Meine Schwester hat sich auch diesen seltsamen BKA Trojaner eingefangen. Bin nach der ANleitung hier vorgegangen und habe beim Test folgendes erhalten:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 4/26/2011 9:14:39 PM - Run 
OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.38 Gb Total Space | 86.00 Gb Free Space | 37.99% Space Free | Partition Type: NTFS
Drive D: | 222.90 Gb Total Space | 222.56 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 3.59 Gb Free Space | 96.16% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/03/16 12:35:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/13 03:39:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/21 05:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/05/11 08:34:25 | 003,520,512 | ---- | M] () [Auto] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008/07/29 12:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/20 12:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/07/19 09:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/06/02 04:25:40 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/05/25 23:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008/04/30 14:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 14:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 12:35:02 | 000,081,504 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/10 23:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/12/06 11:15:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/03/16 12:35:32 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 09:14:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 10:03:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/11 08:34:20 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/12/05 06:24:00 | 007,538,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/24 17:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/07/18 10:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/05/26 05:54:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2008/05/25 23:44:14 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008/05/19 12:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008/05/07 06:47:36 | 000,085,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/27 18:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/02/29 03:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/16 12:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/12/18 11:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007/01/26 02:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006/11/02 09:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=vp32&d=0509&m=aspire_6935
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=vp32&d=0509&m=aspire_6935
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=vp32&d=0509&m=aspire_6935
IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\besitzer_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\besitzer_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\besitzer_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/16 04:43:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/21 08:35:38 | 000,000,000 | ---D | M]
 
[2010/11/14 04:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 01:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/10/27 01:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/10/27 01:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/10/27 01:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/10/27 01:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\besitzer_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\besitzer_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\besitzer_ON_C..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (gybbrzmjpit)
O4 - HKU\besitzer_ON_C..\Run: [EA Core]  File not found
O4 - HKU\besitzer_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\besitzer_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\besitzer_ON_C Winlogon: Shell - (C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe) - C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe ()
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/24 10:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011/04/24 10:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5
[2011/04/21 08:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/04/21 08:31:58 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Local\Microsoft Help
[2011/04/20 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/04/20 14:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/04/16 15:45:58 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Roaming\PhotoScape
[2011/04/16 15:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2011/04/16 15:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2011/04/16 15:42:32 | 000,000,000 | ---D | C] -- C:\Users\besitzer\Desktop\Finnland
[2011/04/16 15:42:16 | 001,906,168 | ---- | C] (Iminent) -- C:\Users\besitzer\Desktop\IminentSetup_0-05vgkvWP_.exe
[2011/04/16 03:07:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/16 03:07:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/16 03:06:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/16 03:06:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/16 03:06:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/16 03:06:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/16 03:06:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/16 03:06:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/16 03:06:24 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/16 03:06:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/16 03:06:24 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/16 03:06:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/16 03:06:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/16 03:06:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/16 03:06:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/16 03:06:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/16 03:06:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/16 03:06:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/16 03:06:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/16 03:06:12 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/16 03:06:11 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/16 03:06:08 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/16 03:06:07 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/16 03:06:05 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/16 03:06:04 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/05 07:54:13 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Local\CyberLink
[2011/04/05 07:54:06 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Local\SoftDMA
[2011/04/05 07:54:04 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Local\PlayMovie
[2011/04/05 07:53:55 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Local\Acer Arcade Deluxe
[2011/04/05 07:53:51 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Roaming\CyberLink
[2009/01/10 19:36:50 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/26 13:32:53 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/26 13:32:53 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011/04/26 13:31:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/26 13:31:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/26 13:23:23 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/26 13:23:23 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/26 13:23:23 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/26 13:23:23 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/26 13:16:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/04/26 13:16:38 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/26 13:05:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/26 12:57:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/26 05:43:23 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/26 03:28:30 | 000,002,673 | ---- | M] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2007.lnk
[2011/04/24 10:41:38 | 000,001,637 | ---- | M] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ICQ7.5.lnk
[2011/04/24 10:41:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011/04/22 11:28:23 | 000,002,673 | ---- | M] () -- C:\Users\besitzer\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011/04/21 08:36:19 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/04/21 04:37:31 | 000,297,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/20 14:48:56 | 000,001,922 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2011/04/18 15:55:31 | 000,030,720 | ---- | M] () -- C:\Users\besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 15:45:56 | 000,000,856 | ---- | M] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2011/04/16 15:45:56 | 000,000,832 | ---- | M] () -- C:\Users\besitzer\Desktop\PhotoScape.lnk
[2011/04/16 15:45:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2011/04/16 15:45:24 | 001,906,168 | ---- | M] (Iminent) -- C:\Users\besitzer\Desktop\IminentSetup_0-05vgkvWP_.exe
[2011/04/05 10:34:37 | 000,000,680 | ---- | M] () -- C:\Users\besitzer\AppData\Local\d3d9caps.dat
[2011/03/31 10:57:43 | 000,001,036 | ---- | M] () -- C:\Users\besitzer\Desktop\DVDVideoSoft Free Studio.lnk
[2011/03/31 10:57:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/03/31 10:57:36 | 000,001,195 | ---- | M] () -- C:\Users\besitzer\Desktop\Free YouTube to MP3 Converter.lnk
 
========== Files Created - No Company Name ==========
 
[2011/04/26 03:28:30 | 000,002,673 | ---- | C] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2007.lnk
[2011/04/24 10:41:38 | 000,001,637 | ---- | C] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ICQ7.5.lnk
[2011/04/21 08:48:06 | 000,002,673 | ---- | C] () -- C:\Users\besitzer\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011/04/20 14:48:56 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2011/04/16 15:45:56 | 000,000,856 | ---- | C] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2011/04/16 15:45:56 | 000,000,832 | ---- | C] () -- C:\Users\besitzer\Desktop\PhotoScape.lnk
[2011/03/31 10:57:36 | 000,001,195 | ---- | C] () -- C:\Users\besitzer\Desktop\Free YouTube to MP3 Converter.lnk
[2011/02/24 16:25:28 | 000,002,112 | ---- | C] () -- C:\Users\besitzer\AppData\Roaming\wklnhst.dat
[2010/11/28 11:37:05 | 000,000,680 | ---- | C] () -- C:\Users\besitzer\AppData\Local\d3d9caps.dat
[2010/11/14 04:24:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/14 03:35:22 | 000,030,720 | ---- | C] () -- C:\Users\besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/11 12:55:24 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/11 12:40:01 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/11 08:36:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/05/11 08:36:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/05/11 08:36:02 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe
[2009/05/11 08:36:02 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/05/11 08:34:45 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2009/01/10 19:34:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/01/10 13:13:08 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009/01/10 13:13:08 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2009/01/10 12:43:02 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/10 12:22:30 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/01/10 12:22:30 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/01/10 12:22:30 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/01/10 12:20:35 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/01/10 11:17:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/01/10 11:17:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/01/21 03:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/11/14 10:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007/01/26 02:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006/11/02 08:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,297,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 11:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 18:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 11:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 17:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009/05/11 08:53:56 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Acer
[2009/01/10 12:58:59 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Acer GameZone Console
[2010/12/12 11:34:36 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/11/23 11:36:50 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Flood Light Games
[2010/11/23 11:34:28 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Go Go Gourmet
[2011/04/26 12:29:09 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\ICQ
[2011/04/16 16:14:30 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\PhotoScape
[2011/02/24 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Template
[2009/05/11 08:34:13 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Validity
[2009/01/10 12:58:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console
[2009/05/11 08:27:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/05/11 08:27:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/12/11 07:21:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/01/10 13:20:35 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2009/05/11 08:27:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/11/23 11:36:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Flood Light Games
[2011/04/24 10:41:30 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009/01/10 12:24:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/05/11 08:27:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/11/23 11:48:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/05/11 08:27:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/11/22 13:29:05 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/26 13:31:57 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:C99F6ECA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:05113FB9
< End of report >
         

Ich hoffe hier kann mir jemand helfen.

Kann mir niemand helfen?

schon mal überlegt das du vllt nicht der einzige hier im forum bist? sei doch froh das du schon nach 13 stunden rund ne antwort bekommst, es kann auch gut und gern mal 2 tage dauern, wenn man sich ansieht wie viele leute hilfe benötigen und wie wenig helfer ihre freizeit für euch opfern.
würdest du regelmäßig updates machen, von deiner gesammten software, wäre dies hier überhaupt nicht passiert.

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O20 - HKU\besitzer_ON_C Winlogon: Shell - (C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe)
- C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe ()
O4 - HKU\besitzer_ON_C..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (gybbrzmjpit)
:Files
C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F
C:\Recycle.Bin

:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

Ich weiss. Es ist nur so das meine Schwester dringend an ihre Sachen muss.....

Zur Lösung:
Hab die fix.txt geladen und dannach ging gar nichts mehr. Ich konnte im Programm selber nichts mehr anklicken. Und den PC runterfahren konnte ich auch nicht. Fehler ist immer noch da.

und was hab ich geschrieben, wenn das laden der fix.txt nicht klappt, sollst du den fix eintippen. schon versucht?

Bei manueller Eingabe funktioniert zwar alles wie beschrieben, aber ich komm trotzdem nicht in Windows rein.

Im Log steht folgendes:

Code: Alles auswählenAufklappen

ATTFilter

��Error: Unable to interpret <:OTL

O20 - HKU\besitzer_ON_C Winlogon: Shell - (C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe)

- C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe ()

O4 - HKU\besitzer_ON_C..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (gybbrzmjpit)

:Files

C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F

C:\Recycle.Bin



:Commands

[purity]

[EMPTYFLASH] 

[emptytemp]

[Reboot]

> in the current context!

 

OTLPE by OldTimer - Version 3.1.46.0 log created on 04272011_205145
         

wieso steht vor dem :OTL bei dir ein <?

Könnte es daran gelegen haben das ich alle Sachen in einer Zeil hatte?
Jetzt hat es nämlich geklappt:

Code: Alles auswählenAufklappen

ATTFilter

========== OTL ==========
Registry value HKEY_USERS\besitzer_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe deleted successfully.
C:\Windows\System32\calc.exe moved successfully.
Registry value HKEY_USERS\besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 deleted successfully.
C:\Recycle.Bin\Recycle.Bin.exe moved successfully.
========== FILES ==========
C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F folder moved successfully.
C:\Recycle.Bin folder moved successfully.
File\Folder :Commands not found.
File\Folder [purity] not found.
File\Folder [EMPTYFLASH] not found.
File\Folder [emptytemp] not found.
File\Folder [Reboot] not found.
 
OTLPE by OldTimer - Version 3.1.46.0 log created on 04282011_034807
         

Ich danke dir vielmals!

na sicher liegts daran, denkst du ich schreibs untereinander aus spaß?
wo ist der upload um den ich gebeten hab, wir sind nicht fertig

macht deine schwester onlinebanking einkäufe oder so mit dem pc?

Nein, macht sie nicht.

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-04-27.03 - besitzer 28.04.2011  17:13:16.1.2 - x86
MicrosoftÆ Windows Vistaô Home Premium   6.0.6001.1.1252.49.1031.18.3068.1986 [GMT 2:00]
ausgef¸hrt von:: c:\users\besitzer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-28 bis 2011-04-28  ))))))))))))))))))))))))))))))
.
.
2011-04-28 15:59 . 2011-03-03 14:56	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-28 00:51 . 2011-04-28 18:13	--------	d-----w-	C:\_OTL
2011-04-24 14:39 . 2011-04-24 14:42	--------	d-----w-	c:\program files\ICQ7.5
2011-04-24 11:11 . 2011-04-24 11:11	--------	d-----w-	c:\users\besitzer\dies das
2011-04-21 12:31 . 2011-04-21 12:31	--------	d-----w-	c:\users\besitzer\AppData\Local\Microsoft Help
2011-04-20 18:49 . 2011-04-20 18:49	--------	d-----w-	c:\program files\BabylonToolbar
2011-04-20 18:48 . 2011-04-20 18:48	--------	d-----w-	c:\program files\MSECache
2011-04-16 19:45 . 2011-04-16 20:14	--------	d-----w-	c:\users\besitzer\AppData\Roaming\PhotoScape
2011-04-16 19:45 . 2011-04-16 19:45	--------	d-----w-	c:\program files\PhotoScape
2011-04-16 07:07 . 2011-02-16 15:29	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-04-16 07:07 . 2011-02-16 13:24	292864	----a-w-	c:\windows\system32\atmfd.dll
2011-04-16 07:07 . 2011-03-03 10:49	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-05 11:54 . 2011-04-05 11:54	--------	d-----w-	c:\users\besitzer\AppData\Local\CyberLink
2011-04-05 11:54 . 2011-04-05 11:54	--------	d-----w-	c:\users\besitzer\AppData\Local\SoftDMA
2011-04-05 11:54 . 2011-04-05 11:54	--------	d-----w-	c:\users\besitzer\AppData\Local\PlayMovie
2011-04-05 11:53 . 2011-04-05 11:53	--------	d-----w-	c:\users\besitzer\AppData\Local\Acer Arcade Deluxe
2011-04-05 11:53 . 2011-04-05 11:54	--------	d-----w-	c:\users\besitzer\AppData\Roaming\CyberLink
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 16:35 . 2010-11-20 14:06	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-03 14:56 . 2011-04-28 15:59	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-28 15:59	459776	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-28 15:59	541696	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-28 15:59	2153984	----a-w-	c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08	2393184	----a-w-	c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-11 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-04-24 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-05 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-05 92704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-05-11 3719680]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-16 809480]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-5-11 1216512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-05-11 12:34	3162624	----a-w-	c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-05-26 81704]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2009-05-11 43184]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2009-05-11 3520512]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-07-19 233472]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-05-26 599344]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber f¸r Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-24 45600]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-05-26 40752]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 20:52]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 20:52]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=vp32&d=0509&m=aspire_6935
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube Download - c:\users\besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\yp10yuhq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-eRecoveryService - (no file)
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteintr‰ge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1224)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-28  18:05:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-28 16:04
.
Vor Suchlauf: 10 Verzeichnis(se), 91.874.787.328 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 92.648.394.752 Bytes frei
.
- - End Of File - - 13C861C9F6020FD28CE91DFFC2EEB4A1
         

download malwarebytes:
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6465

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

28.04.2011 21:59:25
mbam-log-2011-04-28 (21-59-25).txt

Art des Suchlaufs: Vollst‰ndiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 376242
Laufzeit: 1 Stunde(n), 36 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschl¸ssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 112

Infizierte Speicherprozesse:
(Keine bˆsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bˆsartigen Objekte gefunden)

Infizierte Registrierungsschl¸ssel:
(Keine bˆsartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bˆsartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bˆsartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bˆsartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\besitzer\Test\modern-wizard_1.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bg_layer_cp[1]_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\DSC00505.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\dsc00505_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\dsc00505_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\DSC00507.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\dsc00507_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\dsc00507_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\dsc00507_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\dsc00507_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\dsc00507_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\dsc00507_6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\dsc00507_7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\dscn9077_17.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\dscn9077_21.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\dscn9077_23.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0271_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\img_3453_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\BILD0783.JPG (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild0783_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild0783_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild0783_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild0783_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild0783_6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\tomasz ist 30 (47)_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\tomasz ist 30 (47)_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\tomasz ist 30 (47)_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\tomasz ist 30 (47)_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\l_0049fa4fd9394521bbc93238aeb02538.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\l_0049fa4fd9394521bbc93238aeb02538_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\l_0049fa4fd9394521bbc93238aeb02538_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\l_0049fa4fd9394521bbc93238aeb02538_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\BILD1628.JPG (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild1628_10.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild1628_15.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild1628_16.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild1628_19.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild1628_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild1628_9.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0750_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0750_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0750_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0750_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0750_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0750_6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0750_7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\[004886].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\directional_45.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bg_layer_cp[1]_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bg_layer_cp[1]_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bg_layer_cp[1]_7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bg_layer_cp[1]_8.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild1658_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0274_11.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\img_3453_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\img_3453_6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\img_3453_7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\img_3453_8.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\l_0049fa4fd9394521bbc93238aeb02538_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\CIMG0750.JPG (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\06cf805a22d7e5635eeecb898040a495_11.jpeg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\BILD2488.JPG (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild2488_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild2488_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild2488_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild2488_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild2488_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild2488_6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild2488_7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild2488_8.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\bild2488_9.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\tv_image_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\6-048ac74d06f502187c1ec3232a35c595.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\6-048ac74d06f502187c1ec3232a35c595_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\6-048ac74d06f502187c1ec3232a35c595_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\6-048ac74d06f502187c1ec3232a35c595_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\6-048ac74d06f502187c1ec3232a35c595_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\tomasz ist 30 (6).jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\tomasz ist 30 (6)_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\l_0049fa4fd9394521bbc93238aeb02538_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\wmp3c2a278e-8790-4531-b748-ed788c83cddc[1]..jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0251_6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0095_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0095_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0095_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\cimg0095_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\newsbg.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\newsbg_10.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\newsbg_11.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\newsbg_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\newsbg_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\newsbg_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\newsbg_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\newsbg_9.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\fb34e5ae4046007411edb53e4afe065e.jpeg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\fb34e5ae4046007411edb53e4afe065e_1.jpeg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\4b1eb3d7ba076053effffd82d9482ed4.jpeg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\thumb_2200.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\weiblich_13-17j;tile=1;sz=234x60;pos=1;u=pos=1,vpos=0,age=ig6,gen=w;ord=1280162952717[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\toco toucan.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\toco toucan_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\toco toucan_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\toco toucan_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\toco toucan_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\toco toucan_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\toco toucan_7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\45cad78309597538754e6b9551040053.jpeg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\img_3453_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\img_3453_12.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\Users\besitzer\Test\img_3453_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\04282011_034807\c_recycle.bin\recycle.bin.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\04282011_034807\C_Users\besitzer\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\8L458J0F\calc[1].exe (Trojan.FakeMS.VGen) -> Quarantined and deleted successfully.