00 | Computer Name = NB428 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 23.05.2012 02:22:42 | Computer Name = NB428 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 24.05.2012 01:25:50 | Computer Name = NB428 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 26.05.2012 12:06:41 | Computer Name = NB428 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 26.05.2012 23:11:56 | Computer Name = NB428 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 29.05.2012 12:02:54 | Computer Name = NB428 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 30.05.2012 03:34:56 | Computer Name = NB428 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 30.05.2012 07:27:54 | Computer Name = NB428 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sol.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x000b1400.
Error - 04.06.2012 21:17:29 | Computer Name = NB428 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
[ System Events ]
Error - 24.08.2012 12:36:38 | Computer Name = NB428 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Ac
Profile Manager Service.
Error - 24.08.2012 12:36:38 | Computer Name = NB428 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Ac Profile Manager Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 24.08.2012 12:36:40 | Computer Name = NB428 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Access
Connections Main Service.
Error - 24.08.2012 12:36:40 | Computer Name = NB428 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Access Connections Main Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 24.08.2012 12:39:06 | Computer Name = NB428 | Source = DCOM | ID = 10010
Description = Der Server "{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 24.08.2012 12:40:53 | Computer Name = NB428 | Source = Service Control Manager | ID = 7034
Description = Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 24.08.2012 12:44:13 | Computer Name = NB428 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 24.08.2012 12:44:13 | Computer Name = NB428 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 24.08.2012 12:44:13 | Computer Name = NB428 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Ricoh xD-Picture Card Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 24.08.2012 12:44:13 | Computer Name = NB428 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
< End of report >
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-08-24 20:29:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060BH rev.00840028
Running: kg5mk2gf.exe; Driver: C:\DOKUME~1\User\LOKALE~1\Temp\kxtdqpob.sys
---- System - GMER 1.0.15 ----
SSDT BA7C02B4 ZwClose
SSDT BA7C026E ZwCreateKey
SSDT BA7C02BE ZwCreateSection
SSDT BA7C0264 ZwCreateThread
SSDT BA7C0273 ZwDeleteKey
SSDT BA7C027D ZwDeleteValueKey
SSDT BA7C02AF ZwDuplicateObject
SSDT BA7C0282 ZwLoadKey
SSDT BA7C0250 ZwOpenProcess
SSDT BA7C0255 ZwOpenThread
SSDT BA7C02D7 ZwQueryValueKey
SSDT BA7C028C ZwReplaceKey
SSDT BA7C02C8 ZwRequestWaitReplyPort
SSDT BA7C0287 ZwRestoreKey
SSDT BA7C02C3 ZwSetContextThread
SSDT BA7C02CD ZwSetSecurityObject
SSDT BA7C0278 ZwSetValueKey
SSDT BA7C02D2 ZwSystemDebugControl
SSDT BA7C025F ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000093 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000095 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1192] 0x45670000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cee067c3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cff26cd0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ffe6c8
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cee067c3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cff26cd0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26ffe6c8 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
seitdem ich das hier gepostet habe kommt noch viel mehr?! |
| Themen zu Virus TR/ATRAPS.Gen2 + Virus TR/ATRAPS.Gen |
| ahnung, angst, compu, computer, dateien, falsch, fontcache, google earth, immer wieder, inter, interne, keine ahnung, lenovo, mehrmals, meldung, plug-in, quarantäne, richtig, surfe, surfen, tr/atraps.gen, tr/atraps.gen2, verschoben, virus, wenig, windows internet |
Baum-Darstellung