bProtector for Windows und Searchplugins

Lotja · 28.07.2012, 22:20

Hallo,

ich habe vor 2 Wochen auf meinem Laptop (Acer, Intel, 2 Cuo CPU, T9400 @ 2,53GHz, 4,00 GB RAM, Windows Vista Home Premium, 32 Bit, NVIDIA GeForce 9600M GT) einige Folder gefunden, die ich nicht draufgepackt hatte: bProtector for Windows und Searchplugins.

Als erstes habe ich mir nicht so viel dabei gedacht und die Folder gelöscht - nur um zu finden, dass sie im Nu wieder da waren. Das habe ich ein paar Mal gemacht und eigentlich dann erst angefangen, mich zu sorgen.

Also habe ich gegoogelt - leider kam nicht viel dabei rüber...

Inzwischen fand ich allerdings, dass diese bProtector-Folder sich überall reingeschrieben haben - auch in andere Folder. Manche konnte ich löschen, andere nicht.

Nun habe ich endlich dieses Forum gefunden, habe - wie empfohlen - Malewarebytes Anti-Maleware runtergeladen, installiert, einen kompletten Scan aller Festplatten machen lassen und die Log-Datei gespeichert.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5777

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

16.02.2011 21:46:46
mbam-log-2011-02-16 (21-46-46).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 183835
Laufzeit: 11 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

2012/07/28 16:03:52 +0200 LOTJA-PC Lotja MESSAGE Starting protection
2012/07/28 16:04:01 +0200 LOTJA-PC Lotja MESSAGE Protection started successfully
2012/07/28 16:04:04 +0200 LOTJA-PC Lotja MESSAGE Starting IP protection
2012/07/28 16:04:09 +0200 LOTJA-PC Lotja MESSAGE IP Protection started successfully
2012/07/28 16:04:22 +0200 LOTJA-PC Lotja MESSAGE Starting database refresh
2012/07/28 16:04:22 +0200 LOTJA-PC Lotja MESSAGE Stopping IP protection
2012/07/28 16:04:25 +0200 LOTJA-PC Lotja MESSAGE IP Protection stopped
2012/07/28 16:04:35 +0200 LOTJA-PC Lotja MESSAGE Database refreshed successfully
2012/07/28 16:04:35 +0200 LOTJA-PC Lotja MESSAGE Starting IP protection
2012/07/28 16:04:38 +0200 LOTJA-PC Lotja MESSAGE IP Protection started successfully
2012/07/28 16:13:03 +0200 LOTJA-PC Lotja DETECTION C:\$RECYCLE.BIN\S-1-5-21-1814567288-1568723172-167741775-1000\$RM1MCLN\bin\VisualParamGenerator.exe Backdoor.MSIL.PGen QUARANTINE
2012/07/28 16:16:03 +0200 LOTJA-PC Lotja DETECTION c:\$recycle.bin\s-1-5-21-1814567288-1568723172-167741775-1000\$rm1mcln\bin\visualparamgenerator.exe Backdoor.MSIL.PGen DENY
2012/07/28 16:17:35 +0200 LOTJA-PC Lotja DETECTION c:\$recycle.bin\s-1-5-21-1814567288-1568723172-167741775-1000\$rm1mcln\bin\visualparamgenerator.exe Backdoor.MSIL.PGen DENY
2012/07/28 16:19:02 +0200 LOTJA-PC Lotja MESSAGE Executing scheduled update: Daily
2012/07/28 16:19:05 +0200 LOTJA-PC Lotja MESSAGE Database already up-to-date
2012/07/28 18:20:18 +0200 LOTJA-PC Lotja IP-BLOCK 89.28.99.35 (Type: outgoing, Port: 56834, Process: skype.exe)
2012/07/28 18:20:18 +0200 LOTJA-PC Lotja IP-BLOCK 89.28.99.35 (Type: outgoing, Port: 56835, Process: skype.exe)
2012/07/28 18:20:18 +0200 LOTJA-PC Lotja IP-BLOCK 89.28.99.35 (Type: outgoing, Port: 56836, Process: skype.exe)
2012/07/28 19:06:01 +0200 LOTJA-PC Lotja MESSAGE Starting protection
2012/07/28 19:06:12 +0200 LOTJA-PC Lotja MESSAGE Protection started successfully
2012/07/28 22:19:04 +0200 LOTJA-PC Lotja MESSAGE Starting protection
2012/07/28 22:19:14 +0200 LOTJA-PC Lotja MESSAGE Protection started successfully
2012/07/28 22:19:17 +0200 LOTJA-PC Lotja MESSAGE Starting IP protection
2012/07/28 22:26:41 +0200 LOTJA-PC Lotja MESSAGE Starting protection
2012/07/28 22:26:51 +0200 LOTJA-PC Lotja MESSAGE Protection started successfully
2012/07/28 22:26:54 +0200 LOTJA-PC Lotja MESSAGE Starting IP protection
2012/07/28 22:26:58 +0200 LOTJA-PC Lotja MESSAGE IP Protection started successfully
2012/07/28 22:39:13 +0200 LOTJA-PC Lotja MESSAGE Starting protection
2012/07/28 22:39:23 +0200 LOTJA-PC Lotja MESSAGE Protection started successfully
2012/07/28 22:39:26 +0200 LOTJA-PC Lotja MESSAGE Starting IP protection
2012/07/28 22:39:30 +0200 LOTJA-PC Lotja MESSAGE IP Protection started successfully

Eine Datei ist in Quarantäne gelandet: Backdoor.MIL.PGen

Und so vermehrt sich dieser bProtector for Windows munter weiter auf meinem PC. Nämlich genau einmal pro Minute, unendlich.

Kann mir hier wohl jemand helfen? So langsam gerate ich nämlich in Panik, da ich nicht einmal meine Dateien auf ein anderes Laufwerk verschieben kann, da sich dieses Biest überall reinkopiert!

1000 Dank
Lotja

t'john · 29.07.2012, 14:40

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

Lotja · 29.07.2012, 16:38

OTL EXTRAS Logfile:
[CODE]OTL Extras logfile created on: 29.07.2012 11:53:55 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Lotja\Documents\Downloads\Programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 34,92% Memory free
8,90 Gb Paging File | 6,64 Gb Available in Paging File | 74,66% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 41,20 Gb Free Space | 28,60% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 193,96 Gb Free Space | 65,07% Space Free | Partition Type: NTFS
Drive E: | 144,04 Gb Total Space | 58,64 Gb Free Space | 40,71% Space Free | Partition Type: NTFS

Computer Name: LOTJA-PC | User Name: Lotja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.07.2012 11:53:55 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Lotja\Documents\Downloads\Programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 34,92% Memory free
8,90 Gb Paging File | 6,64 Gb Available in Paging File | 74,66% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 41,20 Gb Free Space | 28,60% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 193,96 Gb Free Space | 65,07% Space Free | Partition Type: NTFS
Drive E: | 144,04 Gb Total Space | 58,64 Gb Free Space | 40,71% Space Free | Partition Type: NTFS
 
Computer Name: LOTJA-PC | User Name: Lotja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lotja\Documents\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - E:\von torrent\IDM Internet Download Manager 5.18.2 Full Version\crack\IDMan.exe (Tonec Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - E:\von torrent\IDM Internet Download Manager 5.18.2 Full Version\crack\IEMonitor.exe (Tonec Inc.)
PRC - C:\Users\Lotja\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Windows\System32\pcPDisp.exe (pdfconverter.com)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Windows\System32\SysHook.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll ()
MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NVHDA) -- system32\drivers\nvhda32v.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (adfs) --  File not found
DRV - (ADASPROT) -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (WsAudio_DeviceS(5) -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV - (WsAudio_DeviceS(4) -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV - (WsAudio_DeviceS(3) -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV - (WsAudio_DeviceS(2) -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV - (WsAudio_DeviceS(1) -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304564
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {D34CDAC2-393E-4234-B4E4-3A504D059420}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = ^hxxp://.*\.babylon\.com/\?.*AF=114022.*
IE - HKCU\..\SearchScopes\{D34CDAC2-393E-4234-B4E4-3A504D059420}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGHP_deDE493
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Lotja\AppData\Roaming\IDM\idmmzcc3 [2012.06.21 22:18:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Lotja\AppData\Roaming\IDM\idmmzcc5 [2012.07.04 09:50:40 | 000,000,000 | ---D | M]
 
[2010.11.01 13:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lotja\AppData\Roaming\mozilla\Extensions
[2010.11.01 13:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lotja\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.05.31 15:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.01 13:47:38 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\von torrent\IDM Internet Download Manager 5.18.2 Full Version\crack\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI={$CHROM_GUID_UNINSTALLS} File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCE Print Dispatcher] C:\Windows\System32\pcPDisp.exe (pdfconverter.com)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [IDMan] E:\von torrent\IDM Internet Download Manager 5.18.2 Full Version\crack\IDMan.exe (Tonec Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Download aller Links mit IDM - E:\von torrent\IDM Internet Download Manager 5.18.2 Full Version\crack\IEGetAll.htm ()
O8 - Extra context menu item: Download mit IDM - E:\von torrent\IDM Internet Download Manager 5.18.2 Full Version\crack\IEExt.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26487752-03A8-4A6E-B2BD-F3D83239F459}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A250EB2-C942-40C9-8010-CEC49AE5F15E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Lotja\os\barcelona\tosha.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lotja\os\barcelona\tosha.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a629a5e7-bf06-11df-a2e5-001fe2f499c4}\Shell - "" = AutoRun
O33 - MountPoints2\{a629a5e7-bf06-11df-a2e5-001fe2f499c4}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a629a5ed-bf06-11df-a2e5-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{a629a5ed-bf06-11df-a2e5-001e101fe5e1}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sasnative32)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.29 08:16:18 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.29 00:53:58 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.29 00:53:57 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.28 16:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.28 16:03:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.28 16:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.27 22:17:28 | 000,000,000 | ---D | C] -- C:\Users\Lotja\AppData\Roaming\searchplugins
[2012.07.27 22:17:28 | 000,000,000 | ---D | C] -- C:\Users\Lotja\AppData\Roaming\bProtectorForWindows
[2012.07.27 21:16:09 | 000,000,000 | ---D | C] -- C:\Users\Lotja\bProtectorForWindows
[2012.07.27 15:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.07.27 15:46:28 | 000,000,000 | ---D | C] -- C:\Users\Lotja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.07.27 15:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012.07.27 15:10:02 | 000,000,000 | ---D | C] -- C:\Users\Lotja\searchplugins
[2012.07.27 13:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\searchplugins
[2012.07.27 13:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\bProtectorForWindows
[2012.07.27 12:39:21 | 000,000,000 | ---D | C] -- C:\Users\Lotja\Desktop\bProtectorForWindows
[2012.07.27 11:25:15 | 000,000,000 | ---D | C] -- C:\Users\Lotja\Desktop\searchplugins
[2012.07.24 17:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.24 17:21:17 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.24 17:21:17 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.24 17:20:47 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.24 17:20:47 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.24 11:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\JMicron
[2012.07.24 11:22:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SDA
[2012.07.24 11:12:10 | 000,203,352 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\System32\jmcricon.dll
[2012.07.24 11:12:10 | 000,145,496 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\System32\drivers\jmcr.sys
[2012.07.22 18:57:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012.07.21 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\Lotja\temp
[2012.07.18 07:55:05 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.07.16 13:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012.07.16 13:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2012.07.16 13:01:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2012.07.16 13:01:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2012.07.16 13:01:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\bProtectorForWindows
[2012.07.16 13:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows
[2012.07.16 13:00:22 | 000,000,000 | ---D | C] -- C:\Users\Lotja\Documents\Flash Slideshow Maker Professional
[2012.07.16 13:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Slideshow Maker Professional
[2012.07.16 12:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Slideshow Maker Professional
[2012.07.13 13:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Visual Slideshow
[2012.07.12 03:09:25 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 10:28:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.02 03:29:31 | 000,000,000 | ---D | C] -- C:\Users\Lotja\audiobook
[2012.07.01 11:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.01 11:16:15 | 000,000,000 | ---D | C] -- C:\Users\Lotja\AppData\Roaming\DriverCure
[2012.07.01 11:16:14 | 000,000,000 | ---D | C] -- C:\Users\Lotja\AppData\Roaming\SpeedyPC Software
[2012.07.01 11:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.07.01 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.29 12:06:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 12:06:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 11:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 11:13:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.29 08:16:18 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.29 08:14:16 | 000,671,462 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.29 08:14:16 | 000,632,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.29 08:14:16 | 000,144,598 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.29 08:14:16 | 000,118,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.29 08:07:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.07.29 08:07:13 | 000,078,023 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.29 08:06:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 08:06:00 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.29 00:53:58 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.29 00:53:57 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.28 16:03:20 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 15:46:28 | 000,002,038 | ---- | M] () -- C:\Users\Lotja\Desktop\Sophos Virus Removal Tool.lnk
[2012.07.27 01:20:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.26 18:57:57 | 000,227,653 | ---- | M] () -- C:\Users\Lotja\AppData\Local\recently-used.xbel
[2012.07.24 17:20:28 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.24 17:20:28 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.24 17:20:28 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.23 02:46:53 | 007,539,716 | ---- | M] () -- C:\Users\Lotja\Desktop\architecture.rar
[2012.07.21 17:32:45 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.07.16 13:02:28 | 000,003,092 | ---- | M] () -- C:\user.js
[2012.07.16 08:43:49 | 000,055,808 | ---- | M] () -- C:\Users\Lotja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.16 02:10:12 | 376,634,518 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.14 14:47:30 | 003,763,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.14 10:49:38 | 000,000,219 | ---- | M] () -- C:\Windows\wininit.ini
[2012.07.13 13:59:16 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\Visual Slideshow.lnk
[2012.07.13 11:48:09 | 000,059,803 | ---- | M] () -- C:\Users\Lotja\Documents\veh.jpg
[2012.07.12 12:20:08 | 000,000,680 | ---- | M] () -- C:\Users\Lotja\AppData\Local\d3d9caps.dat
[2012.07.11 10:21:57 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.02 11:39:36 | 000,120,338 | ---- | M] () -- C:\Users\Lotja\Documents\ueberlagerung.jpg
[2012.07.01 11:42:19 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.01 10:51:00 | 000,084,073 | ---- | M] () -- C:\Users\Lotja\Documents\oma2.jpg
[2012.07.01 10:48:54 | 000,404,434 | ---- | M] () -- C:\Users\Lotja\Documents\oma1.jpg
[2012.07.01 10:45:42 | 000,286,059 | ---- | M] () -- C:\Users\Lotja\Documents\oma.jpg
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.29 00:54:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.28 22:15:28 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.28 16:03:20 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 15:46:28 | 000,002,038 | ---- | C] () -- C:\Users\Lotja\Desktop\Sophos Virus Removal Tool.lnk
[2012.07.26 18:57:57 | 000,227,653 | ---- | C] () -- C:\Users\Lotja\AppData\Local\recently-used.xbel
[2012.07.23 02:30:50 | 007,539,716 | ---- | C] () -- C:\Users\Lotja\Desktop\architecture.rar
[2012.07.21 17:32:45 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.07.21 17:32:45 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.07.16 02:10:12 | 376,634,518 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.13 13:59:16 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\Visual Slideshow.lnk
[2012.07.13 11:48:09 | 000,059,803 | ---- | C] () -- C:\Users\Lotja\Documents\veh.jpg
[2012.07.11 10:20:25 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012.07.11 10:20:25 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012.07.02 11:39:35 | 000,120,338 | ---- | C] () -- C:\Users\Lotja\Documents\ueberlagerung.jpg
[2012.07.01 10:51:00 | 000,084,073 | ---- | C] () -- C:\Users\Lotja\Documents\oma2.jpg
[2012.07.01 10:48:50 | 000,404,434 | ---- | C] () -- C:\Users\Lotja\Documents\oma1.jpg
[2012.07.01 10:45:41 | 000,286,059 | ---- | C] () -- C:\Users\Lotja\Documents\oma.jpg
[2012.06.02 11:26:24 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2012.04.06 23:34:12 | 000,000,241 | ---- | C] () -- C:\Users\Lotja\.gtk-bookmarks
[2011.08.02 15:32:32 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.03.21 01:39:35 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011.02.08 12:23:44 | 000,000,680 | ---- | C] () -- C:\Users\Lotja\AppData\Local\d3d9caps.dat
[2010.10.24 17:50:52 | 000,012,573 | ---- | C] () -- C:\Users\Lotja\keys for photo shop.odt
[2010.10.15 12:38:08 | 000,001,828 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2010.02.06 05:56:24 | 000,157,672 | ---- | C] () -- C:\Users\Lotja\schrift.jpg
[2009.12.15 23:16:41 | 000,014,907 | ---- | C] () -- C:\Users\Lotja\for liebster.jpg
[2009.12.13 02:51:27 | 026,716,000 | ---- | C] () -- C:\Users\Lotja\Freakonomics.pdf
[2009.08.31 17:14:05 | 000,055,808 | ---- | C] () -- C:\Users\Lotja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.25 00:41:05 | 000,000,032 | ---- | C] () -- C:\Users\Lotja\volume_settings.xml
[2009.07.08 01:13:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.06 10:21:24 | 000,078,023 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.06 10:20:03 | 000,078,023 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 833 bytes -> C:\Users\Lotja\Documents\message.eml:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C31F31E6
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

--- --- ---

--- --- ---

t'john · 29.07.2012, 18:26

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
MOD - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll () 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (NVHDA) -- system32\drivers\nvhda32v.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (adfs) -- File not found 
DRV - (ADASPROT) -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys File not found 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304564 
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} 
IE - HKCU\..\SearchScopes,DefaultScope = {D34CDAC2-393E-4234-B4E4-3A504D059420} 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = ^http://.*\.babylon\.com/\?.*AF=114022.* 
IE - HKCU\..\SearchScopes\{D34CDAC2-393E-4234-B4E4-3A504D059420}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7GGHP_deDE493 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7 
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Lotja\AppData\Roaming\IDM\idmmzcc3 [2012.06.21 22:18:46 | 000,000,000 | ---D | M] 
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Lotja\AppData\Roaming\IDM\idmmzcc5 [2012.07.04 09:50:40 | 000,000,000 | ---D | M] 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. 
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) 
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. 
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. 
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) 
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI={$CHROM_GUID_UNINSTALLS} File not found 
O4 - HKLM..\Run: [PCE Print Dispatcher] C:\Windows\System32\pcPDisp.exe (pdfconverter.com) 
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () 
O4 - HKCU..\Run: [AdobeBridge] File not found 
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll () 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{a629a5e7-bf06-11df-a2e5-001fe2f499c4}\Shell - "" = AutoRun 
O33 - MountPoints2\{a629a5e7-bf06-11df-a2e5-001fe2f499c4}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{a629a5ed-bf06-11df-a2e5-001e101fe5e1}\Shell - "" = AutoRun 
O33 - MountPoints2\{a629a5ed-bf06-11df-a2e5-001e101fe5e1}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence 


[2012.07.29 08:07:13 | 000,078,023 | ---- | M] () -- C:\ProgramData\nvModes.001 

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FC420CE6 
@Alternate Data Stream - 833 bytes -> C:\Users\Lotja\Documents\message.eml:OECustomProperty 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C8B8CEBD 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C31F31E6 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 

[2012.07.27 22:17:28 | 000,000,000 | ---D | C] -- C:\Users\Lotja\AppData\Roaming\searchplugins 
[2012.07.27 21:16:09 | 000,000,000 | ---D | C] -- C:\Users\Lotja\bProtectorForWindows 

[2012.07.27 15:10:02 | 000,000,000 | ---D | C] -- C:\Users\Lotja\searchplugins 
[2012.07.27 13:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\searchplugins 
[2012.07.27 13:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\bProtectorForWindows 
[2012.07.27 12:39:21 | 000,000,000 | ---D | C] -- C:\Users\Lotja\Desktop\bProtectorForWindows 
[2012.07.27 11:25:15 | 000,000,000 | ---D | C] -- C:\Users\Lotja\Desktop\searchplugins 

[2012.07.16 13:01:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins 
[2012.07.16 13:01:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\bProtectorForWindows 
[2012.07.16 13:00:22 | 000,000,000 | ---D | C] -- C:\Users\Lotja\Documents\Flash Slideshow Maker Professional 
[2012.07.01 11:42:19 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk 

[2012.07.21 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\Lotja\temp 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

t'john · 14.08.2012, 05:08

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

bProtector for Windows und Searchplugins

Plagegeister aller Art und deren Bekämpfung: bProtector for Windows und Searchplugins