Trojaner-Board - BKA Trojaner Log

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - BKA Trojaner Log (https://www.trojaner-board.de/100053-bka-trojaner-log.html)

BKA Trojaner Log

Soll den Laptop von einer Freundin wieder herrichten.
Also: Sie hat sich wohl den BKA Trojaner eingefangen und nachdem ich mich im Board schlau gemacht hab hab ich den Scan von OTLPE laufen lassen nachfolgend das Log. Bitte um Hilfe bzw um den fix.txt und vllt eine knappe Erklärung was zu tun ist.
Hier das Log von OTLPE!

Code:

OTL logfile created on: 6/7/2011 4:41:56 PM - Run 

OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE

Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System

Internet Explorer (Version = 8.0.6001.19048)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 268.79 Gb Total Space | 148.58 Gb Free Space | 55.28% Space Free | Partition Type: NTFS

Drive E: | 29.28 Gb Total Space | 14.51 Gb Free Space | 49.55% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/05/16 08:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/04/29 15:35:08 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/03/16 07:24:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/03/05 12:54:50 | 000,311,296 | ---- | M] () [Auto] -- C:\Windows\System32\Rezip.exe -- (Rezip)

SRV - [2009/02/11 11:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2008/10/29 10:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007/07/24 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)

DRV - [2011/04/29 06:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)

DRV - [2011/04/29 06:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2011/03/16 07:24:04 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/24 11:59:12 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/09/11 10:56:03 | 000,009,336 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\WinIo.sys -- (WINIO)

DRV - [2009/06/17 05:17:28 | 000,041,984 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)

DRV - [2009/05/25 02:50:44 | 000,164,864 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/05/08 16:58:00 | 007,551,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/05/08 13:02:48 | 000,498,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)

DRV - [2009/05/01 04:13:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2009/04/10 15:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/12/29 12:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Katinka_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

IE - HKU\Katinka_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lokalisten.de/hxxp://www.gmx.de/ [binary data]

IE - HKU\Katinka_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/

IE - HKU\Katinka_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\Katinka_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Katinka_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

 

FF - HKLM\software\mozilla\Firefox\Extensions\\Hotbar@Hotbar.com: C:\Program Files\Hotbar\bin\11.0.78.0\firefox\extensions

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 07:02:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/29 06:04:14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/03 14:37:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2010/10/04 04:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katinka\AppData\Roaming\Mozilla\Extensions

[2010/10/04 04:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katinka\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/06/05 07:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katinka\AppData\Roaming\Mozilla\Firefox\Profiles\yj3k3qs2.default\extensions

[2010/04/27 12:12:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katinka\AppData\Roaming\Mozilla\Firefox\Profiles\yj3k3qs2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/01/10 13:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/10 13:19:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2011/04/06 17:37:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011/04/06 17:37:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2011/04/06 17:37:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011/04/06 17:37:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011/04/06 17:37:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Hotbar) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -  File not found

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Hotbar) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()

O4 - HKLM..\Run: [snp2uvc]  File not found

O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()

O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKU\Katinka_ON_C..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O4 - HKU\Katinka_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\Katinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found

O4 - Startup: C:\Users\Katinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WkCalRem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKU\Katinka_ON_C Winlogon: Shell - (C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe) - C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe (BitDefender)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\autoexec.bat -- [ FAT32 ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{32ca5246-f193-11de-b57e-001f16218b2e}\Shell\AutoRun\command - "" = G:\MasterControl_Resources.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/06/05 05:28:38 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2011/06/05 05:14:48 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2011/06/05 05:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

[2011/06/05 05:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2011/06/05 05:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2011/06/02 07:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011/05/31 15:09:25 | 000,000,000 | ---D | C] -- C:\Users\Katinka\Documents\Podcasts

[2011/05/29 07:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator

[2011/05/29 07:15:51 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX

[2011/05/29 07:15:51 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX

[2011/05/29 07:15:49 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL

[2011/05/29 07:15:49 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL

[2011/05/29 07:15:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL

[2011/05/29 07:15:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL

[2011/05/29 07:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator

[2011/05/24 13:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras

[2011/05/24 13:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2011/05/24 13:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2011/05/24 01:16:19 | 000,000,000 | ---D | C] -- C:\Users\Katinka\Documents\Verschiedenes

[2009/06/10 09:00:53 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2009/06/10 09:00:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

[1 C:\Users\Katinka\Documents\*.tmp files -> C:\Users\Katinka\Documents\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/06/06 21:07:56 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2011/06/06 21:07:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/06/06 19:59:22 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011/06/06 19:59:22 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/06/06 19:59:22 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011/06/06 19:59:22 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/06/06 19:54:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{14BD630B-2A9A-4BA4-A186-85029409AEC5}.job

[2011/06/06 19:53:38 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011/06/06 19:53:12 | 000,063,359 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/06/06 19:51:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/06/06 19:50:58 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/06/06 19:50:58 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/06/05 16:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/06/05 05:28:38 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2011/06/05 05:28:34 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe

[2011/06/05 05:14:52 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011/06/05 05:14:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

[2011/06/03 06:45:42 | 000,007,592 | ---- | M] () -- C:\Users\Katinka\AppData\Local\d3d9caps.dat

[2011/06/02 07:15:36 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011/06/02 07:15:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011/06/02 07:08:44 | 020,533,281 | ---- | M] () -- C:\Users\Katinka\Documents\vlc-1.1.9-win32.exe

[2011/06/02 06:17:31 | 000,000,969 | ---- | M] () -- C:\Users\Katinka\Desktop\Dropbox.lnk

[2011/06/02 06:17:31 | 000,000,949 | ---- | M] () -- C:\Users\Katinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011/05/29 07:15:54 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk

[2011/05/29 07:15:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator

[2011/05/29 06:04:14 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2011/05/29 06:04:14 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2011/05/27 02:02:43 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2011/05/24 13:40:30 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/05/24 13:40:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[1 C:\Users\Katinka\Documents\*.tmp files -> C:\Users\Katinka\Documents\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011/06/05 17:07:24 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2011/06/05 16:04:54 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe

[2011/06/05 05:14:52 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011/06/02 07:15:36 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011/06/02 07:01:03 | 020,533,281 | ---- | C] () -- C:\Users\Katinka\Documents\vlc-1.1.9-win32.exe

[2011/05/29 07:15:54 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk

[2011/05/29 07:15:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2011/05/24 13:40:30 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/01/30 05:50:58 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ4809N.DAT

[2010/10/21 12:34:03 | 000,000,071 | ---- | C] () -- C:\Windows\UF.INI

[2010/10/21 12:07:40 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI

[2010/02/10 12:26:39 | 000,007,592 | ---- | C] () -- C:\Users\Katinka\AppData\Local\d3d9caps.dat

[2010/01/26 05:33:39 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010/01/15 15:06:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/01/02 13:48:31 | 000,000,099 | ---- | C] () -- C:\Users\Katinka\AppData\default.pls

[2009/12/30 07:43:14 | 000,063,359 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/12/30 07:43:14 | 000,063,359 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/11/29 15:01:05 | 000,019,456 | ---- | C] () -- C:\Users\Katinka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/14 14:39:24 | 000,180,008 | ---- | C] () -- C:\Windows\SETUP1.EXE

[2009/09/11 10:56:03 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys

[2009/09/11 06:21:17 | 000,000,688 | ---- | C] () -- C:\Users\Katinka\AppData\Roaming\wklnhst.dat

[2009/06/10 10:18:19 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll

[2009/06/10 09:00:53 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2009/06/10 09:00:53 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe

[2009/06/10 09:00:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2009/06/10 09:00:52 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2009/06/10 08:58:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe

[2009/06/10 08:49:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2009/06/10 08:38:31 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat

[2009/06/09 14:24:37 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009/06/09 14:24:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009/06/09 14:24:37 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009/06/09 14:24:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009/06/09 04:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/06/09 04:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/06/09 04:34:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,413,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

 
 ========== LOP Check ==========

 

[2011/06/04 14:54:04 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\Dropbox

[2010/03/29 03:28:37 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\Facebook

[2009/11/08 11:37:29 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\ICQ

[2009/10/04 06:44:43 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\Template

[2010/10/04 04:27:53 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\Thunderbird

[2009/11/10 15:01:10 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\WeatherDPA

[2009/11/10 15:01:11 | 000,000,000 | ---D | M] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente

[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2009/11/10 15:02:15 | 000,000,000 | ---D | M] -- C:\ProgramData\HotbarSA

[2009/06/10 10:18:19 | 000,000,000 | ---D | M] -- C:\ProgramData\LKG

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2009/06/10 16:20:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp

[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen

[2010/01/05 11:14:50 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch

[2010/06/08 17:15:19 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/06/10 11:22:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}

[2011/06/06 21:07:56 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2011/06/05 17:14:08 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/06/06 19:54:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{14BD630B-2A9A-4BA4-A186-85029409AEC5}.job

 
 ========== Purity Check ==========

 

 

< End of report >

machen wir doch glatt
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:

:OTL

O20 - HKU\Katinka_ON_C Winlogon: Shell - (C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe) - C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe

(BitDefender)

:Files

C:\Users\Katinka\AppData\Local\Temp

:Commands

[purity]

[EMPTYFLASH] 

[emptytemp]

[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

Zitat:

Zitat von markusg (Beitrag 669041)

...
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
...

Habe den Post trotz benutzen der Suchfunktion und durchforsten deiner ganzen Beiträge leider nicht gefunden. Wäre nett wenn du ihn verlinken könntest, da ich lieber gleich alles richtig mache anstatt später festzustellen das ich etwas falsch gemacht habe.

sorry, hätte das anpassen müssen, du musst die otl cd starten wie am anfang, nur dass du keinen scan lädst sondern den fix ausführst

Also habe den Fix durchgeführt und es kam kein automatischer neustart dafür wurde die Datei geöffnet, die im movedFiles Ordner war/ist deshalb lade ich sie hoch wie beschrieben.
Habe versucht manuell neuzustarten, leider immernoch der BKA Screen.
Was vielleicht noch zu erwähnen ist ich musste den Fix manuell eingeben und konnte die Text-datei nich laden da ein Shell-Fehler auftrat, als ich versuchte einen anderen Pfad auszuwählen. (Access violation at address 7CA0C936 in module 'shell32.dll'. Read of address 00000006.)

EDIT: Datei sollte hochgeladen sein.

EDIT2: Bin wohl eine Zeile verrutscht und habe den scan als fix.txt benutzt -.-, heißt die hochgeladenen Dateien bis jetzt sollten auch notzlos sein. Melde mich nochmal wenn alles richtig durchgeführt wurde.

Soo.. der Fix lief und Windows lässt sich wieder normal starten, leider scheint meine Freundin nie ihren temporären Ordner gelöscht zu haben heißt die Datei die ich hochladen werde umfasst 955 Megabyte gezippt! Die otl.txt wurde leider nicht geöffnet aber da sich diese wohl im Ordner _OTL befindet gehe ich einach mal davon aus das es diese hier ist (06072011_210458.txt):

Code:

========== OTL ==========

Registry value HKEY_USERS\Katinka_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe deleted successfully.

C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe moved successfully.

========== FILES ==========

C:\Users\Katinka\AppData\Local\Temp\{db9dc632-2bc9-4671-b409-0257bcc0eef2} folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\{7782BCFB-B024-4C7D-A72B-DCE76020B1F5}\{60DE4033-9503-48D1-A483-7846BD217CA9} folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\{7782BCFB-B024-4C7D-A72B-DCE76020B1F5} folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\{3bc7a8c2-945c-45ce-82e0-c261525f5073} folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\{01c1360c-68be-4b83-bbdd-ae09e4af76d6} folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\WPDNSE folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Word8.0 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Windows Live Toolbar folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\VBE folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5\XUHEDJ9H folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5\LFXGMZ4E folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5\H5YUIW63 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5\G7ON2C7J folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temp4_Probestipendium.zip folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temp3_Probestipendium.zip folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temp2_Probestipendium.zip folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temp1_sob_bd1_kap1_kol1_abb2_23_a_with_legend_singledownload.zip folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temp1_sob_bd1_kap1_kol1_abb2_23_a_with_legend_singledownload-1.zip folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temp1_Probestipendium[1].zip folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temp1_Probestipendium.zip folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temp1_lk_2009.zip folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temp1_Literaturverzeichnis night[1].zip folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temp1_Abiball.zip folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Temp1_63-termitrainer_12.zip folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\TCD1ADF.tmp folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\rb\3416 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\rb folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-9 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-8 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-7 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-6 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-5 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-4 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-3 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-2 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-14 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-13 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-12 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-11 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-10 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp-1 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\plugtmp folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Picasa3\Picasa filecheck folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Picasa3 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\PDFCreator\PDFCreatorSpool folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\PDFCreator folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Outlook-Protokoll folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\outlook logging folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\OneNoteRuntimeCache\OneNoteRuntimeCache_Files folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\OneNoteRuntimeCache folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\OIS\temp folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\OIS\cacheFiles folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\OIS folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\nro.log\log folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\nro.log folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\msohtmlclip1\01 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\msohtmlclip1 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\msohtmlclip folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\MessengerCache\Sounds folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\MessengerCache folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\SnameMenu folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\GIF folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\Windows Live Toolbar folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\Low folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\ImageUploader_Temp folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\hsperfdata_Katinka folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\Google Toolbar folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\Cab97A0 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\Adobe\Acrobat\9.0 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\Adobe\Acrobat folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low\Adobe folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Low folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\hsperfdata_Katinka folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\History\History.IE5 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\History folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Google Toolbar folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\DWDD38D.tmp folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Cookies folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\comtypes_cache\Dropbox-25 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\comtypes_cache folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\CDM folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\AVSETUP_4b6ef529 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Audible Device Images folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Adobe\Acrobat\9.0 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Adobe\Acrobat folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\Adobe folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\AAWInstallerTemp folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\951E.dir folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\8FD1.dir folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\871A.dir folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\1123223700001664rcpxylrqc2 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\1123223600001664utg2h2xl9d folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\11232236000016642jibvk0sg0 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\1123223500001664ox2fhr6iw8 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\1123223500001664ezva8ote5l folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\1123223500001664ejdkfjur90 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\1123223500001664898a5k3e2p folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\1123223400001664roey4ufd4d folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\1123223400001664msztx54skn folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\1123223400001664bs7u757dzh folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\0127202500000348mvbhbta59d folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\012720250000034884s4a5w5yk folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\0127202300000348ywq413k4cy folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\0127202300000348x48iq90ml8 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\0127202300000348judr5s3bh2 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\0127202200000348zbh0jeo60a folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\012720220000034806r9i9xc01 folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\0127202100000348mjbg7pop1k folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\0127202100000348mdbvmgz9ek folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\01272021000003483aqrylp18x folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp\012720210000034815ch1tc0jx folder moved successfully.

C:\Users\Katinka\AppData\Local\Temp folder moved successfully.

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Katinka

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Katinka

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 9340107089 bytes

 

Total Files Cleaned = 8,907.00 mb

 

 

OTLPE by OldTimer - Version 3.1.46.0 log created on 06072011_210458

Werde jetzt anfangen die gezippte MovedFiles Datei hochzuladen.

sorry das war meine schuld, hab da nicht genug kopiert.
der ordner temp wurde neu erstellt nehme ich an? also automatisch?
öffne mal otl. klicke bereinigen, dann wird otl + moved files gelöscht.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Wie oder wo soll ich otl. öffnen nochmal von der CD starten? oder über Windows die CD starten?

sorry lösche einfach den ordner moved files.
und dann mit combofix weiter.

Also ComboFix lief durch und hier ist die ComboFix.txt:

Code:

ComboFix 11-06-06.07 - Katinka 08.06.2011   0:40.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1474 [GMT 2:00]

ausgeführt von:: F:\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

c:\programdata\HotbarSA

c:\programdata\HotbarSA\HotbarSA.dat

c:\programdata\HotbarSA\HotbarSA_kyf.dat

c:\programdata\HotbarSA\HotbarSAAbout.mht

c:\programdata\HotbarSA\HotbarSAau.dat

c:\programdata\HotbarSA\HotbarSAEULA.mht

c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar

c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk

c:\users\Katinka\AppData\Roaming\WeatherDPA

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-05-07 bis 2011-06-07  ))))))))))))))))))))))))))))))

.

.

2011-06-07 22:34 . 2011-06-07 22:36        --------        d-----w-        C:\32788R22FWJFW

2011-06-07 21:07 . 2011-06-07 22:47        --------        d-----w-        c:\users\Katinka\AppData\Local\Temp

2011-06-05 20:04 . 2011-06-05 09:28        16432        ----a-w-        c:\windows\system32\lsdelete.exe

2011-06-05 09:28 . 2011-06-05 09:28        98392        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys

2011-06-05 09:14 . 2011-04-29 10:12        64512        ----a-w-        c:\windows\system32\drivers\Lbd.sys

2011-06-05 09:14 . 2011-06-05 09:14        --------        d-----w-        c:\program files\Lavasoft

2011-06-05 09:14 . 2011-06-05 09:14        --------        d-----w-        c:\programdata\Lavasoft

2011-06-03 10:58 . 2011-05-09 20:46        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{38B2EEB2-5AF4-449C-B933-6C89678B0AFE}\mpengine.dll

2011-05-29 11:15 . 2004-03-08 23:00        662288        ----a-w-        c:\windows\system32\MSCOMCT2.OCX

2011-05-29 11:15 . 2001-10-28 15:42        116224        ----a-w-        c:\windows\system32\pdfcmnnt.dll

2011-05-29 11:15 . 1998-06-23 23:00        137000        ----a-w-        c:\windows\system32\MSMAPI32.OCX

2011-05-29 11:15 . 2011-05-29 11:16        --------        d-----w-        c:\program files\PDFCreator

2011-05-29 11:15 . 1998-07-06 16:56        125712        ----a-w-        c:\windows\system32\VB6DE.DLL

2011-05-29 11:15 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\system32\MSCMCDE.DLL

2011-05-29 11:15 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\system32\MSCC2DE.DLL

2011-05-29 11:15 . 1998-07-05 23:00        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL

2011-05-24 17:40 . 2011-06-07 21:20        --------        d-----w-        c:\programdata\Skype Extras

2011-05-24 17:40 . 2011-05-24 17:40        --------        d-----w-        c:\program files\Common Files\Skype

2011-05-11 19:29 . 2011-04-07 12:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-16 11:24 . 2010-02-07 17:17        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-03-12 21:55 . 2011-04-27 10:54        876032        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-03-10 17:03 . 2011-04-15 08:20        1162240        ----a-w-        c:\windows\system32\mfc42u.dll

2011-03-10 17:03 . 2011-04-15 08:20        1136640        ----a-w-        c:\windows\system32\mfc42.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Katinka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Katinka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Katinka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]

"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]

"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"fspuip"="c:\program files\FSP\fspuip.exe" [2009-06-19 765952]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

c:\users\Katinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Katinka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

WkCalRem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1ca96149fdacf30;Google Update Service (gupdate1ca96149fdacf30);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 133104]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]

R2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [2008-10-29 70656]

R3 fspad_wlh32;Finger-sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-06-17 41984]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 133104]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]

S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-05-08 498176]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - Lavasoft Kernexplorer

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

.

Inhalt des "geplante Tasks" Ordners

.

2011-06-07 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 16:18]

.

2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 18:57]

.

2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 18:57]

.

2011-06-07 c:\windows\Tasks\User_Feed_Synchronization-{14BD630B-2A9A-4BA4-A186-85029409AEC5}.job

- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.facebook.de/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4

FF - ProfilePath - c:\users\Katinka\AppData\Roaming\Mozilla\Firefox\Profiles\yj3k3qs2.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe

AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-06-08 00:47

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-06-08  00:49:05

ComboFix-quarantined-files.txt  2011-06-07 22:48

.

Vor Suchlauf: 8 Verzeichnis(se), 165.580.804.096 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 165.532.012.544 Bytes frei

.

- - End Of File - - 29B4450EDEDD43FACE49E9B146A91181

PS: Hör auch dich zu entschuldigen fühl mich schon schlecht ^.^

download malwarebytes:
Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Hier der Log:

Code:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org
 

Datenbank Version: 6810
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19048
 

08.06.2011 20:22:36

mbam-log-2011-06-08 (20-22-36).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 334715

Laufzeit: 1 Stunde(n), 1 Minute(n), 23 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 6

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HotbarAx.Info (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HotbarAx.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\program files\biologie chemie 5 bis 13\umrechner.exe (Trojan.FakeCalc) -> Quarantined and deleted successfully.

c:\program files\biologie chemie 5 bis 13\umrechner.exe (Trojan.FakeCalc) -> Quarantined and deleted successfully.
sieht nach fehlalarm aus, kannst du aus der quarantäne hohlen

lade den CCleaner standard:
CCleaner - Standard
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Da wie ich schon sagte das der PC einer Freundin ist sind mir natürlich einige Programme unbekannt, dehalb habs ichs einfach mal nach bestem gewissen gemacht.

Code:

Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        25.08.2009        13,5MB        unnötig

Ad-Aware        Lavasoft Limited        04.06.2011        33,7MB        9.0.1 notwendig

Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        25.08.2009                10.0.22.87 notwendig

Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        16.11.2010                10.1.102.64 notwendig

Adobe Reader 9.4.4 - Deutsch        Adobe Systems Incorporated        28.05.2011        201MB        9.4.4 notwendig

Adobe Shockwave Player 11        Adobe Systems, Inc.        25.08.2009        17,5MB        11 notwendig

Angebote ALDI SÜD Bildschirmschoner                25.08.2009        unnötig        

Apple Application Support        Apple Inc.        29.11.2010        52,7MB        1.4.1 notwendig

Apple Mobile Device Support        Apple Inc.        29.11.2010        21,7MB        3.3.0.69 notwendig

Apple Software Update        Apple Inc.        07.06.2010        2,26MB        2.1.2.120 notwendig

Audible Download Manager        Audible, Inc.        24.08.2010        3,81MB        6.6.0.12 unbekannt

Avira AntiVir Personal - Free Antivirus        Avira GmbH        28.04.2011        78,8MB        10.0.0.648 notwendig

Badaboom 1.1.1.194        Elemental Technologies        25.08.2009        14,3MB        1.1.1.194 unbekannt

Biologie Chemie 5 bis 13        Tandem        08.04.2010        211MB        2.0 unbekannt

Bonjour        Apple Inc.        28.10.2010        0,76MB        2.0.3.0 notwendig

CanoScan LiDE 210 Scanner Driver                29.01.2011         notwendig        

CCleaner        Piriform        07.06.2011        3,68MB        3.07 notwendig

Compatibility Pack für 2007 Office System        Microsoft Corporation        13.05.2011        60,3MB        12.0.6425.1000 notwendig

Corel Home Office 5.0.56        Corel Corporation        09.06.2009        124,7MB notwendig        

CorelDRAW Essentials 4        Corel Corporation        09.06.2009        684MB         notwendig

CorelDRAW Essentials 4 - Windows Shell Extension        Corel Corporation        09.06.2009        1,81MB notwendig        

CyberLink MediaShow        CyberLink Corp.        09.06.2009        316MB        4.1.2325 unbekannt

CyberLink PhotoNow        CyberLink Corp.        09.06.2009        21,8MB        1.1.5615 unbekannt

CyberLink PowerDirector        CyberLink Corp.        09.06.2009        423MB        7.0.2625 unbekannt

CyberLink PowerDVD 8        CyberLink Corp.        09.06.2009        94,4MB        8.0.2606a unbekannt

CyberLink PowerProducer        CyberLink Corp.        09.06.2009        311MB        5.0.1.1412 unbekannt

CyberLink YouCam        CyberLink Corp.        09.06.2009        73,8MB        2.0.2521 unbekannt

DivX Web Player        DivX,Inc.        25.08.2009        3,45MB        1.5.0 notwendig

Dropbox        Dropbox, Inc.        01.06.2011        24,0MB        1.1.35 unbekannt

e-Wörterbücher                25.08.2009        1,75MB         notwendig

Facebook Plug-In        Facebook, Inc.        28.03.2010        11,6MB         notwendig

Finger-sensing Pad Driver        FSP        21.06.2009        13,4MB        8.4.2.8 notwendig

Foxlink Webcam        Sonix        09.06.2009        5,70MB        5.8.51000.202_WHQL unbekannt

FreeMind                05.03.2011        16,5MB        0.9.0_RC_10 unbekannt

Google Chrome        Google Inc.        14.01.2010        154,8MB        11.0.696.71 notwendig

Google Earth        Google        10.06.2009        25,3MB        4.3.7284.3916 notwendig

Google Toolbar for Internet Explorer        Google Inc.        04.06.2011        8,71MB        7.0.1710.2246 notwendig

Google Updater        Google Inc.        25.08.2009        4,57MB        2.4.1487.6512 notwendig

ICQ6.5        ICQ        29.10.2009        48,0MB        6.5 notwendig

Intel® Matrix Storage Manager        Intel Corporation        25.08.2009        46,9MB unbekannt        

iTunes        Apple Inc.        27.12.2010        144,8MB        10.1.1.4 notwendig

Java(TM) 6 Update 23        Sun Microsystems, Inc.        09.06.2009        97,0MB        6.0.230 notwendig

Malwarebytes' Anti-Malware Version 1.51.0.1200        Malwarebytes Corporation        07.06.2011        7,29MB        1.51.0.1200

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        25.08.2009        37,0MB         notwendig

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        25.08.2009        37,0MB         notwendig

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        26.06.2010        120,3MB        4. 0.30319 notwendig

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        26.06.2010        24,5MB        4.0.30319 notwendig

Microsoft Office Enterprise 2007        Microsoft Corporation        21.03.2010        643MB        12.0.6425.1000 notwendig

Microsoft Office Home and Student 2007        Microsoft Corporation        11.04.2010        643MB        12.0.6425.1000 notwendig

Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        13.05.2011        100,2MB        12.0.6425.1000 notwendig

Microsoft Silverlight        Microsoft Corporation        21.04.2011        26,7MB        4.0.60310.0 notwendig

Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        09.06.2009        1,74MB        3.1.0000 notwendig

Microsoft Sync Framework Runtime Native v1.0 (x86)        Microsoft Corporation        22.11.2009        0,61MB        1.0.1215.0 notwendig

Microsoft Sync Framework Services Native v1.0 (x86)        Microsoft Corporation        26.01.2011        1,45MB        1.0.1215.0 notwendig

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        20.09.2009        0,25MB        8.0.50727.4053 notwendig

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        09.06.2009        0,41MB        8.0.56336 notwendig

Microsoft Visual C++ 2005 Redistributable - KB2467175        Microsoft Corporation        26.05.2011        0,29MB        8.0.51011 notwendig

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        07.02.2010        0,19MB        9.0 .30729.4148 notwendig

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        26.05.2011        0,58MB        9.0.30729.5570 notwendig

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        06.02.2010        0,58MB        9.0.30729 notwendig

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        29.03.2010        0,58MB        9.0.30729.4148 notwendig

Microsoft Works        Microsoft Corporation        17.12.2010        545MB        9.7.0621 notwendig

Mozilla Firefox (3.6.17)        Mozilla        30.04.2011        29,5MB        3.6.17 (de) notwendig

Mozilla Thunderbird (3.1.10)        Mozilla        02.05.2011        33,4MB        3.1.10 (de) notwendig

MSXML 4.0 SP2 (KB927978)        Microsoft Corporation        09.06.2009        34,00KB        4.20.9841.0 unbekannt

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        09.06.2009        1,28MB        4.20.9870.0 unbekannt

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        27.11.2009        1,34MB        4.20.9876.0 unbekannt

Nero 8 Essentials        Nero AG        09.06.2009        1.938MB        8.3.124 notwendig

NVIDIA Drivers        NVIDIA Corporation        25.08.2009        3.314MB        1.3 notwendig

PDFCreator        Frank Heindörfer, Philip Chinery        28.05.2011        30,1MB        1.2.1 notwendig

Picasa 3        Google, Inc.        29.01.2011        96,2MB        3.8 notwendig

QuickTime        Apple Inc.        27.12.2010        73,7MB        7.69.80.9 notwendig

Realtek 8136 8168 8169 Ethernet Driver        Realtek        16.06.2009        1,60MB        1.00.0005 notwendig

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        09.06.2009        9,29MB        6.0.1.5730 notwendig

Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        09.06.2009        1,50MB        6.0.6000.20111 notwendig

REALTEK Wireless LAN Driver        REALTEK Semiconductor Corp.        09.06.2009        7,10MB        1.01.0092 notwendig

Skype Toolbars        Skype Technologies S.A.        23.05.2011        5,86MB        5.3.7280 unnötig

Skype™ 5.3        Skype Technologies S.A.        23.05.2011        22,6MB        5.3.111 notwendig

Sobotta interaktiv - Bewegungsapparat                25.10.2010        13,0MB unbekannt        

Spelling Dictionaries Support For Adobe Reader 9        Adobe Systems Incorporated        08.11.2009        29,7MB        9.0.0 notwendig

TIPP10 Version 2.0.3        (c) 2006-2008, Tom Thielicke        03.10.2009        12,2MB notwendig        

Trivial Pursuit                06.02.2010        45,1MB         notwendig

VLC media player 1.1.9        VideoLAN        01.06.2011        75,7MB        1.1.9 notwendig

Windows Live Anmelde-Assistent        Microsoft Corporation        09.06.2009        1,93MB        5.000.818.6 notwendig

Windows Live Essentials        Microsoft Corporation        26.01.2011        136,5MB        14.0.8117.0416 notwendig

Windows Live Sync        Microsoft Corporation        26.01.2011        2,79MB        14.0.8117.416 notwendig

Windows Live-Uploadtool        Microsoft Corporation        09.06.2009        0,22MB        14.0.8014.1029 notwendig

dann arbeite es doch mit ihr gemeinsam durch