Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bProtector for Windows searchplugins

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.07.2012, 09:52   #1
johofer
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



bProtector for Windows searcholugins

diese unterordner verbreiten sich auf meiner internen sowie externe festplatte.

scan mit Malwarebytes Anti-Malware habe ich durchgeführt!

bitte um eure hilfe

Alt 31.07.2012, 11:59   #2
t'john
/// Helfer-Team
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



Wo ist das Log?

1. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 31.07.2012, 12:03   #3
johofer
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Hannes :: HOFER_LAPTOP [Administrator]

Schutz: Aktiviert

31.07.2012 07:43:51
mbam-log-2012-07-31 (07-43-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 384628
Laufzeit: 1 Stunde(n), 43 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysldtray (Backdoor.Bot) -> Daten: C:\Windows\ld15.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Captcha7 (Spyware.OnlineGames) -> Daten: rundll "C:\Program Files\captcha.dll",captcha -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysfbtray (Worm.KoobFace) -> Daten: C:\Windows\freddy73.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Program Files\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Uninstall Information\ib_uninst_515\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hannes\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\010112010146116101.xxe (KoobFace.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\0101120101465155.xxe (KoobFace.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\bk23567.dat (KoobFace.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.07.2012 13:06:44 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Hannes\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1021,31 Mb Total Physical Memory | 204,37 Mb Available Physical Memory | 20,01% Memory free
2,37 Gb Paging File | 0,33 Gb Available in Paging File | 13,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,66 Gb Total Space | 13,26 Gb Free Space | 23,83% Space Free | Partition Type: NTFS
Drive E: | 54,66 Gb Total Space | 54,51 Gb Free Space | 99,73% Space Free | Partition Type: NTFS
Drive F: | 120,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: HOFER_LAPTOP | User Name: Hannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hannes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector)
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Corel\Graphics9\Programs\coreldrw.exe (Corel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll ()
MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\pdf.dll ()
MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()
MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()
MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()
MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\gcswf32.dll ()
MOD - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libglesv2.dll ()
MOD - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libegl.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\728d1e4141a6736eaa190c50c64b1c1b\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Programme\Winamp\winampa.exe ()
MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll ()
MOD - c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\ccme_base.dll ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\cryptocme2.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll ()
MOD - C:\Programme\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU ()
MOD - C:\Programme\TOSHIBA\ConfigFree\NotifyCFF.dll ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Corel\Graphics9\Programs\crlweb91.dll ()
MOD - C:\Windows\System32\shw32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (comHost) -- C:\Programme\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (s3017unic) -- C:\Windows\System32\drivers\s3017unic.sys (MCCI Corporation)
DRV - (s3017obex) -- C:\Windows\System32\drivers\s3017obex.sys (MCCI Corporation)
DRV - (s3017mgmt) -- C:\Windows\System32\drivers\s3017mgmt.sys (MCCI Corporation)
DRV - (s3017nd5) -- C:\Windows\System32\drivers\s3017nd5.sys (MCCI Corporation)
DRV - (s3017mdm) -- C:\Windows\System32\drivers\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mdfl) -- C:\Windows\System32\drivers\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017bus) -- C:\Windows\System32\drivers\s3017bus.sys (MCCI Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070628.003\IDSvix86.sys (Symantec Corporation)
DRV - (s116unic) -- C:\Windows\System32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\Windows\System32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) -- C:\Windows\System32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) -- C:\Windows\System32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\Windows\System32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\Windows\System32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\drivers\symfw.sys (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\drivers\symids.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\drivers\symdns.sys (Symantec Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (SE27bus) -- C:\Windows\System32\drivers\SE27bus.sys (MCCI)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes,bProtectorDefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{379378E5-2813-4E77-81D1-880619D81CB6}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension [2012.07.14 17:30:07 | 000,000,000 | ---D | M]
 
[2012.04.26 14:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Extensions
[2012.04.26 14:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.04.26 14:15:17 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Siemens SmartSync - ScheduleSync] C:\Programme\Mobile Phone Manager\SmartSync\ScheduleSync.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent File not found
O4 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DE0EA00-5B9B-45B2-8284-F64A6F30A8A5}: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45AF0DFF-A4DB-4ED7-B45A-AC87677CEF8B}: DhcpNameServer = 192.168.20.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\22463~1.83\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{15e5c95e-2107-11df-a9b2-00a0d16c74bb}\Shell\AutoRun\command - "" = RECYCLER\autorun.exe
O33 - MountPoints2\{15e5c95e-2107-11df-a9b2-00a0d16c74bb}\Shell\open\command - "" = RECYCLER\autorun.exe
O33 - MountPoints2\{3bc04713-b6a9-11dc-843e-00a0d16c74bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3bc04713-b6a9-11dc-843e-00a0d16c74bb}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3bc0472d-b6a9-11dc-843e-00a0d16c74bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3bc0472d-b6a9-11dc-843e-00a0d16c74bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8423d886-ec3c-11dd-9a8e-00a0d16c74bb}\Shell - "" = AutoRun
O33 - MountPoints2\{8423d886-ec3c-11dd-9a8e-00a0d16c74bb}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c276349d-b95b-11dc-b533-00a0d16c74bb}\Shell - "" = AutoRun
O33 - MountPoints2\{c276349d-b95b-11dc-b533-00a0d16c74bb}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c86227dd-128b-11dd-8f2e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c86227dd-128b-11dd-8f2e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{ce76eadd-1230-11dd-91e7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ce76eadd-1230-11dd-91e7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{ce76ec36-1230-11dd-91e7-00a0d16c74bb}\Shell - "" = AutoRun
O33 - MountPoints2\{ce76ec36-1230-11dd-91e7-00a0d16c74bb}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 10:25:45 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\bProtectorForWindows
[2012.07.31 10:03:40 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\searchplugins
[2012.07.31 10:01:02 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
[2012.07.31 07:48:24 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.07.31 07:48:24 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.07.31 07:48:24 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.07.31 07:48:24 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.07.31 07:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\searchplugins
[2012.07.31 07:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\bProtectorForWindows
[2012.07.31 07:38:35 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\Malwarebytes
[2012.07.31 07:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.31 07:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.31 07:38:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.31 07:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.20 14:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hannes\bProtectorForWindows
[2012.07.20 14:15:09 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\Umsätze 2012
[2012.07.14 17:36:26 | 000,000,000 | ---D | C] -- C:\Users\Hannes\.thumbnails
[2012.07.14 17:33:03 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\fontconfig
[2012.07.14 17:32:55 | 000,000,000 | ---D | C] -- C:\Users\Hannes\.gimp-2.8
[2012.07.14 17:32:54 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\gegl-0.2
[2012.07.14 17:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012.07.14 17:31:20 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\PerformerSoft
[2012.07.14 17:31:11 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2012.07.14 17:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Performer
[2012.07.14 17:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.07.14 17:30:33 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\Conduit
[2012.07.14 17:30:07 | 000,000,000 | ---D | C] -- C:\Users\Hannes\searchplugins
[2012.07.14 17:30:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2012.07.14 17:30:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2012.07.14 17:30:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\bProtectorForWindows
[2012.07.14 17:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows
[2012.07.14 16:39:33 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\Flaschen
[2012.07.13 10:21:18 | 002,742,264 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v15.2.1.0213.ocx
[2012.07.13 10:21:18 | 002,668,536 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.Calendar.v15.2.1.0213.ocx
[2012.07.13 10:21:18 | 001,931,256 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.Controls.v15.2.1.0213.ocx
[2012.07.13 10:21:18 | 000,894,968 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.TaskPanel.v15.2.1.0213.ocx
[2012.07.13 10:21:18 | 000,815,880 | ---- | C] (Bennet-Tec Information Systems, Inc.) -- C:\Windows\System32\MDraw30.ocx
[2012.07.13 10:21:18 | 000,579,576 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.v15.2.1.0213.ocx
[2012.07.13 10:21:18 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2012.07.13 10:21:17 | 000,292,864 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevEin20.ocx
[182 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.31 13:25:19 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
[2012.07.31 12:53:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 12:53:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 12:52:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.31 10:01:07 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
[2012.07.31 09:52:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.31 09:46:48 | 000,032,128 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\nvModes.001
[2012.07.31 09:43:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 09:42:54 | 1071,702,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 07:47:46 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.07.31 07:47:46 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.07.31 07:47:46 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.07.31 07:47:45 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.07.31 07:47:45 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.07.31 07:38:15 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 14:44:58 | 000,032,128 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\nvModes.dat
[2012.07.23 13:09:34 | 003,186,060 | ---- | M] () -- C:\Users\Hannes\Desktop\LBG - Kellerbuch_1943103.zip
[2012.07.20 10:47:09 | 000,000,104 | ---- | M] () -- C:\Users\Hannes\Desktop\Papierkorb.lnk
[2012.07.16 07:46:35 | 000,001,356 | ---- | M] () -- C:\Users\Hannes\AppData\Local\d3d9caps.dat
[2012.07.14 20:04:22 | 000,007,942 | ---- | M] () -- C:\Users\Hannes\AppData\Local\recently-used.xbel
[2012.07.14 17:43:15 | 000,000,061 | ---- | M] () -- C:\Users\Hannes\.gtk-bookmarks
[2012.07.14 17:30:46 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.13 09:29:01 | 000,202,912 | ---- | M] () -- C:\Users\Hannes\Desktop\44 Kleinhans.pdf
[2012.07.13 07:45:54 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.13 07:40:05 | 000,256,940 | ---- | M] () -- C:\Users\Hannes\Desktop\Foto.JPG
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[182 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.31 07:38:15 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 10:47:09 | 000,000,104 | ---- | C] () -- C:\Users\Hannes\Desktop\Papierkorb.lnk
[2012.07.14 20:04:22 | 000,007,942 | ---- | C] () -- C:\Users\Hannes\AppData\Local\recently-used.xbel
[2012.07.14 17:43:15 | 000,000,061 | ---- | C] () -- C:\Users\Hannes\.gtk-bookmarks
[2012.07.14 17:30:45 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.13 09:26:41 | 000,202,912 | ---- | C] () -- C:\Users\Hannes\Desktop\44 Kleinhans.pdf
[2012.07.13 07:39:55 | 000,256,940 | ---- | C] () -- C:\Users\Hannes\Desktop\Foto.JPG
[2011.02.02 09:21:06 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008.05.25 15:44:03 | 000,003,431 | ---- | C] () -- C:\Users\Hannes\vorgrubber.spl
[2008.05.15 12:59:32 | 000,246,940 | ---- | C] () -- C:\Users\Hannes\logo.zip
[2008.05.13 12:25:34 | 000,320,120 | ---- | C] () -- C:\Users\Hannes\Weinfest Programm Scan 13.05.pdf
[2008.05.13 12:09:08 | 016,437,516 | ---- | C] () -- C:\Users\Hannes\weinfest.cdr
[2008.05.04 16:30:13 | 000,000,418 | ---- | C] () -- C:\Users\Hannes\Dokumente - Verknüpfung.lnk
[2008.02.27 22:00:11 | 000,015,005 | ---- | C] () -- C:\Users\Hannes\exportAddressbook.csv
[2008.01.10 17:56:12 | 000,015,428 | ---- | C] () -- C:\Users\Hannes\RefEdit.exd
[2007.07.22 15:08:17 | 000,015,360 | ---- | C] () -- C:\Users\Hannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.26 08:30:34 | 000,107,266 | ---- | C] () -- C:\Users\Hannes\Gemeinschaftskodex Wein.pdf
[2007.04.26 08:30:33 | 000,236,959 | ---- | C] () -- C:\Users\Hannes\Emailadressen.WAB
[2007.04.26 08:30:33 | 000,229,951 | ---- | C] () -- C:\Users\Hannes\Emailadressen.WA~
[2007.04.26 07:52:54 | 000,006,656 | ---- | C] () -- C:\Users\Hannes\Kontakte Vista.csv
[2007.03.21 13:34:28 | 000,006,821 | ---- | C] () -- C:\Users\Hannes\kontakte von vista.csv
[2007.03.20 12:04:43 | 000,025,773 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\UserTile.png
[2007.03.15 17:32:15 | 000,032,128 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\nvModes.dat
[2007.03.15 17:32:15 | 000,032,128 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\nvModes.001
[2007.03.15 14:04:57 | 000,001,356 | ---- | C] () -- C:\Users\Hannes\AppData\Local\d3d9caps.dat
[2002.07.10 17:09:23 | 000,000,184 | ---- | C] () -- C:\Users\Hannes\hpsfx.ini
 
========== LOP Check ==========
 
[2009.07.31 13:54:26 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Teleca
[2009.01.16 00:38:01 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\FarmingSimulator2008
[2007.03.15 14:13:48 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\ICQLite
[2010.05.12 11:46:06 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\InterTrust
[2007.07.22 15:04:51 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\InterVideo
[2012.07.13 10:21:19 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\LBG - Kellerbuch
[2010.11.15 19:33:22 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\MAPILab Ltd
[2010.12.15 17:32:23 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\mresreg
[2011.10.12 09:46:21 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Nokia
[2010.11.30 23:12:20 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PC Suite
[2007.03.20 12:04:43 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PeerNetworking
[2012.07.14 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PerformerSoft
[2011.05.03 11:35:49 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Teleca
[2012.04.26 14:16:03 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\TomTom
[2007.03.20 14:00:33 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Toshiba
[2012.02.16 10:25:53 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\UDC Profiles
[2008.04.22 22:04:10 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Uninstall
[2007.03.16 19:52:51 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\XCPCSync.OEM
[2012.05.30 17:41:11 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\XnView
[2012.07.31 09:41:22 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.31 13:25:19 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:24051EFF

< End of report >
         
--- --- ---
__________________

Alt 31.07.2012, 13:27   #4
t'john
/// Helfer-Team
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
MOD - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll () 
SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector) 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found 
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975 
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227975 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227975 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes,bProtectorDefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{379378E5-2813-4E77-81D1-880619D81CB6}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1 
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension [2012.07.14 17:30:07 | 000,000,000 | ---D | M] 
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll 
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) 
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) 
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) 
O3 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) 
O3 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () 
O3 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) 
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found 
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () 
O4 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent File not found 
O4 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O7 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found 
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found 
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?http://www.ebay.de/ File not found 
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\22463~1.83\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll () 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{15e5c95e-2107-11df-a9b2-00a0d16c74bb}\Shell\AutoRun\command - "" = RECYCLER\autorun.exe 
O33 - MountPoints2\{15e5c95e-2107-11df-a9b2-00a0d16c74bb}\Shell\open\command - "" = RECYCLER\autorun.exe 
O33 - MountPoints2\{3bc04713-b6a9-11dc-843e-00a0d16c74bb}\Shell - "" = AutoRun 
O33 - MountPoints2\{3bc04713-b6a9-11dc-843e-00a0d16c74bb}\Shell\AutoRun\command - "" = D:\AutoRun.exe 
O33 - MountPoints2\{3bc0472d-b6a9-11dc-843e-00a0d16c74bb}\Shell - "" = AutoRun 
O33 - MountPoints2\{3bc0472d-b6a9-11dc-843e-00a0d16c74bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{8423d886-ec3c-11dd-9a8e-00a0d16c74bb}\Shell - "" = AutoRun 
O33 - MountPoints2\{8423d886-ec3c-11dd-9a8e-00a0d16c74bb}\Shell\AutoRun\command - "" = D:\AutoRun.exe 
O33 - MountPoints2\{c276349d-b95b-11dc-b533-00a0d16c74bb}\Shell - "" = AutoRun 
O33 - MountPoints2\{c276349d-b95b-11dc-b533-00a0d16c74bb}\Shell\AutoRun\command - "" = D:\AutoRun.exe 
O33 - MountPoints2\{c86227dd-128b-11dd-8f2e-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{c86227dd-128b-11dd-8f2e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe 
O33 - MountPoints2\{ce76eadd-1230-11dd-91e7-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{ce76eadd-1230-11dd-91e7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe 
O33 - MountPoints2\{ce76ec36-1230-11dd-91e7-00a0d16c74bb}\Shell - "" = AutoRun 
O33 - MountPoints2\{ce76ec36-1230-11dd-91e7-00a0d16c74bb}\Shell\AutoRun\command - "" = D:\AutoRun.exe 
O33 - MountPoints2\F\Shell - "" = AutoRun 
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe 

[2012.07.14 17:31:11 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe 
[2012.07.14 17:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows 
[182 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] 
[2012.07.31 09:46:48 | 000,032,128 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\nvModes.001 
[2012.07.30 14:44:58 | 000,032,128 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\nvModes.dat 
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:24051EFF 
[2012.07.31 10:25:45 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\bProtectorForWindows 
[2012.07.31 10:03:40 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\searchplugins 
[2012.07.31 07:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\searchplugins 
[2012.07.31 07:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\bProtectorForWindows 
[2012.07.20 14:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hannes\bProtectorForWindows 
[2012.07.14 17:31:20 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\PerformerSoft 
[2012.07.14 17:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Performer 
[2012.07.14 17:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit 
[2012.07.14 17:30:33 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\Conduit 
[2012.07.14 17:30:07 | 000,000,000 | ---D | C] -- C:\Users\Hannes\searchplugins 
[2012.07.14 17:30:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions 
[2012.07.14 17:30:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins 
[2012.07.14 17:30:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\bProtectorForWindows 
[2012.07.14 17:30:46 | 000,000,009 | ---- | M] () -- C:\END 
[2012.07.31 13:25:19 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job 
[2012.07.31 12:52:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.31 12:53:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 
[2012.07.31 12:53:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 
[2012.07.31 09:52:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 14:17   #5
johofer
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



All processes killed
========== OTL ==========
Service bProtector stopped successfully!
Service bProtector deleted successfully!
File move failed. C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe scheduled to be moved on reboot.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ deleted successfully.
C:\Programme\Winamp Toolbar\winamptb.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ not found.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{379378E5-2813-4E77-81D1-880619D81CB6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379378E5-2813-4E77-81D1-880619D81CB6}\ not found.
Registry key HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension not found.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90222687-F593-4738-B738-FBEE9C7B26DF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90222687-F593-4738-B738-FBEE9C7B26DF}\ deleted successfully.
C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
c:\Programme\Google\GoogleToolbar1.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
C:\Programme\Winamp\winampa.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TOSCDSPD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C08CAF1D-C0A3-40D5-9970-06D067EAC017}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C08CAF1D-C0A3-40D5-9970-06D067EAC017}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\bprote~1\22463~1.83\protec~1.dll deleted successfully.
File move failed. c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15e5c95e-2107-11df-a9b2-00a0d16c74bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15e5c95e-2107-11df-a9b2-00a0d16c74bb}\ not found.
File C:\RECYCLER\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15e5c95e-2107-11df-a9b2-00a0d16c74bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15e5c95e-2107-11df-a9b2-00a0d16c74bb}\ not found.
File C:\RECYCLER\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bc04713-b6a9-11dc-843e-00a0d16c74bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bc04713-b6a9-11dc-843e-00a0d16c74bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bc04713-b6a9-11dc-843e-00a0d16c74bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bc04713-b6a9-11dc-843e-00a0d16c74bb}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bc0472d-b6a9-11dc-843e-00a0d16c74bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bc0472d-b6a9-11dc-843e-00a0d16c74bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bc0472d-b6a9-11dc-843e-00a0d16c74bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bc0472d-b6a9-11dc-843e-00a0d16c74bb}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8423d886-ec3c-11dd-9a8e-00a0d16c74bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8423d886-ec3c-11dd-9a8e-00a0d16c74bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8423d886-ec3c-11dd-9a8e-00a0d16c74bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8423d886-ec3c-11dd-9a8e-00a0d16c74bb}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c276349d-b95b-11dc-b533-00a0d16c74bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c276349d-b95b-11dc-b533-00a0d16c74bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c276349d-b95b-11dc-b533-00a0d16c74bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c276349d-b95b-11dc-b533-00a0d16c74bb}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c86227dd-128b-11dd-8f2e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c86227dd-128b-11dd-8f2e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c86227dd-128b-11dd-8f2e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c86227dd-128b-11dd-8f2e-806e6f6e6963}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce76eadd-1230-11dd-91e7-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce76eadd-1230-11dd-91e7-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce76eadd-1230-11dd-91e7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce76eadd-1230-11dd-91e7-806e6f6e6963}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce76ec36-1230-11dd-91e7-00a0d16c74bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce76ec36-1230-11dd-91e7-00a0d16c74bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce76ec36-1230-11dd-91e7-00a0d16c74bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce76ec36-1230-11dd-91e7-00a0d16c74bb}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\setup.exe not found.
C:\Windows\System32\roboot.exe moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\traking_settings folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension\searchplugins folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension\content folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension\components folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.2.463.83\crashReports folder moved successfully.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.463.83 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot.
C:\Windows\System32\zch1095.tmp deleted successfully.
C:\Windows\System32\zch10E.tmp deleted successfully.
C:\Windows\System32\zch1129.tmp deleted successfully.
C:\Windows\System32\zch127.tmp deleted successfully.
C:\Windows\System32\zch144E.tmp deleted successfully.
C:\Windows\System32\zch14D.tmp deleted successfully.
C:\Windows\System32\zch14FC.tmp deleted successfully.
C:\Windows\System32\zch153E.tmp deleted successfully.
C:\Windows\System32\zch1560.tmp deleted successfully.
C:\Windows\System32\zch1600.tmp deleted successfully.
C:\Windows\System32\zch1630.tmp deleted successfully.
C:\Windows\System32\zch17C9.tmp deleted successfully.
C:\Windows\System32\zch19AB.tmp deleted successfully.
C:\Windows\System32\zch1A5C.tmp deleted successfully.
C:\Windows\System32\zch1C61.tmp deleted successfully.
C:\Windows\System32\zch1D10.tmp deleted successfully.
C:\Windows\System32\zch1EAA.tmp deleted successfully.
C:\Windows\System32\zch1ECA.tmp deleted successfully.
C:\Windows\System32\zch2386.tmp deleted successfully.
C:\Windows\System32\zch2609.tmp deleted successfully.
C:\Windows\System32\zch2CEF.tmp deleted successfully.
C:\Windows\System32\zch2D2.tmp deleted successfully.
C:\Windows\System32\zch2F4.tmp deleted successfully.
C:\Windows\System32\zch31DD.tmp deleted successfully.
C:\Windows\System32\zch324C.tmp deleted successfully.
C:\Windows\System32\zch391.tmp deleted successfully.
C:\Windows\System32\zch3A64.tmp deleted successfully.
C:\Windows\System32\zch3E4B.tmp deleted successfully.
C:\Windows\System32\zch433.tmp deleted successfully.
C:\Windows\System32\zch445C.tmp deleted successfully.
C:\Windows\System32\zch452A.tmp deleted successfully.
C:\Windows\System32\zch45EB.tmp deleted successfully.
C:\Windows\System32\zch474A.tmp deleted successfully.
C:\Windows\System32\zch47BA.tmp deleted successfully.
C:\Windows\System32\zch47DD.tmp deleted successfully.
C:\Windows\System32\zch489A.tmp deleted successfully.
C:\Windows\System32\zch492.tmp deleted successfully.
C:\Windows\System32\zch4A1.tmp deleted successfully.
C:\Windows\System32\zch4D69.tmp deleted successfully.
C:\Windows\System32\zch4E8C.tmp deleted successfully.
C:\Windows\System32\zch500.tmp deleted successfully.
C:\Windows\System32\zch5092.tmp deleted successfully.
C:\Windows\System32\zch51AE.tmp deleted successfully.
C:\Windows\System32\zch51EF.tmp deleted successfully.
C:\Windows\System32\zch5280.tmp deleted successfully.
C:\Windows\System32\zch5472.tmp deleted successfully.
C:\Windows\System32\zch55EC.tmp deleted successfully.
C:\Windows\System32\zch5777.tmp deleted successfully.
C:\Windows\System32\zch5A79.tmp deleted successfully.
C:\Windows\System32\zch5A8C.tmp deleted successfully.
C:\Windows\System32\zch5A9B.tmp deleted successfully.
C:\Windows\System32\zch5ADA.tmp deleted successfully.
C:\Windows\System32\zch5B4C.tmp deleted successfully.
C:\Windows\System32\zch5B69.tmp deleted successfully.
C:\Windows\System32\zch5B8B.tmp deleted successfully.
C:\Windows\System32\zch5BAD.tmp deleted successfully.
C:\Windows\System32\zch5BC.tmp deleted successfully.
C:\Windows\System32\zch5CEF.tmp deleted successfully.
C:\Windows\System32\zch5D29.tmp deleted successfully.
C:\Windows\System32\zch5D50.tmp deleted successfully.
C:\Windows\System32\zch5D5E.tmp deleted successfully.
C:\Windows\System32\zch5D91.tmp deleted successfully.
C:\Windows\System32\zch5F56.tmp deleted successfully.
C:\Windows\System32\zch5FC8.tmp deleted successfully.
C:\Windows\System32\zch60D.tmp deleted successfully.
C:\Windows\System32\zch6582.tmp deleted successfully.
C:\Windows\System32\zch65A.tmp deleted successfully.
C:\Windows\System32\zch65D3.tmp deleted successfully.
C:\Windows\System32\zch6605.tmp deleted successfully.
C:\Windows\System32\zch6627.tmp deleted successfully.
C:\Windows\System32\zch6726.tmp deleted successfully.
C:\Windows\System32\zch67F4.tmp deleted successfully.
C:\Windows\System32\zch6893.tmp deleted successfully.
C:\Windows\System32\zch6AC9.tmp deleted successfully.
C:\Windows\System32\zch6C04.tmp deleted successfully.
C:\Windows\System32\zch6F31.tmp deleted successfully.
C:\Windows\System32\zch6F70.tmp deleted successfully.
C:\Windows\System32\zch709.tmp deleted successfully.
C:\Windows\System32\zch70E.tmp deleted successfully.
C:\Windows\System32\zch73D3.tmp deleted successfully.
C:\Windows\System32\zch74D.tmp deleted successfully.
C:\Windows\System32\zch74D1.tmp deleted successfully.
C:\Windows\System32\zch780F.tmp deleted successfully.
C:\Windows\System32\zch79D6.tmp deleted successfully.
C:\Windows\System32\zch7A65.tmp deleted successfully.
C:\Windows\System32\zch7C7D.tmp deleted successfully.
C:\Windows\System32\zch844.tmp deleted successfully.
C:\Windows\System32\zch85E.tmp deleted successfully.
C:\Windows\System32\zch875.tmp deleted successfully.
C:\Windows\System32\zch87B9.tmp deleted successfully.
C:\Windows\System32\zch8874.tmp deleted successfully.
C:\Windows\System32\zch8E.tmp deleted successfully.
C:\Windows\System32\zch90B9.tmp deleted successfully.
C:\Windows\System32\zch91A6.tmp deleted successfully.
C:\Windows\System32\zch940F.tmp deleted successfully.
C:\Windows\System32\zch9410.tmp deleted successfully.
C:\Windows\System32\zch9543.tmp deleted successfully.
C:\Windows\System32\zch960.tmp deleted successfully.
C:\Windows\System32\zch985.tmp deleted successfully.
C:\Windows\System32\zch9A98.tmp deleted successfully.
C:\Windows\System32\zch9D2E.tmp deleted successfully.
C:\Windows\System32\zch9F13.tmp deleted successfully.
C:\Windows\System32\zchA2DB.tmp deleted successfully.
C:\Windows\System32\zchA2EB.tmp deleted successfully.
C:\Windows\System32\zchA31D.tmp deleted successfully.
C:\Windows\System32\zchA598.tmp deleted successfully.
C:\Windows\System32\zchA5B.tmp deleted successfully.
C:\Windows\System32\zchA72C.tmp deleted successfully.
C:\Windows\System32\zchA749.tmp deleted successfully.
C:\Windows\System32\zchA97E.tmp deleted successfully.
C:\Windows\System32\zchAA1D.tmp deleted successfully.
C:\Windows\System32\zchB21D.tmp deleted successfully.
C:\Windows\System32\zchB34A.tmp deleted successfully.
C:\Windows\System32\zchB399.tmp deleted successfully.
C:\Windows\System32\zchB3C1.tmp deleted successfully.
C:\Windows\System32\zchB421.tmp deleted successfully.
C:\Windows\System32\zchB5AC.tmp deleted successfully.
C:\Windows\System32\zchB68D.tmp deleted successfully.
C:\Windows\System32\zchBA0A.tmp deleted successfully.
C:\Windows\System32\zchBA59.tmp deleted successfully.
C:\Windows\System32\zchBAE3.tmp deleted successfully.
C:\Windows\System32\zchBBC2.tmp deleted successfully.
C:\Windows\System32\zchBC03.tmp deleted successfully.
C:\Windows\System32\zchBD40.tmp deleted successfully.
C:\Windows\System32\zchBD82.tmp deleted successfully.
C:\Windows\System32\zchBDC1.tmp deleted successfully.
C:\Windows\System32\zchBDF1.tmp deleted successfully.
C:\Windows\System32\zchBFD6.tmp deleted successfully.
C:\Windows\System32\zchC0E2.tmp deleted successfully.
C:\Windows\System32\zchC161.tmp deleted successfully.
C:\Windows\System32\zchC16F.tmp deleted successfully.
C:\Windows\System32\zchC1C2.tmp deleted successfully.
C:\Windows\System32\zchC1F4.tmp deleted successfully.
C:\Windows\System32\zchC275.tmp deleted successfully.
C:\Windows\System32\zchC27B.tmp deleted successfully.
C:\Windows\System32\zchC2E3.tmp deleted successfully.
C:\Windows\System32\zchC508.tmp deleted successfully.
C:\Windows\System32\zchC57C.tmp deleted successfully.
C:\Windows\System32\zchC692.tmp deleted successfully.
C:\Windows\System32\zchCABE.tmp deleted successfully.
C:\Windows\System32\zchCC35.tmp deleted successfully.
C:\Windows\System32\zchCC52.tmp deleted successfully.
C:\Windows\System32\zchCE16.tmp deleted successfully.
C:\Windows\System32\zchCF5E.tmp deleted successfully.
C:\Windows\System32\zchD02C.tmp deleted successfully.
C:\Windows\System32\zchD05E.tmp deleted successfully.
C:\Windows\System32\zchD0AA.tmp deleted successfully.
C:\Windows\System32\zchD0CA.tmp deleted successfully.
C:\Windows\System32\zchD255.tmp deleted successfully.
C:\Windows\System32\zchD2E1.tmp deleted successfully.
C:\Windows\System32\zchD646.tmp deleted successfully.
C:\Windows\System32\zchD9CF.tmp deleted successfully.
C:\Windows\System32\zchDA96.tmp deleted successfully.
C:\Windows\System32\zchDA9C.tmp deleted successfully.
C:\Windows\System32\zchDB82.tmp deleted successfully.
C:\Windows\System32\zchDBBA.tmp deleted successfully.
C:\Windows\System32\zchDBF0.tmp deleted successfully.
C:\Windows\System32\zchDC01.tmp deleted successfully.
C:\Windows\System32\zchDF7E.tmp deleted successfully.
C:\Windows\System32\zchE154.tmp deleted successfully.
C:\Windows\System32\zchE6B3.tmp deleted successfully.
C:\Windows\System32\zchE762.tmp deleted successfully.
C:\Windows\System32\zchEB7C.tmp deleted successfully.
C:\Windows\System32\zchEB96.tmp deleted successfully.
C:\Windows\System32\zchEBE7.tmp deleted successfully.
C:\Windows\System32\zchEE1D.tmp deleted successfully.
C:\Windows\System32\zchEF66.tmp deleted successfully.
C:\Windows\System32\zchEFA0.tmp deleted successfully.
C:\Windows\System32\zchF0E9.tmp deleted successfully.
C:\Windows\System32\zchF3D9.tmp deleted successfully.
C:\Windows\System32\zchF855.tmp deleted successfully.
C:\Windows\System32\zchF8A4.tmp deleted successfully.
C:\Windows\System32\zchF8F0.tmp deleted successfully.
C:\Windows\System32\zchF9BE.tmp deleted successfully.
C:\Windows\System32\zchF9C6.tmp deleted successfully.
C:\Windows\System32\zchFB.tmp deleted successfully.
C:\Windows\System32\zchFBF0.tmp deleted successfully.
C:\Windows\System32\zchFD1B.tmp deleted successfully.
C:\Windows\System32\zchFD31.tmp deleted successfully.
C:\Windows\System32\zchFD4D.tmp deleted successfully.
C:\Windows\System32\zchFE1D.tmp deleted successfully.
C:\Windows\System32\zchFEF1.tmp deleted successfully.
C:\Users\Hannes\AppData\Roaming\nvModes.001 moved successfully.
C:\Users\Hannes\AppData\Roaming\nvModes.dat moved successfully.
ADS C:\ProgramData\TEMP:24051EFF deleted successfully.
C:\Users\Hannes\Desktop\bProtectorForWindows\2.2.463.83 folder moved successfully.
C:\Users\Hannes\Desktop\bProtectorForWindows folder moved successfully.
C:\Users\Hannes\Desktop\searchplugins folder moved successfully.
C:\Program Files\Common Files\searchplugins folder moved successfully.
C:\Program Files\Common Files\bProtectorForWindows\2.2.463.83 folder moved successfully.
C:\Program Files\Common Files\bProtectorForWindows folder moved successfully.
C:\Users\Hannes\bProtectorForWindows\2.2.463.83 folder moved successfully.
C:\Users\Hannes\bProtectorForWindows folder moved successfully.
C:\Users\Hannes\AppData\Roaming\PerformerSoft folder moved successfully.
C:\Program Files\PC Performer\searchplugins folder moved successfully.
C:\Program Files\PC Performer\bProtectorForWindows\2.2.463.83 folder moved successfully.
C:\Program Files\PC Performer\bProtectorForWindows folder moved successfully.
C:\Program Files\PC Performer folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Users\Hannes\AppData\Local\Conduit folder moved successfully.
C:\Users\Hannes\searchplugins folder moved successfully.
C:\Windows\System32\Extensions folder moved successfully.
C:\Windows\System32\searchplugins folder moved successfully.
C:\Windows\System32\bProtectorForWindows\2.2.463.83 folder moved successfully.
C:\Windows\System32\bProtectorForWindows folder moved successfully.
C:\END moved successfully.
C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Hannes\Desktop\cmd.bat deleted successfully.
C:\Users\Hannes\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christina
->Temp folder emptied: 161370 bytes
->Temporary Internet Files folder emptied: 455626 bytes
->Java cache emptied: 25544425 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hannes
->Temp folder emptied: 101410550 bytes
->Temporary Internet Files folder emptied: 249140506 bytes
->Java cache emptied: 270845547 bytes
->Google Chrome cache emptied: 242289088 bytes
->Flash cache emptied: 2061938 bytes

User: Neuer Ordner

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81162047 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 928,00 mb


[EMPTYFLASH]

User: All Users

User: Christina

User: Default

User: Default User

User: Hannes
->Flash cache emptied: 0 bytes

User: Neuer Ordner

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07312012_143431

Files\Folders moved on Reboot...
C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe moved successfully.
File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
File move failed. c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll scheduled to be moved on reboot.
C:\ProgramData\bProtectorForWindows\2.2.463.83\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.463.83 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.463.83 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe not found!
[2006.10.22 23:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll : MD5=C11F6A1F61481E24BE3FDC06EA6F7D2A
[2012.07.14 17:30:01 | 002,008,096 | ---- | M] () c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll : Unable to obtain MD5
File C:\ProgramData\bProtectorForWindows\2.2.463.83 not found!
File C:\ProgramData\bProtectorForWindows not found!
[2012.07.31 14:57:43 | 000,003,168 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5
[2012.07.31 14:57:42 | 000,003,168 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5

Registry entries deleted on Reboot...


Alt 31.07.2012, 14:30   #6
t'john
/// Helfer-Team
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



Sehr gut!


1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> bProtector for Windows searchplugins

Alt 01.08.2012, 06:46   #7
johofer
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



Hier der log!

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.09

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Hannes :: HOFER_LAPTOP [Administrator]

Schutz: Aktiviert

31.07.2012 17:02:35
mbam-log-2012-07-31 (17-02-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354578
Laufzeit: 1 Stunde(n), 38 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

# AdwCleaner v1.703 - Logfile created 08/01/2012 at 07:49:03
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Hannes - HOFER_LAPTOP
# Running from : C:\Users\Hannes\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Hannes\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Hannes\AppData\LocalLow\Conduit
Folder Found : C:\Users\Hannes\AppData\LocalLow\PriceGong
Folder Found : C:\ProgramData\IBUpdaterService
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Winamp Toolbar

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1460988[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227975
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\bProtector
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKCU\Software\pdfforge.org
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\SOFTWARE\pdfforge.org
Key Found : HKLM\SOFTWARE\Winamp Toolbar

Alt 01.08.2012, 12:47   #8
t'john
/// Helfer-Team
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.08.2012, 13:54   #9
johofer
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



Ist beim Neustart eine Produktkey Anfrage normal?
Hier das Log:

# AdwCleaner v1.703 - Logfile created 08/01/2012 at 13:52:09
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Hannes - HOFER_LAPTOP
# Running from : C:\Users\Hannes\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Hannes\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\Hannes\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Hannes\AppData\LocalLow\PriceGong
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Winamp Toolbar

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1460988[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227975
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\bProtector
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\pdfforge.org
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\pdfforge.org
Key Deleted : HKLM\SOFTWARE\Winamp Toolbar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://toolbar.aol.com/browserpages/newtab-winamp-ie-en-us.html --> hxxp://www.google.com

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5247 octets] - [01/08/2012 07:49:03]
AdwCleaner[R2].txt - [5307 octets] - [01/08/2012 07:49:58]
AdwCleaner[S1].txt - [5355 octets] - [01/08/2012 13:52:09]

########## EOF - C:\AdwCleaner[S1].txt - [5483 octets] ##########

Alt 01.08.2012, 14:44   #10
t'john
/// Helfer-Team
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



Emsisoft Log?
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.08.2012, 14:52   #11
johofer
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



kann emisoft nicht installieren. er schreibt mir immer für den betrieb auf vista ist das service pack 2 notwendig. gibt es eine alternative oder service pack installieren?
danke

Alt 01.08.2012, 15:08   #12
t'john
/// Helfer-Team
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



Warum ist es nicht laengst installiert?

Alle Updates inkl. SP 2 einspielen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.08.2012, 21:24   #13
johofer
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



Emsisoft Anti-Malware - Version 6.6
Letztes Update: 02.08.2012 14:27:11

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, E:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 02.08.2012 14:27:50


Gescannt 589853
Gefunden 0

Scan Ende: 02.08.2012 16:59:04
Scan Zeit: 2:31:14

Alt 03.08.2012, 13:11   #14
t'john
/// Helfer-Team
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.08.2012, 15:37   #15
johofer
 
bProtector for Windows searchplugins - Standard

bProtector for Windows searchplugins



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=85a108fca9d0e045abb6db0df926c3c6
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-03 11:26:52
# local_time=2012-08-04 01:26:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 144551967 144551967 0 0
# compatibility_mode=1797 16775165 100 100 292774 119516465 24988 0
# compatibility_mode=5892 16776573 100 100 5004 181537486 0 0
# compatibility_mode=8192 67108863 100 0 100 100 0 0
# scanned=51168
# found=0
# cleaned=0
# scan_time=31653
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=85a108fca9d0e045abb6db0df926c3c6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-04 02:33:01
# local_time=2012-08-04 04:33:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 144631016 144631016 0 0
# compatibility_mode=1797 16775165 100 100 18379 119595514 17132 0
# compatibility_mode=5892 16776573 100 100 50968 181616535 0 0
# compatibility_mode=8192 67108863 100 0 79149 79149 0 0
# scanned=51292
# found=0
# cleaned=0
# scan_time=6974

Antwort

Themen zu bProtector for Windows searchplugins
anti-malware, bprotector, bprotector for windows, durchgeführt, externe, inter, interne, internen, malwarebytes, malwarebytes anti-malware, searchplugins, windows



Ähnliche Themen: bProtector for Windows searchplugins


  1. Avira Fund TR/BProtector Windows 7
    Plagegeister aller Art und deren Bekämpfung - 21.08.2014 (4)
  2. TR/BProtector.Gen auf Windows 7
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (21)
  3. TR/BProtector.Gen mehrfach auf Windows /
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (7)
  4. BProtector auf Windows 7 - mal wieder...
    Log-Analyse und Auswertung - 03.04.2014 (10)
  5. Windows 7: TR/BProtector.Gen gefunden
    Log-Analyse und Auswertung - 02.04.2014 (10)
  6. Windows 8: TR/Bprotector.Gen2 in rundll32.exe
    Log-Analyse und Auswertung - 02.04.2014 (7)
  7. Windows 7 TR/BProtector.Gen
    Log-Analyse und Auswertung - 02.04.2014 (9)
  8. Windows 7: TR/BProtector.Gen
    Log-Analyse und Auswertung - 30.03.2014 (5)
  9. Win7 x64 | Bitguard-Trojaner? - BProtector.F , BProtector.E , BHO.Bprotector.1.4
    Log-Analyse und Auswertung - 15.12.2013 (11)
  10. Windows 7 - ADWARE/BPROTECTOR.E
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (7)
  11. bProtector for Windows & Claro search
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (17)
  12. bProtector for Windows
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (11)
  13. bProtector for Windows
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (13)
  14. bProtector for windows in C:\ProgrammData\
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (5)
  15. bProtector for Windows und Searchplugins
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (4)
  16. bProtector for Windows Virus
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (24)
  17. (2x) bProtector for Windows Virus
    Mülltonne - 28.07.2012 (1)

Zum Thema bProtector for Windows searchplugins - bProtector for Windows searcholugins diese unterordner verbreiten sich auf meiner internen sowie externe festplatte. scan mit Malwarebytes Anti-Malware habe ich durchgeführt! bitte um eure hilfe - bProtector for Windows searchplugins...
Archiv
Du betrachtest: bProtector for Windows searchplugins auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.