|
Diskussionsforum: 20 Tan TrojanerWindows 7 Hier sind ausschließlich fachspezifische Diskussionen erwünscht. Bitte keine Log-Files, Hilferufe oder ähnliches posten. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Bereinigungen von nicht ausgebildeten Usern sind hier untersagt. Wenn du dir einen Virus doer Trojaner eingefangen hast, eröffne ein Thema in den Bereinigungsforen oben. |
08.10.2010, 18:33 | #1 |
| 20 Tan Trojaner Hi Leute, obigen Trojaner am Start. Würde diesen gerne entfernen um "sicherer" zu sein, denn ein paar Daten muss ich kopieren. Wie mache ich das am besten? otl.txt Code:
ATTFilter OTL logfile created on: 08.10.2010 18:39:11 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = X:\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 50,69 Gb Total Space | 18,92 Gb Free Space | 37,33% Space Free | Partition Type: NTFS Drive D: | 632,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 16,34 Gb Total Space | 8,21 Gb Free Space | 50,26% Space Free | Partition Type: NTFS Computer Name: IBMT61 Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - X:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\***\AppData\Local\Temp\csrcyb.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Dexpot\dexpot.exe (Dexpot GbR) PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Garmin\gStart.exe (GARMIN Corp.) PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo) ========== Modules (SafeList) ========== MOD - X:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (dsNcService) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo) ========== Driver Services (SafeList) ========== DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 60 79 53 33 2A CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.17 10:31:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.08 14:35:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010.09.21 12:13:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010.09.21 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.21 12:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2010.09.21 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Sunbird\Profiles\bsv1y9fi.default\extensions [2010.08.31 14:51:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.31 14:51:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.08.31 14:51:17 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [1999.12.31 17:00:00 | 000,163,608 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2010.07.14 00:04:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.14 00:04:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.14 00:04:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.14 00:04:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.14 00:04:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.08 17:43:46 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKCU..\Run: [cbssreg] C:\Users\***\AppData\Local\Temp\csrcyb.exe () O4 - HKCU..\Run: [Certdiag] C:\Benutzer\***\AppData\Local\Temp\BdeUtify.dll File not found O4 - HKCU..\Run: [Dexpot] C:\Programme\Dexpot\dexpot.exe (Dexpot GbR) O4 - HKCU..\Run: [gStart] C:\Programme\Garmin\gStart.exe (GARMIN Corp.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe (Microsoft) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{285c3317-6650-11df-9e66-001e4cfc6e6d}\Shell - "" = AutoRun O33 - MountPoints2\{285c3317-6650-11df-9e66-001e4cfc6e6d}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{285c331e-6650-11df-9e66-001e4cfc6e6d}\Shell - "" = AutoRun O33 - MountPoints2\{285c331e-6650-11df-9e66-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{768436c6-b084-11df-b510-001e4cfc6e6d}\Shell - "" = AutoRun O33 - MountPoints2\{768436c6-b084-11df-b510-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{9271d55d-afbf-11df-a265-001e4cfc6e6d}\Shell - "" = AutoRun O33 - MountPoints2\{9271d55d-afbf-11df-a265-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{9271d560-afbf-11df-a265-001e4cfc6e6d}\Shell - "" = AutoRun O33 - MountPoints2\{9271d560-afbf-11df-a265-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{9fa0741a-cc8d-11df-aad1-001e4cfc6e6d}\Shell - "" = AutoRun O33 - MountPoints2\{9fa0741a-cc8d-11df-aad1-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{9fa0741e-cc8d-11df-aad1-001e4cfc6e6d}\Shell - "" = AutoRun O33 - MountPoints2\{9fa0741e-cc8d-11df-aad1-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{ba328865-cd39-11df-b9c9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ba328865-cd39-11df-b9c9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c1294254-9be9-11df-b014-001e4cfc6e6d}\Shell - "" = AutoRun O33 - MountPoints2\{c1294254-9be9-11df-b014-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c1294268-9be9-11df-b014-001e4cfc6e6d}\Shell - "" = AutoRun O33 - MountPoints2\{c1294268-9be9-11df-b014-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.08 18:36:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.10.08 18:36:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.08 18:36:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.08 18:36:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.08 18:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.08 16:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010.10.08 16:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.10.08 16:25:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software [2010.10.08 16:25:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2010.10.08 16:25:11 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2010.10.08 16:25:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Simply Super Software [2010.10.08 16:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2010.10.08 16:14:14 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.10.08 16:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.10.08 14:27:46 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2010.10.08 14:27:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.10.08 14:26:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2010.10.08 14:26:23 | 000,000,000 | ---D | C] -- C:\Programme\Winamp [2010.10.08 14:15:53 | 000,000,000 | ---D | C] -- C:\Programme\OpenSource Flash Video Splitter [2010.10.08 12:30:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine Paletten [2010.10.08 12:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2010.10.08 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Corel [2010.10.08 12:09:52 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Corel [2010.10.08 12:09:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Visual Studio 2008 [2010.10.08 12:07:35 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SDKs [2010.10.08 12:07:33 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 9.0 [2010.10.08 12:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2010.10.08 11:59:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AA78CFB7-4675-44FD-917C-E942E525C8EA} [2010.10.08 11:25:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Akamai [2010.10.08 11:20:13 | 000,000,000 | ---D | C] -- C:\Programme\Paint.NET [2010.10.08 11:19:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Paint.NET [2010.10.08 11:11:29 | 000,000,000 | --SD | C] -- C:\Users\***\Documents\Meine Shapes [2010.10.08 10:55:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER [2010.10.08 10:53:40 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services [2010.10.08 09:43:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2010.10.03 14:07:09 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71u.dll [2010.10.03 14:07:09 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll [2010.10.03 14:07:09 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll [2010.10.03 14:07:07 | 000,000,000 | ---D | C] -- C:\Programme\Colasoft MAC Scanner 1.1 [2010.09.29 17:16:04 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2010.09.29 13:50:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Gmail Notifier [2010.09.29 13:50:23 | 000,000,000 | ---D | C] -- C:\Programme\Gmail Notifier [2010.09.29 08:56:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.26 12:46:39 | 000,000,000 | ---D | C] -- C:\Programme\Hewlett-Packard [2010.09.26 12:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2010.09.26 12:45:53 | 000,326,656 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmml107.dll [2010.09.26 12:45:53 | 000,275,968 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmja107.dll [2010.09.26 12:45:53 | 000,243,712 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmpm081.dll [2010.09.26 12:45:53 | 000,223,232 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmtp107.dll [2010.09.26 12:45:53 | 000,179,200 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmpw081.dll [2010.09.26 12:45:53 | 000,074,752 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppccompio.dll [2010.09.26 12:45:53 | 000,049,252 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmnque.dll [2010.09.26 12:45:53 | 000,049,250 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmnndps.dll [2010.09.26 12:45:53 | 000,018,944 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hppmopjl.dll [2010.09.26 12:45:52 | 000,275,456 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\System32\hpcpn107.dll [2010.09.26 12:45:51 | 000,059,928 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\fxcompchannel.dll [2010.09.21 16:33:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera [2010.09.21 16:33:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera [2010.09.21 16:33:27 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2010.09.21 12:13:35 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Sunbird [2010.09.17 09:53:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2010.09.16 15:47:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer [2010.09.16 15:47:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2010.09.16 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010.09.16 15:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.09.16 15:45:59 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.09.16 15:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.09.16 15:45:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2010.09.16 15:45:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2010.09.16 15:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.09.16 09:53:27 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.09.15 08:59:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\inkscape [2010.09.14 09:17:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2010.09.10 18:13:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2010.09.10 18:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2010.09.10 18:13:10 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP [2010.09.09 10:54:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.09.09 10:54:13 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails [2010.09.09 10:51:55 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\gegl-0.0 [2010.09.09 10:51:55 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.6 [2010.09.09 10:50:57 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0 [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.08 18:40:10 | 000,844,288 | ---- | M] () -- C:\Windows\System32\drivers\mllgytu.sys [2010.10.08 18:38:33 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.08 18:38:33 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.08 18:36:53 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.08 18:32:47 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.10.08 18:31:09 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.08 18:31:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.08 18:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.08 18:30:54 | 1577,816,064 | -HS- | M] () -- C:\hiberfil.sys [2010.10.08 17:03:26 | 003,006,894 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.10.08 17:02:04 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.08 16:56:37 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.08 16:56:37 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.08 16:56:37 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.08 16:56:37 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.08 16:56:36 | 001,498,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.10.08 16:25:21 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010.10.08 16:14:27 | 000,001,216 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2010.10.08 12:44:56 | 000,381,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.08 12:05:04 | 000,098,264 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.10.08 11:59:47 | 000,000,120 | ---- | M] () -- C:\Users\***\AppData\Local\Bhexugilidup.dat [2010.10.08 11:59:47 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Local\Hgamaqifihuf.bin [2010.10.08 11:58:01 | 000,000,139 | ---- | M] () -- C:\Users\***\AppData\Roaming\asdsada.bat [2010.10.08 11:57:56 | 000,000,020 | ---- | M] () -- C:\Users\***\AppData\Roaming\cnmkat.dat [2010.10.08 11:57:53 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\avdrn.dat [2010.10.08 11:20:48 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2010.10.08 11:11:22 | 000,002,823 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Visio 2010.lnk [2010.10.08 10:56:13 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini [2010.10.08 10:37:31 | 000,016,030 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.10.08 09:41:30 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.09.29 13:50:24 | 000,001,081 | ---- | M] () -- C:\Users\***\Desktop\Gmail Notifier.lnk [2010.09.26 17:04:25 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.09.26 12:46:37 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI [2010.09.23 19:10:04 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.09.21 16:33:33 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.09.21 12:13:41 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Sunbird.lnk [2010.09.17 13:08:56 | 000,000,017 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2010.09.10 18:13:13 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2010.09.09 10:51:51 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.08 18:36:53 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.08 16:25:21 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010.10.08 16:25:17 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.10.08 16:25:17 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2010.10.08 16:25:17 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010.10.08 16:25:17 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2010.10.08 16:14:27 | 000,001,216 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2010.10.08 11:59:47 | 000,000,120 | ---- | C] () -- C:\Users\***\AppData\Local\Bhexugilidup.dat [2010.10.08 11:59:47 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Hgamaqifihuf.bin [2010.10.08 11:58:20 | 000,844,288 | ---- | C] () -- C:\Windows\System32\drivers\mllgytu.sys [2010.10.08 11:58:01 | 000,000,139 | ---- | C] () -- C:\Users\***\AppData\Roaming\asdsada.bat [2010.10.08 11:57:55 | 000,000,020 | ---- | C] () -- C:\Users\***\AppData\Roaming\cnmkat.dat [2010.10.08 11:57:53 | 000,000,004 | ---- | C] () -- C:\Users\***\AppData\Roaming\avdrn.dat [2010.10.08 11:20:48 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2010.10.08 11:11:22 | 000,002,823 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Visio 2010.lnk [2010.10.08 10:37:31 | 000,016,030 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.10.08 09:41:30 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.09.29 13:50:24 | 000,001,081 | ---- | C] () -- C:\Users\***\Desktop\Gmail Notifier.lnk [2010.09.26 17:04:25 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.09.26 12:46:37 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2010.09.21 16:33:33 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2010.09.21 12:13:41 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Sunbird.lnk [2010.09.17 13:08:56 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2010.09.10 18:13:13 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2010.09.10 18:13:11 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.09.09 10:51:51 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2010.08.24 22:45:59 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010.06.03 20:54:47 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.06.03 19:33:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2010.06.03 19:33:36 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2010.05.13 14:00:00 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2010.05.13 13:59:59 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2010.05.13 13:59:59 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2010.05.13 13:28:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.10.2010 18:39:11 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = X:\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 50,69 Gb Total Space | 18,92 Gb Free Space | 37,33% Space Free | Partition Type: NTFS Drive D: | 632,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 16,34 Gb Total Space | 8,21 Gb Free Space | 50,26% Space Free | Partition Type: NTFS Computer Name: IBMT61 Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}" = Garmin Training Center "{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{68C17A81-81E1-458C-8555-3131C4D7A8DF}" = Garmin MapSource "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{7D5E1317-71E3-41A9-8755-98F5EC92D510}" = ActivePerl 5.12.1 Build 1201 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86BBD345-0CE6-4AB1-8ADE-FB12D86EAB90}" = 32 Bit HP CIO Components Installer "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 "{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite DCP-8060 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater "{E5484836-E51C-4423-A663-12B9DDD50DE6}" = Garmin BaseCamp "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "7-Zip" = 7-Zip 9.16 beta "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adolix Split and Merge PDF_is1" = Adolix Split and Merge PDF v2.0 "Akamai" = Akamai NetSession Interface "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.8.1 Home Edition "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gmail Notifier" = Gmail Notifier "GTK2-Runtime" = GTK2-Runtime "HDMI" = Intel(R) Graphics Media Accelerator Driver "Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0 "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MatlabR2010b" = MATLAB R2010b "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MiKTeX 2.8" = MiKTeX 2.8 "Mobile Partner" = Mobile Partner "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Notepad++" = Notepad++ "Office14.VISIOR" = Microsoft Visio Professional 2010 "Pidgin" = Pidgin "Power Management Driver" = ThinkPad Power Management Driver "RarZilla Free Unrar" = RarZilla Free Unrar "SumatraPDF" = SumatraPDF "TeXnicCenter Alpha_is1" = TeXnicCenter Version 2.0 Alpha 3 "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "Trojan Remover_is1" = Trojan Remover 6.8.2 "TrueCrypt" = TrueCrypt "TVWiz" = Intel(R) TV Wizard "VLC media player" = VLC media player 1.1.4 "WinGimp-2.0_is1" = GIMP 2.6.10 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dexpot" = Dexpot "Juniper_Setup_Client" = Juniper Networks Setup Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 08.10.2010 06:41:51 | Computer Name = ibmT61 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CorelPP.exe, Version: 15.0.0.489, Zeitstempel: 0x4bbe0dc5 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0012d395 ID des fehlerhaften Prozesses: 0x11e4 Startzeit der fehlerhaften Anwendung: 0x01cb66d56a7bdf55 Pfad der fehlerhaften Anwendung: C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\CorelPP.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a8769b03-d2c8-11df-b931-001e4cfc6e6d Error - 08.10.2010 06:42:20 | Computer Name = ibmT61 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CorelDRW.exe, Version: 15.0.0.489, Zeitstempel: 0x4bbe0ccb Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0012d395 ID des fehlerhaften Prozesses: 0x84c Startzeit der fehlerhaften Anwendung: 0x01cb66d57b895b41 Pfad der fehlerhaften Anwendung: C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\CorelDRW.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: b985ebb6-d2c8-11df-b931-001e4cfc6e6d Error - 08.10.2010 06:45:14 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 08.10.2010 06:45:14 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 08.10.2010 06:45:45 | Computer Name = ibmT61 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CorelDRW.exe, Version: 15.0.0.489, Zeitstempel: 0x4bbe0ccb Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0012d395 ID des fehlerhaften Prozesses: 0xce4 Startzeit der fehlerhaften Anwendung: 0x01cb66d5eed407bb Pfad der fehlerhaften Anwendung: C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\CorelDRW.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 339ff0ad-d2c9-11df-9104-001e4cfc6e6d Error - 08.10.2010 08:19:12 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 08.10.2010 08:19:12 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 08.10.2010 08:19:13 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 08.10.2010 12:31:12 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 08.10.2010 12:31:12 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ System Events ] Error - 08.10.2010 12:31:49 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolume3" den Befehl "chkdsk" aus. Error - 08.10.2010 12:32:43 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Error - 08.10.2010 12:32:43 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolume3" den Befehl "chkdsk" aus. Error - 08.10.2010 12:32:43 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Error - 08.10.2010 12:32:43 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Error - 08.10.2010 12:32:43 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Error - 08.10.2010 12:32:55 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Error - 08.10.2010 12:32:55 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolume3" den Befehl "chkdsk" aus. Error - 08.10.2010 12:33:35 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Error - 08.10.2010 12:33:35 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. < End of report > Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4779 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 08.10.2010 19:43:53 mbam-log-2010-10-08 (19-43-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|X:\|) Durchsuchte Objekte: 479828 Laufzeit: 1 Stunde(n), 3 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 7 Infizierte Speicherprozesse: C:\Users\***\AppData\Local\Temp\csrcyb.exe (Spyware.Passwords.XGen) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbssreg (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\***\AppData\Local\Temp\csrcyb.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\gqtrbprh.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\cbsB09B.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\cbsB63E.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\~TMAB01.tmp (Trojan.DOwnloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe (Trojan.DOwnloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. Geändert von sambaloe (08.10.2010 um 18:45 Uhr) |
08.10.2010, 20:38 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 20 Tan Trojaner Die Reihenfolge ist wichtig. Erst Malwarebytes dann OTL. Poste bitte neue OTL-Logs.
__________________
__________________ |
Themen zu 20 Tan Trojaner |
20 tan, 20 tan trojaner, 32 bit, adobe, akamai, alternate, analysis, antivir, autorun, avgntflt.sys, avira, bho, cdburnerxp, components, conhost.exe, corp./icp, defender, desktop, document, entfernen, error, excel.exe, explorer, firefox, firefox.exe, flash player, fontcache, format, install.exe, langs, lenovo, local\temp, location, logfile, microsoft office word, mozilla, nvstor.sys, object, oldtimer, otl logfile, otl.exe, plug-in, port, programdata, registry, rundll, safer networking, saver, sched.exe, searchplugins, security, shell32.dll, spyware.passwords.xgen, staropen, start menu, studio, super, tan trojaner, taskhost.exe, temp, tracker, trojane, trojaner, usb, visual studio, webcheck, windows |