Zurück   Trojaner-Board > Malware entfernen > Diskussionsforum

Diskussionsforum: 20 Tan Trojaner

Windows 7 Hier sind ausschließlich fachspezifische Diskussionen erwünscht. Bitte keine Log-Files, Hilferufe oder ähnliches posten. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Bereinigungen von nicht ausgebildeten Usern sind hier untersagt. Wenn du dir einen Virus doer Trojaner eingefangen hast, eröffne ein Thema in den Bereinigungsforen oben.

Antwort
Alt 08.10.2010, 19:33   #1
sambaloe
 
20 Tan Trojaner - Standard

20 Tan Trojaner



Hi Leute,

obigen Trojaner am Start. Würde diesen gerne entfernen um "sicherer" zu sein, denn ein paar Daten muss ich kopieren. Wie mache ich das am besten?

otl.txt
Code:
ATTFilter
OTL logfile created on: 08.10.2010 18:39:11 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = X:\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,69 Gb Total Space | 18,92 Gb Free Space | 37,33% Space Free | Partition Type: NTFS
Drive D: | 632,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 16,34 Gb Total Space | 8,21 Gb Free Space | 50,26% Space Free | Partition Type: NTFS
 
Computer Name: IBMT61
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - X:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Local\Temp\csrcyb.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Dexpot\dexpot.exe (Dexpot GbR)
PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Garmin\gStart.exe (GARMIN Corp.)
PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo)
 
 
========== Modules (SafeList) ==========
 
MOD - X:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (dsNcService) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 60 79 53 33 2A CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.17 10:31:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.08 14:35:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010.09.21 12:13:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
 
[2010.09.21 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.21 12:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010.09.21 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Sunbird\Profiles\bsv1y9fi.default\extensions
[2010.08.31 14:51:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.31 14:51:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.31 14:51:17 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[1999.12.31 17:00:00 | 000,163,608 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.07.14 00:04:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.14 00:04:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.14 00:04:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.14 00:04:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.14 00:04:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.08 17:43:46 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKCU..\Run: [cbssreg] C:\Users\***\AppData\Local\Temp\csrcyb.exe ()
O4 - HKCU..\Run: [Certdiag] C:\Benutzer\***\AppData\Local\Temp\BdeUtify.dll File not found
O4 - HKCU..\Run: [Dexpot] C:\Programme\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKCU..\Run: [gStart] C:\Programme\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe (Microsoft)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{285c3317-6650-11df-9e66-001e4cfc6e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{285c3317-6650-11df-9e66-001e4cfc6e6d}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{285c331e-6650-11df-9e66-001e4cfc6e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{285c331e-6650-11df-9e66-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{768436c6-b084-11df-b510-001e4cfc6e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{768436c6-b084-11df-b510-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{9271d55d-afbf-11df-a265-001e4cfc6e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{9271d55d-afbf-11df-a265-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{9271d560-afbf-11df-a265-001e4cfc6e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{9271d560-afbf-11df-a265-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{9fa0741a-cc8d-11df-aad1-001e4cfc6e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{9fa0741a-cc8d-11df-aad1-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{9fa0741e-cc8d-11df-aad1-001e4cfc6e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{9fa0741e-cc8d-11df-aad1-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{ba328865-cd39-11df-b9c9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ba328865-cd39-11df-b9c9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c1294254-9be9-11df-b014-001e4cfc6e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{c1294254-9be9-11df-b014-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c1294268-9be9-11df-b014-001e4cfc6e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{c1294268-9be9-11df-b014-001e4cfc6e6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.08 18:36:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.10.08 18:36:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.08 18:36:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.08 18:36:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.08 18:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.08 16:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010.10.08 16:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.10.08 16:25:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software
[2010.10.08 16:25:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010.10.08 16:25:11 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2010.10.08 16:25:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Simply Super Software
[2010.10.08 16:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010.10.08 16:14:14 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.10.08 16:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.10.08 14:27:46 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.10.08 14:27:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.10.08 14:26:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.10.08 14:26:23 | 000,000,000 | ---D | C] -- C:\Programme\Winamp
[2010.10.08 14:15:53 | 000,000,000 | ---D | C] -- C:\Programme\OpenSource Flash Video Splitter
[2010.10.08 12:30:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine Paletten
[2010.10.08 12:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2010.10.08 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Corel
[2010.10.08 12:09:52 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Corel
[2010.10.08 12:09:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Visual Studio 2008
[2010.10.08 12:07:35 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SDKs
[2010.10.08 12:07:33 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 9.0
[2010.10.08 12:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2010.10.08 11:59:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AA78CFB7-4675-44FD-917C-E942E525C8EA}
[2010.10.08 11:25:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Akamai
[2010.10.08 11:20:13 | 000,000,000 | ---D | C] -- C:\Programme\Paint.NET
[2010.10.08 11:19:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Paint.NET
[2010.10.08 11:11:29 | 000,000,000 | --SD | C] -- C:\Users\***\Documents\Meine Shapes
[2010.10.08 10:55:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.10.08 10:53:40 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.10.08 09:43:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2010.10.03 14:07:09 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71u.dll
[2010.10.03 14:07:09 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010.10.03 14:07:09 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010.10.03 14:07:07 | 000,000,000 | ---D | C] -- C:\Programme\Colasoft MAC Scanner 1.1
[2010.09.29 17:16:04 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010.09.29 13:50:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Gmail Notifier
[2010.09.29 13:50:23 | 000,000,000 | ---D | C] -- C:\Programme\Gmail Notifier
[2010.09.29 08:56:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.26 12:46:39 | 000,000,000 | ---D | C] -- C:\Programme\Hewlett-Packard
[2010.09.26 12:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010.09.26 12:45:53 | 000,326,656 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmml107.dll
[2010.09.26 12:45:53 | 000,275,968 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmja107.dll
[2010.09.26 12:45:53 | 000,243,712 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmpm081.dll
[2010.09.26 12:45:53 | 000,223,232 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmtp107.dll
[2010.09.26 12:45:53 | 000,179,200 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmpw081.dll
[2010.09.26 12:45:53 | 000,074,752 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppccompio.dll
[2010.09.26 12:45:53 | 000,049,252 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmnque.dll
[2010.09.26 12:45:53 | 000,049,250 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmnndps.dll
[2010.09.26 12:45:53 | 000,018,944 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hppmopjl.dll
[2010.09.26 12:45:52 | 000,275,456 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\System32\hpcpn107.dll
[2010.09.26 12:45:51 | 000,059,928 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\fxcompchannel.dll
[2010.09.21 16:33:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2010.09.21 16:33:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2010.09.21 16:33:27 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2010.09.21 12:13:35 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Sunbird
[2010.09.17 09:53:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.09.16 15:47:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2010.09.16 15:47:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2010.09.16 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.09.16 15:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.09.16 15:45:59 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.09.16 15:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.09.16 15:45:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2010.09.16 15:45:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.09.16 15:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.09.16 09:53:27 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.09.15 08:59:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\inkscape
[2010.09.14 09:17:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2010.09.10 18:13:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.09.10 18:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010.09.10 18:13:10 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2010.09.09 10:54:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.09.09 10:54:13 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails
[2010.09.09 10:51:55 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\gegl-0.0
[2010.09.09 10:51:55 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.6
[2010.09.09 10:50:57 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.08 18:40:10 | 000,844,288 | ---- | M] () -- C:\Windows\System32\drivers\mllgytu.sys
[2010.10.08 18:38:33 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.08 18:38:33 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.08 18:36:53 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.08 18:32:47 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.10.08 18:31:09 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.08 18:31:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.08 18:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.08 18:30:54 | 1577,816,064 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.08 17:03:26 | 003,006,894 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.10.08 17:02:04 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.08 16:56:37 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.08 16:56:37 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.08 16:56:37 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.08 16:56:37 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.08 16:56:36 | 001,498,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.08 16:25:21 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010.10.08 16:14:27 | 000,001,216 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2010.10.08 12:44:56 | 000,381,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.08 12:05:04 | 000,098,264 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.10.08 11:59:47 | 000,000,120 | ---- | M] () -- C:\Users\***\AppData\Local\Bhexugilidup.dat
[2010.10.08 11:59:47 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Local\Hgamaqifihuf.bin
[2010.10.08 11:58:01 | 000,000,139 | ---- | M] () -- C:\Users\***\AppData\Roaming\asdsada.bat
[2010.10.08 11:57:56 | 000,000,020 | ---- | M] () -- C:\Users\***\AppData\Roaming\cnmkat.dat
[2010.10.08 11:57:53 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\avdrn.dat
[2010.10.08 11:20:48 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.10.08 11:11:22 | 000,002,823 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Visio 2010.lnk
[2010.10.08 10:56:13 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010.10.08 10:37:31 | 000,016,030 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2010.10.08 09:41:30 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.09.29 13:50:24 | 000,001,081 | ---- | M] () -- C:\Users\***\Desktop\Gmail Notifier.lnk
[2010.09.26 17:04:25 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.09.26 12:46:37 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[2010.09.23 19:10:04 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010.09.21 16:33:33 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.09.21 12:13:41 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Sunbird.lnk
[2010.09.17 13:08:56 | 000,000,017 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2010.09.10 18:13:13 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.09.09 10:51:51 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.08 18:36:53 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.08 16:25:21 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010.10.08 16:25:17 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.10.08 16:25:17 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010.10.08 16:25:17 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.10.08 16:25:17 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010.10.08 16:14:27 | 000,001,216 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2010.10.08 11:59:47 | 000,000,120 | ---- | C] () -- C:\Users\***\AppData\Local\Bhexugilidup.dat
[2010.10.08 11:59:47 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Hgamaqifihuf.bin
[2010.10.08 11:58:20 | 000,844,288 | ---- | C] () -- C:\Windows\System32\drivers\mllgytu.sys
[2010.10.08 11:58:01 | 000,000,139 | ---- | C] () -- C:\Users\***\AppData\Roaming\asdsada.bat
[2010.10.08 11:57:55 | 000,000,020 | ---- | C] () -- C:\Users\***\AppData\Roaming\cnmkat.dat
[2010.10.08 11:57:53 | 000,000,004 | ---- | C] () -- C:\Users\***\AppData\Roaming\avdrn.dat
[2010.10.08 11:20:48 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.10.08 11:11:22 | 000,002,823 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Visio 2010.lnk
[2010.10.08 10:37:31 | 000,016,030 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010.10.08 09:41:30 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.09.29 13:50:24 | 000,001,081 | ---- | C] () -- C:\Users\***\Desktop\Gmail Notifier.lnk
[2010.09.26 17:04:25 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.09.26 12:46:37 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.09.21 16:33:33 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.09.21 12:13:41 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Sunbird.lnk
[2010.09.17 13:08:56 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2010.09.10 18:13:13 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.09.10 18:13:11 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.09.09 10:51:51 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010.08.24 22:45:59 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.06.03 20:54:47 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.06.03 19:33:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2010.06.03 19:33:36 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2010.05.13 14:00:00 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010.05.13 13:59:59 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010.05.13 13:59:59 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010.05.13 13:28:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 08.10.2010 18:39:11 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = X:\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,69 Gb Total Space | 18,92 Gb Free Space | 37,33% Space Free | Partition Type: NTFS
Drive D: | 632,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 16,34 Gb Total Space | 8,21 Gb Free Space | 50,26% Space Free | Partition Type: NTFS
 
Computer Name: IBMT61
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}" = Garmin Training Center
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{68C17A81-81E1-458C-8555-3131C4D7A8DF}" = Garmin MapSource
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{7D5E1317-71E3-41A9-8755-98F5EC92D510}" = ActivePerl 5.12.1 Build 1201
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86BBD345-0CE6-4AB1-8ADE-FB12D86EAB90}" = 32 Bit HP CIO Components Installer
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite DCP-8060
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{E5484836-E51C-4423-A663-12B9DDD50DE6}" = Garmin BaseCamp
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 9.16 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adolix Split and Merge PDF_is1" = Adolix Split and Merge PDF v2.0
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.8.1 Home Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gmail Notifier" = Gmail Notifier
"GTK2-Runtime" = GTK2-Runtime
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.8" = MiKTeX 2.8
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Notepad++" = Notepad++
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Pidgin" = Pidgin
"Power Management Driver" = ThinkPad Power Management Driver
"RarZilla Free Unrar" = RarZilla Free Unrar
"SumatraPDF" = SumatraPDF
"TeXnicCenter Alpha_is1" = TeXnicCenter Version 2.0 Alpha 3
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TrueCrypt" = TrueCrypt
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.4
"WinGimp-2.0_is1" = GIMP 2.6.10
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Juniper_Setup_Client" = Juniper Networks Setup Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.10.2010 06:41:51 | Computer Name = ibmT61 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CorelPP.exe, Version: 15.0.0.489,
 Zeitstempel: 0x4bbe0dc5  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0012d395  ID des fehlerhaften
 Prozesses: 0x11e4  Startzeit der fehlerhaften Anwendung: 0x01cb66d56a7bdf55  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\CorelPP.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: a8769b03-d2c8-11df-b931-001e4cfc6e6d
 
Error - 08.10.2010 06:42:20 | Computer Name = ibmT61 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CorelDRW.exe, Version: 15.0.0.489,
 Zeitstempel: 0x4bbe0ccb  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0012d395  ID des fehlerhaften
 Prozesses: 0x84c  Startzeit der fehlerhaften Anwendung: 0x01cb66d57b895b41  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\CorelDRW.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: b985ebb6-d2c8-11df-b931-001e4cfc6e6d
 
Error - 08.10.2010 06:45:14 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.10.2010 06:45:14 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.10.2010 06:45:45 | Computer Name = ibmT61 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CorelDRW.exe, Version: 15.0.0.489,
 Zeitstempel: 0x4bbe0ccb  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0012d395  ID des fehlerhaften
 Prozesses: 0xce4  Startzeit der fehlerhaften Anwendung: 0x01cb66d5eed407bb  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\CorelDRW.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 339ff0ad-d2c9-11df-9104-001e4cfc6e6d
 
Error - 08.10.2010 08:19:12 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.10.2010 08:19:12 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.10.2010 08:19:13 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.10.2010 12:31:12 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.10.2010 12:31:12 | Computer Name = ibmT61 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 08.10.2010 12:31:49 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolume3" den Befehl "chkdsk" aus.
 
Error - 08.10.2010 12:32:43 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 08.10.2010 12:32:43 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolume3" den Befehl "chkdsk" aus.
 
Error - 08.10.2010 12:32:43 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 08.10.2010 12:32:43 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 08.10.2010 12:32:43 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 08.10.2010 12:32:55 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 08.10.2010 12:32:55 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolume3" den Befehl "chkdsk" aus.
 
Error - 08.10.2010 12:33:35 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 08.10.2010 12:33:35 | Computer Name = ibmT61 | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
 
< End of report >
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4779

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.10.2010 19:43:53
mbam-log-2010-10-08 (19-43-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|X:\|)
Durchsuchte Objekte: 479828
Laufzeit: 1 Stunde(n), 3 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
C:\Users\***\AppData\Local\Temp\csrcyb.exe (Spyware.Passwords.XGen) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbssreg (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Local\Temp\csrcyb.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\gqtrbprh.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\cbsB09B.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\cbsB63E.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\~TMAB01.tmp (Trojan.DOwnloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe (Trojan.DOwnloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
         

Geändert von sambaloe (08.10.2010 um 19:45 Uhr)

Alt 08.10.2010, 21:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
20 Tan Trojaner - Standard

20 Tan Trojaner



Die Reihenfolge ist wichtig. Erst Malwarebytes dann OTL. Poste bitte neue OTL-Logs.
__________________

__________________

Antwort

Themen zu 20 Tan Trojaner
20 tan, 20 tan trojaner, 32 bit, adobe, akamai, alternate, analysis, antivir, autorun, avgntflt.sys, avira, bho, cdburnerxp, components, conhost.exe, corp./icp, defender, desktop, document, entfernen, error, excel.exe, explorer, firefox, firefox.exe, flash player, fontcache, format, install.exe, langs, lenovo, local\temp, location, logfile, microsoft office word, mozilla, nvstor.sys, object, oldtimer, otl logfile, otl.exe, port, programdata, registry, rundll, safer networking, saver, sched.exe, searchplugins, security, shell32.dll, spyware.passwords.xgen, staropen, start menu, studio, super, tan trojaner, taskhost.exe, temp, tracker, trojane, trojaner, usb, visual studio, webcheck, windows



Zum Thema 20 Tan Trojaner - Hi Leute, obigen Trojaner am Start. Würde diesen gerne entfernen um "sicherer" zu sein, denn ein paar Daten muss ich kopieren. Wie mache ich das am besten? otl.txt Code: Alles - 20 Tan Trojaner...
Archiv
Du betrachtest: 20 Tan Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.