clicktocontinue by coupondopdown
 

Hallo,

ich habe wie einige User vor mir auch besagten Virus.
Nach einer Anleitung von t'jojn aus diesem Forum habe ich bereits mit Malwarebytes Anti-Rootkit meinen PC scannen lassen.
Nach Schritt 1 hier die Log-Datei:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_35

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4079665152, free: 871555072

------------ Kernel report ------------
03/31/2013 22:56:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\LPCFilter.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\CeKbFilter.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\kernel32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\normaliz.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\shell32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\ole32.dll
\Windows\System32\msctf.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c99060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004a0b050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.31.04
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c99060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c99b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c99060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004a0b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a012039350, 0xfffffa8004c99060, 0xfffffa800421f250
Lower DeviceData: 0xfffff8a00134b250, 0xfffffa8004a0b050, 0xfffffa800b851700
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 90B4D6F9

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 819200
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 821248 Numsec = 488386560

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 489207808 Numsec = 487565312

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800b5ed060, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004278870, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b5ed060, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80041b34f0, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 10680 Numsec = 15939912
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 8166703104 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} --> [PUP.Blabbers]
Infected: c:\Program Files (x86)\BrowserCompanion\jsloader.dll --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{8830DDF0-3042-404D-A62C-384A85E34833} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{817923CB-4744-4216-B250-CF7EDA8F1767} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{817923CB-4744-4216-B250-CF7EDA8F1767} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8830DDF0-3042-404D-A62C-384A85E34833} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\wit4ie.WitBHO.2 --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\wit4ie.WitBHO --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\wit4ie.WitBHO --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\wit4ie.WitBHO.2 --> [PUP.Blabbers]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} --> [PUP.Blabbers]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} --> [PUP.Blabbers]
Infected: c:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{830B56CB-FD22-44AA-9887-7898F4F4158D} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{830B56CB-FD22-44AA-9887-7898F4F4158D} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\tdataprotocol.CTData.1 --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\tdataprotocol.CTData --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\tdataprotocol.CTData --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\tdataprotocol.CTData.1 --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} --> [PUP.Blabbers]
Infected: c:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{9F0C17EB-EF2C-4278-9136-2D547656BC03} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F0C17EB-EF2C-4278-9136-2D547656BC03} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\updatebho.TimerBHO.1 --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\updatebho.TimerBHO --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\updatebho.TimerBHO --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{963B125B-8B21-49A2-A3A8-E37092276531} --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\updatebho.TimerBHO.1 --> [PUP.Blabbers]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} --> [PUP.Blabbers]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{963B125B-8B21-49A2-A3A8-E37092276531} --> [PUP.Blabbers]
Infected: c:\Users\Alice\Downloads\DownloadAcceleratorSetup.exe --> [PUP.Adware.InstallCore]
Infected: c:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi --> [PUP.Blabbers]
Infected: c:\Program Files (x86)\BrowserCompanion --> [PUP.Blabbers]
Infected: c:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx --> [PUP.Blabbers]
Infected: c:\Program Files (x86)\BrowserCompanion\logo.ico --> [PUP.Blabbers]
Infected: c:\Program Files (x86)\BrowserCompanion\terms.lnk.url --> [PUP.Blabbers]
Infected: c:\Program Files (x86)\BrowserCompanion\toolbar.dll --> [PUP.Blabbers]
Infected: c:\Program Files (x86)\BrowserCompanion\uninstall.exe --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowserCompanion --> [PUP.Blabbers]
Infected: c:\Program Files (x86)\BrowserCompanion\updater.ini --> [PUP.Blabbers]
Infected: c:\Program Files (x86)\BrowserCompanion\widgetserv.exe --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64 --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\BASE64 --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\CHROME --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID --> [PUP.Blabbers]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\PROX --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cmpguid.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\fix2.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\fix3.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\fix4.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71_2.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\icon.png --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\lock.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\witapi.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\witmain.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\24babf55cc829f44cc93a9b1f6d91998 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\24babf55cc829f44cc93a9b1f6d91998_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\bc8dad417f8f0fb33406e79ccd806c7f --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\bc8dad417f8f0fb33406e79ccd806c7f_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\5fa7175bc2ca31ede84e2c1c8d75f3a5 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\5fa7175bc2ca31ede84e2c1c8d75f3a5_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\f518ab7a831164d6929797f9240a99c0 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\f518ab7a831164d6929797f9240a99c0_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_unknown --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_unknown --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\91ed24cba47f3cabaaaf7bdb0e620066 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\91ed24cba47f3cabaaaf7bdb0e620066_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\97ebd54590023fc7011e49d332abb7d1 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\97ebd54590023fc7011e49d332abb7d1_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_unknown --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_unknown --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_version --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\eb04bdda55e3827d8df8b5e1afac83a2 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\eb04bdda55e3827d8df8b5e1afac83a2_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_unknown --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\86c0ad88ecc21918c1ababa536b80de9 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\86c0ad88ecc21918c1ababa536b80de9_expire --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 --> [PUP.Blabbers]
Infected: c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire --> [PUP.Blabbers]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_35

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4079665152, free: 3034337280

Removal queue found; removal started
Removing c:\Program Files (x86)\BrowserCompanion\jsloader.dll...
Removing c:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll...
Removing c:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll...
Removing c:\Users\Alice\Downloads\DownloadAcceleratorSetup.exe...
Removing c:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi...
Removing c:\Program Files (x86)\BrowserCompanion...
Removing c:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx...
Removing c:\Program Files (x86)\BrowserCompanion\logo.ico...
Removing c:\Program Files (x86)\BrowserCompanion\terms.lnk.url...
Removing c:\Program Files (x86)\BrowserCompanion\toolbar.dll...
Removing c:\Program Files (x86)\BrowserCompanion\uninstall.exe...
Removing c:\Program Files (x86)\BrowserCompanion\updater.ini...
Removing c:\Program Files (x86)\BrowserCompanion\widgetserv.exe...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cmpguid.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\fix2.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\fix3.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\fix4.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71_2.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\icon.png...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\lock.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\witapi.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\witmain.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\24babf55cc829f44cc93a9b1f6d91998...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\24babf55cc829f44cc93a9b1f6d91998_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\bc8dad417f8f0fb33406e79ccd806c7f...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\bc8dad417f8f0fb33406e79ccd806c7f_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\5fa7175bc2ca31ede84e2c1c8d75f3a5...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\5fa7175bc2ca31ede84e2c1c8d75f3a5_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\f518ab7a831164d6929797f9240a99c0...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\f518ab7a831164d6929797f9240a99c0_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_unknown...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_unknown...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\91ed24cba47f3cabaaaf7bdb0e620066...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\91ed24cba47f3cabaaaf7bdb0e620066_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\97ebd54590023fc7011e49d332abb7d1...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\97ebd54590023fc7011e49d332abb7d1_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_unknown...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_unknown...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_version...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\eb04bdda55e3827d8df8b5e1afac83a2...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\eb04bdda55e3827d8df8b5e1afac83a2_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_unknown...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\86c0ad88ecc21918c1ababa536b80de9...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\86c0ad88ecc21918c1ababa536b80de9_expire...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49...
Removing c:\Users\Alice\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire...
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_35

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4079665152, free: 2667356160

------------ Kernel report ------------
03/31/2013 23:22:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\LPCFilter.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\CeKbFilter.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8007162790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xfffffa8007cefb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007042790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xfffffa8007cabb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c9a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004a13050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c9a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c9ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c9a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004a13050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00caed970, 0xfffffa8004c9a060, 0xfffffa80040c1790
Lower DeviceData: 0xfffff8a00c1c76c0, 0xfffffa8004a13050, 0xfffffa80040bf890
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 90B4D6F9

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 819200
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 821248 Numsec = 488386560

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 489207808 Numsec = 487565312

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007042790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003b6e800, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007042790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007cabb60, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00b635f20, 0xfffffa8007042790, 0xfffffa80040b25e0
Lower DeviceData: 0xfffff8a00b979e70, 0xfffffa8007cabb60, 0xfffffa800405d890
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 10680 Numsec = 15939912
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 8166703104 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8007162790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007ce1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007162790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007cefb60, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00c1e4300, 0xfffffa8007162790, 0xfffffa80040cc790
Lower DeviceData: 0xfffff8a00bf3c580, 0xfffffa8007cefb60, 0xfffffa80040bea60
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1B661B

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 2930270208

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1500299395072 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
----------------------------------------------

Kann mir jemand sagen, wie ich weiter vorgehen soll?
Danke im Voraus!

Viele Grüße

:hallo:

das ist das falsche Logfile!

Ah, ok:)
Dann die hier?

Malwarebytes Anti-Rootkit BETA 1.01.0.1022
Malwarebytes : Free anti-malware download

Database version: v2013.03.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alice :: ALICE-NOTEBOOK [administrator]

31.03.2013 23:14:10
mbar-log-2013-03-31 (23-14-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29945
Time elapsed: 16 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 38
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\wit4ie.WitBHO.2 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\wit4ie.WitBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\wit4ie.WitBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\wit4ie.WitBHO.2 (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\tdataprotocol.CTData.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\tdataprotocol.CTData (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\tdataprotocol.CTData (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\tdataprotocol.CTData.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\updatebho.TimerBHO.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\updatebho.TimerBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\updatebho.TimerBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\updatebho.TimerBHO.1 (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowserCompanion (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Delete on reboot.

Registry Values Detected: 6
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.

OK:

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

dann:

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

• Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Wähle Scanne Alle Benuzer
• Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
• Unter Extra Registrierung, wähle bitte Benutze SafeList
• Klicke nun auf Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Super, danke!

Hier die nächste Log-Datei:AdwCleaner Logfile:
--- --- ---


#1OTL Logfile:
--- --- ---

#2OTL EXTRAS Logfile:
--- --- ---

Fixen mit OTL

• Starte bitte die OTL.exe.
• Kopiere nun den Inhalt aus der Codebox in die Textbox.

• Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
• Schließe bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
  ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
  Kopiere nun den Inhalt hier in Deinen Thread

dann:

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

All processes killed
========== OTL ==========
C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofjgaoigbadejhhckgfebldkddojefh\1 folder moved successfully.
C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\cif0wmdi.default\extensions\510bc019e60e6@510bc019e6120.com\content folder moved successfully.
C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\cif0wmdi.default\extensions\510bc019e60e6@510bc019e6120.com folder moved successfully.
C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\cif0wmdi.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi moved successfully.
Folder C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\cif0wmdi.default\extensions\510bc019e60e6@510bc019e6120.com\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Alice\Desktop\cmd.bat deleted successfully.
C:\Users\Alice\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alice
->Temp folder emptied: 86426043 bytes
->Temporary Internet Files folder emptied: 359142479 bytes
->Java cache emptied: 2735332 bytes
->FireFox cache emptied: 434141878 bytes
->Flash cache emptied: 92250 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 509153902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51837 bytes
RecycleBin emptied: 837986 bytes

Total Files Cleaned = 1.328,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04022013_115230

Files\Folders moved on Reboot...
C:\Users\Alice\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Hier der Inhalt der JRT.txt:JRT Logfile:
--- --- ---

Sehr gut! :daumenhoc

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

danach:

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Ok:)
Hier die aswMBR.txt:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-02 13:24:11
-----------------------------
13:24:11.542 OS Version: Windows x64 6.1.7601 Service Pack 1
13:24:11.542 Number of processors: 4 586 0x2505
13:24:11.558 ComputerName: ALICE-NOTEBOOK UserName: Alice
13:24:12.228 Initialize success
13:26:25.965 AVAST engine defs: 13040200
13:26:37.565 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:26:37.565 Disk 0 Vendor: TOSHIBA_ GH10 Size: 476940MB BusType: 3
13:26:37.695 Disk 0 MBR read successfully
13:26:37.695 Disk 0 MBR scan
13:26:37.705 Disk 0 Windows 7 default MBR code
13:26:37.705 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
13:26:37.755 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238470 MB offset 821248
13:26:37.795 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238069 MB offset 489207808
13:26:37.985 Disk 0 scanning C:\Windows\system32\drivers
13:26:52.665 Service scanning
13:27:48.825 Modules scanning
13:27:48.845 Disk 0 trace - called modules:
13:27:48.945 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:27:48.955 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c9d060]
13:27:48.965 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a0d050]
13:27:49.755 AVAST engine scan C:\Windows
13:27:52.555 AVAST engine scan C:\Windows\system32
13:31:59.705 AVAST engine scan C:\Windows\system32\drivers
13:32:16.295 AVAST engine scan C:\Users\Alice
13:36:04.446 AVAST engine scan C:\ProgramData
13:37:57.537 Scan finished successfully
13:46:37.557 Disk 0 MBR has been saved successfully to "C:\Users\Alice\Desktop\MBR.dat"
13:46:37.617 The log file has been saved successfully to "C:\Users\Alice\Desktop\aswMBR.txt"

Hallo t'john,

muss ich beim Scan durch Eset Smartinstaller alle weiteren Programme geschlossen haben? Die torale Scan-Zeit umfasst nun fast 4h und der Status ist seit einer ganzen Weile bei 99%, ohne dass sich etwas - bis auf das Voranschreiten der verbrauchten Scan-Zeit - ändert.
Der PC war die ganze Zeit an, allerdings hat sich zwischendurch der Bildschirm gesperrt, weil ich nicht aktiv am Computer war.

Finally;)

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3c1f143468119947911c12ac65365800
# engine=13533
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-03 05:13:23
# local_time=2013-04-03 07:13:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 74643803 116595853 0 0
# scanned=133418
# found=3
# cleaned=0
# scan_time=41875
sh=6714335D543C7C99A9C764A1A0FCCC46BD26116D ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\_OTL\MovedFiles\04022013_115230\C_Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofjgaoigbadejhhckgfebldkddojefh\1\510bc019e603e7.42110463.js"
sh=D3A896FAEDC3AB83913A73769DBD690D162161CD ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\_OTL\MovedFiles\04022013_115230\C_Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\cif0wmdi.default\extensions\510bc019e60e6@510bc019e6120. com\content\bg.js"
sh=EC925ADE493F0E1DC99F505C2777B2F556C01A2C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="D:\ALICE-NOTEBOOK\Backup Set 2013-01-13 211727\Backup Files 2013-02-03 192227\Backup files 1.zip"

Und von Security Check kam im Textdokument nur das hier:

UNSUPPORTED OPERATING SYSTEM! ABORTED!

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

• Downloade dir bitte die neueste Java-Version von hier
• Speichere die .exe-Datei
• Schließe alle laufenden Programme. Speziell deinen Browser.
• Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 17 ) herunter laden.
• Wenn die Installation beendet wurde
  Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
• Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

• Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
• Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
• Klicke auf Dateien löschen....
• Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
• Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: http://tools.trojaner-board.de/plugincheck.html



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: http://tools.trojaner-board.de/plugincheck.html

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 19.0 ist aktuell

Flash (11,6,602,180) ist aktuell.

Java ist Installiert aber nicht aktiviert.

Adobe Reader 11,0,2,0 ist aktuell.



Zurück

Tools:

StartSeite
PluginCheck
Secunia Online Scan

Weiterführendes:

Java Updaten und Einstellen

Secunia Personal Software Inspector (PSI)

Family:

TR/Agent

SecurityCheck loeschen und neu runterladen bitte.

Hier das Textdokument von SecurityCheck:

Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.70.0.1100
Java 7 Update 17
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Mozilla Firefox (19.0.2)
Mozilla Thunderbird 12.0.1 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
TOSHIBA TOSHIBA Online Product Information TOPI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Gibt es noch Probleme mit dem Rechner?





Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

Das war's schon? Nein, alles in Ordnung:) Dann vielen Dank für die Hilfe!

Java Plug-In habe ich bereits deaktiviert. Wieder aktivieren?