Trojaner-Board - UKash/BKA Trojaner (auch hier angekommen)

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - UKash/BKA Trojaner (auch hier angekommen) (https://www.trojaner-board.de/98225-ukash-bka-trojaner-angekommen.html)

UKash/BKA Trojaner (auch hier angekommen)

Meine Schwester hat sich auch diesen seltsamen BKA Trojaner eingefangen. Bin nach der ANleitung hier vorgegangen und habe beim Test folgendes erhalten:

Code:

OTL logfile created on: 4/26/2011 9:14:39 PM - Run 

OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE

Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System

Internet Explorer (Version = 8.0.6001.19048)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 226.38 Gb Total Space | 86.00 Gb Free Space | 37.99% Space Free | Partition Type: NTFS

Drive D: | 222.90 Gb Total Space | 222.56 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Drive E: | 3.74 Gb Total Space | 3.59 Gb Free Space | 96.16% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/03/16 12:35:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/12/13 03:39:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/11/21 05:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2009/05/11 08:34:25 | 003,520,512 | ---- | M] () [Auto] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)

SRV - [2008/07/29 12:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008/07/20 12:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2008/07/19 09:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2008/06/02 04:25:40 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)

SRV - [2008/05/25 23:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)

SRV - [2008/04/30 14:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008/04/30 14:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/16 12:35:02 | 000,081,504 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)

SRV - [2007/12/10 23:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2007/12/06 11:15:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)

DRV - [2011/03/16 12:35:32 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/22 09:14:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/11/20 10:03:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/05/11 08:34:20 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)

DRV - [2008/12/05 06:24:00 | 007,538,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/09/24 17:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008/07/18 10:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})

DRV - [2008/05/26 05:54:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)

DRV - [2008/05/25 23:44:14 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)

DRV - [2008/05/19 12:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)

DRV - [2008/05/07 06:47:36 | 000,085,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008/04/27 18:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008/02/29 03:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2008/01/16 12:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)

DRV - [2007/12/18 11:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)

DRV - [2007/01/26 02:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2006/11/02 09:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=vp32&d=0509&m=aspire_6935

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=vp32&d=0509&m=aspire_6935

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=vp32&d=0509&m=aspire_6935

IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]

IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKU\besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\besitzer_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\besitzer_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\besitzer_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

IE - HKU\besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/16 04:43:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/21 08:35:38 | 000,000,000 | ---D | M]

 

[2010/11/14 04:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/27 01:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010/10/27 01:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2010/10/27 01:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010/10/27 01:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010/10/27 01:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKU\besitzer_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\besitzer_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)

O4 - HKU\besitzer_ON_C..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (gybbrzmjpit)

O4 - HKU\besitzer_ON_C..\Run: [EA Core]  File not found

O4 - HKU\besitzer_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O4 - HKU\besitzer_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()

O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKU\besitzer_ON_C Winlogon: Shell - (C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe) - C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe ()

O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/04/24 10:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5

[2011/04/24 10:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5

[2011/04/21 08:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2011/04/21 08:31:58 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Local\Microsoft Help

[2011/04/20 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar

[2011/04/20 14:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

[2011/04/16 15:45:58 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Roaming\PhotoScape

[2011/04/16 15:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape

[2011/04/16 15:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape

[2011/04/16 15:42:32 | 000,000,000 | ---D | C] -- C:\Users\besitzer\Desktop\Finnland

[2011/04/16 15:42:16 | 001,906,168 | ---- | C] (Iminent) -- C:\Users\besitzer\Desktop\IminentSetup_0-05vgkvWP_.exe

[2011/04/16 03:07:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011/04/16 03:07:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011/04/16 03:06:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011/04/16 03:06:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2011/04/16 03:06:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/04/16 03:06:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/04/16 03:06:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/04/16 03:06:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/04/16 03:06:24 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011/04/16 03:06:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/04/16 03:06:24 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011/04/16 03:06:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011/04/16 03:06:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011/04/16 03:06:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011/04/16 03:06:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011/04/16 03:06:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011/04/16 03:06:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/04/16 03:06:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011/04/16 03:06:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/04/16 03:06:12 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2011/04/16 03:06:11 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2011/04/16 03:06:08 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2011/04/16 03:06:07 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/04/16 03:06:05 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011/04/16 03:06:04 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011/04/05 07:54:13 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Local\CyberLink

[2011/04/05 07:54:06 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Local\SoftDMA

[2011/04/05 07:54:04 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Local\PlayMovie

[2011/04/05 07:53:55 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Local\Acer Arcade Deluxe

[2011/04/05 07:53:51 | 000,000,000 | ---D | C] -- C:\Users\besitzer\AppData\Roaming\CyberLink

[2009/01/10 19:36:50 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/04/26 13:32:53 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys

[2011/04/26 13:32:53 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2011/04/26 13:31:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/04/26 13:31:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/04/26 13:23:23 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011/04/26 13:23:23 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/04/26 13:23:23 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011/04/26 13:23:23 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/04/26 13:16:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2011/04/26 13:16:38 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/04/26 13:05:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/26 12:57:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/26 05:43:23 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011/04/26 03:28:30 | 000,002,673 | ---- | M] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2007.lnk

[2011/04/24 10:41:38 | 000,001,637 | ---- | M] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ICQ7.5.lnk

[2011/04/24 10:41:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5

[2011/04/22 11:28:23 | 000,002,673 | ---- | M] () -- C:\Users\besitzer\Desktop\Microsoft Office PowerPoint 2007.lnk

[2011/04/21 08:36:19 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2011/04/21 04:37:31 | 000,297,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/04/20 14:48:56 | 000,001,922 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk

[2011/04/18 15:55:31 | 000,030,720 | ---- | M] () -- C:\Users\besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/16 15:45:56 | 000,000,856 | ---- | M] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk

[2011/04/16 15:45:56 | 000,000,832 | ---- | M] () -- C:\Users\besitzer\Desktop\PhotoScape.lnk

[2011/04/16 15:45:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape

[2011/04/16 15:45:24 | 001,906,168 | ---- | M] (Iminent) -- C:\Users\besitzer\Desktop\IminentSetup_0-05vgkvWP_.exe

[2011/04/05 10:34:37 | 000,000,680 | ---- | M] () -- C:\Users\besitzer\AppData\Local\d3d9caps.dat

[2011/03/31 10:57:43 | 000,001,036 | ---- | M] () -- C:\Users\besitzer\Desktop\DVDVideoSoft Free Studio.lnk

[2011/03/31 10:57:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2011/03/31 10:57:36 | 000,001,195 | ---- | M] () -- C:\Users\besitzer\Desktop\Free YouTube to MP3 Converter.lnk

 
 ========== Files Created - No Company Name ==========

 

[2011/04/26 03:28:30 | 000,002,673 | ---- | C] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2007.lnk

[2011/04/24 10:41:38 | 000,001,637 | ---- | C] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ICQ7.5.lnk

[2011/04/21 08:48:06 | 000,002,673 | ---- | C] () -- C:\Users\besitzer\Desktop\Microsoft Office PowerPoint 2007.lnk

[2011/04/20 14:48:56 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk

[2011/04/16 15:45:56 | 000,000,856 | ---- | C] () -- C:\Users\besitzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk

[2011/04/16 15:45:56 | 000,000,832 | ---- | C] () -- C:\Users\besitzer\Desktop\PhotoScape.lnk

[2011/03/31 10:57:36 | 000,001,195 | ---- | C] () -- C:\Users\besitzer\Desktop\Free YouTube to MP3 Converter.lnk

[2011/02/24 16:25:28 | 000,002,112 | ---- | C] () -- C:\Users\besitzer\AppData\Roaming\wklnhst.dat

[2010/11/28 11:37:05 | 000,000,680 | ---- | C] () -- C:\Users\besitzer\AppData\Local\d3d9caps.dat

[2010/11/14 04:24:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/11/14 03:35:22 | 000,030,720 | ---- | C] () -- C:\Users\besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/05/11 12:55:24 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/05/11 12:40:01 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/05/11 08:36:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2009/05/11 08:36:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2009/05/11 08:36:02 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe

[2009/05/11 08:36:02 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini

[2009/05/11 08:34:45 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll

[2009/01/10 19:34:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2009/01/10 13:13:08 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll

[2009/01/10 13:13:08 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll

[2009/01/10 12:43:02 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll

[2009/01/10 12:22:30 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2009/01/10 12:22:30 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2009/01/10 12:22:30 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2009/01/10 12:20:35 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2009/01/10 11:17:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/01/10 11:17:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/01/21 03:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008/01/21 03:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007/11/14 10:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll

[2007/01/26 02:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys

[2006/11/02 08:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,297,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2001/12/26 11:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/03 18:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 11:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/23 17:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

 
 ========== LOP Check ==========

 

[2009/05/11 08:53:56 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Acer

[2009/01/10 12:58:59 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Acer GameZone Console

[2010/12/12 11:34:36 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\DVDVideoSoftIEHelpers

[2010/11/23 11:36:50 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Flood Light Games

[2010/11/23 11:34:28 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Go Go Gourmet

[2011/04/26 12:29:09 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\ICQ

[2011/04/16 16:14:30 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\PhotoScape

[2011/02/24 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Template

[2009/05/11 08:34:13 | 000,000,000 | ---D | M] -- C:\Users\besitzer\AppData\Roaming\Validity

[2009/01/10 12:58:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console

[2009/05/11 08:27:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2009/05/11 08:27:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente

[2010/12/11 07:21:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts

[2009/01/10 13:20:35 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi

[2009/05/11 08:27:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2010/11/23 11:36:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Flood Light Games

[2011/04/24 10:41:30 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ

[2009/01/10 12:24:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2009/05/11 08:27:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2010/11/23 11:48:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp

[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2009/05/11 08:27:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen

[2010/11/22 13:29:05 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/04/26 13:31:57 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:C99F6ECA

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A42A9F39

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:05113FB9

< End of report >

Ich hoffe hier kann mir jemand helfen.

Kann mir niemand helfen?

schon mal überlegt das du vllt nicht der einzige hier im forum bist? sei doch froh das du schon nach 13 stunden rund ne antwort bekommst, es kann auch gut und gern mal 2 tage dauern, wenn man sich ansieht wie viele leute hilfe benötigen und wie wenig helfer ihre freizeit für euch opfern.
würdest du regelmäßig updates machen, von deiner gesammten software, wäre dies hier überhaupt nicht passiert.

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:

:OTL

O20 - HKU\besitzer_ON_C Winlogon: Shell - (C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe)

- C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe ()

O4 - HKU\besitzer_ON_C..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (gybbrzmjpit)

:Files

C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F

C:\Recycle.Bin
 

:Commands

[purity]

[EMPTYFLASH] 

[emptytemp]

[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

Ich weiss. Es ist nur so das meine Schwester dringend an ihre Sachen muss.....

Zur Lösung:
Hab die fix.txt geladen und dannach ging gar nichts mehr. Ich konnte im Programm selber nichts mehr anklicken. Und den PC runterfahren konnte ich auch nicht. Fehler ist immer noch da.

und was hab ich geschrieben, wenn das laden der fix.txt nicht klappt, sollst du den fix eintippen. schon versucht?

Bei manueller Eingabe funktioniert zwar alles wie beschrieben, aber ich komm trotzdem nicht in Windows rein.

Im Log steht folgendes:

Code:

��Error: Unable to interpret <:OTL
 

O20 - HKU\besitzer_ON_C Winlogon: Shell - (C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe)
 

- C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe ()
 

O4 - HKU\besitzer_ON_C..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (gybbrzmjpit)
 

:Files
 

C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F
 

C:\Recycle.Bin
 
 
 

:Commands
 

[purity]
 

[EMPTYFLASH] 
 

[emptytemp]
 

[Reboot]
 

> in the current context!
 

 
 

OTLPE by OldTimer - Version 3.1.46.0 log created on 04272011_205145

wieso steht vor dem :OTL bei dir ein <?

Könnte es daran gelegen haben das ich alle Sachen in einer Zeil hatte?
Jetzt hat es nämlich geklappt:

Code:

========== OTL ==========

Registry value HKEY_USERS\besitzer_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F\calc[1].exe deleted successfully.

C:\Windows\System32\calc.exe moved successfully.

Registry value HKEY_USERS\besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 deleted successfully.

C:\Recycle.Bin\Recycle.Bin.exe moved successfully.

========== FILES ==========

C:\Users\besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L458J0F folder moved successfully.

C:\Recycle.Bin folder moved successfully.

File\Folder :Commands not found.

File\Folder [purity] not found.

File\Folder [EMPTYFLASH] not found.

File\Folder [emptytemp] not found.

File\Folder [Reboot] not found.

 

OTLPE by OldTimer - Version 3.1.46.0 log created on 04282011_034807

Ich danke dir vielmals!

na sicher liegts daran, denkst du ich schreibs untereinander aus spaß?
wo ist der upload um den ich gebeten hab, wir sind nicht fertig

macht deine schwester onlinebanking einkäufe oder so mit dem pc?

Nein, macht sie nicht.

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Code:

ComboFix 11-04-27.03 - besitzer 28.04.2011  17:13:16.1.2 - x86

MicrosoftÆ Windows Vistaô Home Premium   6.0.6001.1.1252.49.1031.18.3068.1986 [GMT 2:00]

ausgef¸hrt von:: c:\users\besitzer\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Acer\Acer Bio Protection\PwdFilter.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-28 bis 2011-04-28  ))))))))))))))))))))))))))))))

.

.

2011-04-28 15:59 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll

2011-04-28 00:51 . 2011-04-28 18:13        --------        d-----w-        C:\_OTL

2011-04-24 14:39 . 2011-04-24 14:42        --------        d-----w-        c:\program files\ICQ7.5

2011-04-24 11:11 . 2011-04-24 11:11        --------        d-----w-        c:\users\besitzer\dies das

2011-04-21 12:31 . 2011-04-21 12:31        --------        d-----w-        c:\users\besitzer\AppData\Local\Microsoft Help

2011-04-20 18:49 . 2011-04-20 18:49        --------        d-----w-        c:\program files\BabylonToolbar

2011-04-20 18:48 . 2011-04-20 18:48        --------        d-----w-        c:\program files\MSECache

2011-04-16 19:45 . 2011-04-16 20:14        --------        d-----w-        c:\users\besitzer\AppData\Roaming\PhotoScape

2011-04-16 19:45 . 2011-04-16 19:45        --------        d-----w-        c:\program files\PhotoScape

2011-04-16 07:07 . 2011-02-16 15:29        34304        ----a-w-        c:\windows\system32\atmlib.dll

2011-04-16 07:07 . 2011-02-16 13:24        292864        ----a-w-        c:\windows\system32\atmfd.dll

2011-04-16 07:07 . 2011-03-03 10:49        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2011-04-05 11:54 . 2011-04-05 11:54        --------        d-----w-        c:\users\besitzer\AppData\Local\CyberLink

2011-04-05 11:54 . 2011-04-05 11:54        --------        d-----w-        c:\users\besitzer\AppData\Local\SoftDMA

2011-04-05 11:54 . 2011-04-05 11:54        --------        d-----w-        c:\users\besitzer\AppData\Local\PlayMovie

2011-04-05 11:53 . 2011-04-05 11:53        --------        d-----w-        c:\users\besitzer\AppData\Local\Acer Arcade Deluxe

2011-04-05 11:53 . 2011-04-05 11:54        --------        d-----w-        c:\users\besitzer\AppData\Roaming\CyberLink

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-16 16:35 . 2010-11-20 14:06        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-03-03 14:56 . 2011-04-28 15:59        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll

2011-03-03 14:56 . 2011-04-28 15:59        459776        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2011-03-03 14:56 . 2011-04-28 15:59        541696        ----a-w-        c:\windows\apppatch\AcLayers.dll

2011-03-03 14:56 . 2011-04-28 15:59        2153984        ----a-w-        c:\windows\apppatch\AcGenral.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2010-04-27 09:08        2393184        ----a-w-        c:\program files\DVDVideoSoftTB\tbDVDV.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:52        121392        ----a-w-        c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-11 68856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-04-24 124216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-05 13601312]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-05 92704]

"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-05-11 3719680]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-16 809480]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-5-11 1216512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]

2009-05-11 12:34        3162624        ----a-w-        c:\program files\Acer\Acer Bio Protection\WinNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 135664]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-05-26 81704]

S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2009-05-11 43184]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]

S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]

S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]

S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]

S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2009-05-11 3520512]

S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]

S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]

S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-07-19 233472]

S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-05-26 599344]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]

S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber f¸r Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-24 45600]

S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-05-26 40752]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 20:52]

.

2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 20:52]

.

.

------- Zus‰tzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=vp32&d=0509&m=aspire_6935

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Free YouTube Download - c:\users\besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe

FF - ProfilePath - c:\users\besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\yp10yuhq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -

.

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

HKLM-Run-eRecoveryService - (no file)

.

.

.

**************************************************************************

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteintr‰ge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(1224)

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\rundll32.exe

c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Cyberlink\Shared files\RichVideo.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\wbem\unsecapp.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-04-28  18:05:15 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-04-28 16:04

.

Vor Suchlauf: 10 Verzeichnis(se), 91.874.787.328 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 92.648.394.752 Bytes frei

.

- - End Of File - - 13C861C9F6020FD28CE91DFFC2EEB4A1

download malwarebytes:
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6465
 

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19048
 

28.04.2011 21:59:25

mbam-log-2011-04-28 (21-59-25).txt
 

Art des Suchlaufs: Vollst‰ndiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 376242

Laufzeit: 1 Stunde(n), 36 Minute(n), 6 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschl¸ssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 112
 

Infizierte Speicherprozesse:

(Keine bˆsartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bˆsartigen Objekte gefunden)
 

Infizierte Registrierungsschl¸ssel:

(Keine bˆsartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bˆsartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bˆsartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bˆsartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\besitzer\Test\modern-wizard_1.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bg_layer_cp[1]_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\DSC00505.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\dsc00505_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\dsc00505_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\DSC00507.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\dsc00507_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\dsc00507_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\dsc00507_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\dsc00507_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\dsc00507_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\dsc00507_6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\dsc00507_7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\dscn9077_17.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\dscn9077_21.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\dscn9077_23.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0271_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\img_3453_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\BILD0783.JPG (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild0783_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild0783_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild0783_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild0783_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild0783_6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\tomasz ist 30 (47)_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\tomasz ist 30 (47)_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\tomasz ist 30 (47)_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\tomasz ist 30 (47)_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\l_0049fa4fd9394521bbc93238aeb02538.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\l_0049fa4fd9394521bbc93238aeb02538_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\l_0049fa4fd9394521bbc93238aeb02538_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\l_0049fa4fd9394521bbc93238aeb02538_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\BILD1628.JPG (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild1628_10.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild1628_15.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild1628_16.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild1628_19.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild1628_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild1628_9.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0750_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0750_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0750_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0750_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0750_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0750_6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0750_7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\[004886].gif (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\directional_45.gif (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bg_layer_cp[1]_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bg_layer_cp[1]_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bg_layer_cp[1]_7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bg_layer_cp[1]_8.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild1658_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0274_11.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\img_3453_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\img_3453_6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\img_3453_7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\img_3453_8.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\l_0049fa4fd9394521bbc93238aeb02538_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\CIMG0750.JPG (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\06cf805a22d7e5635eeecb898040a495_11.jpeg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\BILD2488.JPG (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild2488_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild2488_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild2488_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild2488_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild2488_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild2488_6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild2488_7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild2488_8.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\bild2488_9.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\tv_image_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\6-048ac74d06f502187c1ec3232a35c595.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\6-048ac74d06f502187c1ec3232a35c595_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\6-048ac74d06f502187c1ec3232a35c595_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\6-048ac74d06f502187c1ec3232a35c595_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\6-048ac74d06f502187c1ec3232a35c595_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\tomasz ist 30 (6).jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\tomasz ist 30 (6)_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\l_0049fa4fd9394521bbc93238aeb02538_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\wmp3c2a278e-8790-4531-b748-ed788c83cddc[1]..jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0251_6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0095_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0095_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0095_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\cimg0095_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\newsbg.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\newsbg_10.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\newsbg_11.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\newsbg_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\newsbg_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\newsbg_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\newsbg_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\newsbg_9.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\fb34e5ae4046007411edb53e4afe065e.jpeg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\fb34e5ae4046007411edb53e4afe065e_1.jpeg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\4b1eb3d7ba076053effffd82d9482ed4.jpeg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\thumb_2200.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\weiblich_13-17j;tile=1;sz=234x60;pos=1;u=pos=1,vpos=0,age=ig6,gen=w;ord=1280162952717[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\toco toucan.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\toco toucan_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\toco toucan_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\toco toucan_3.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\toco toucan_4.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\toco toucan_5.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\toco toucan_7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\45cad78309597538754e6b9551040053.jpeg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\img_3453_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\img_3453_12.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\Users\besitzer\Test\img_3453_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\_OTL\movedfiles\04282011_034807\c_recycle.bin\recycle.bin.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

c:\_OTL\movedfiles\04282011_034807\C_Users\besitzer\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\8L458J0F\calc[1].exe (Trojan.FakeMS.VGen) -> Quarantined and deleted successfully.