Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bprotector for Windows gefunden...Wie richtig entfernen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.03.2013, 09:57   #1
MysteriusGen
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Hallo liebes Trojaner-Board Team.
Ich habe heute von einer bekannten einen Laptop bekommen um mal zu schauen was da los ist.
Der Laptop ist sehr langsam und nach ein wenig suchen habe ich dann gesehen das sich ein programm installiert hat namens bProtector for Windows.
Nach ein wenig googeln hab ich herausgefunden das es schadsoftware ist.
Habe auch hier im Board schon gelesen das man es entfernen kann, nur leider braucht es ein wenig arbeit und tools. Kann mir denn jemand helfen dabei?
Ich habe mir AdeCleaner geholt aber noch nicht ausgeführt da ich gerne auf eine Antwort hier im Board warte was ich denn wie genau machen soll.
Ich hoffe auf eure Hilfe.Danke schon mal im Voraus.
Mit freundlichen Grüßen
MysteriusGen

Alt 11.03.2013, 10:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 11.03.2013, 13:23   #3
MysteriusGen
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Erst mal vielen dank für die schnelle Hilfe.
Ich kann leider erst Morgen den Laptop weiter überprüfen.
Aber sobald ich otl durchhabe und die logs werde ich das sofort hier posten.
Nochmal danke bis Morgen...
__________________

Alt 11.03.2013, 13:29   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.03.2013, 07:36   #5
MysteriusGen
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Hier die beiden Logs:

<script type="text/javascript">
<!--
alert("OTL Logfile:

Code:
ATTFilter
OTL logfile created on: 12.03.2013 08:23:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stina\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,92 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 73,43% Memory free
5,83 Gb Paging File | 4,82 Gb Available in Paging File | 82,65% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,85 Gb Total Space | 20,38 Gb Free Space | 37,84% Space Free | Partition Type: NTFS
Drive D: | 644,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 3,73 Gb Total Space | 3,23 Gb Free Space | 86,76% Space Free | Partition Type: FAT32
Drive G: | 238,28 Gb Total Space | 212,52 Gb Free Space | 89,19% Space Free | Partition Type: NTFS
Drive Z: | 5,86 Gb Total Space | 5,80 Gb Free Space | 99,03% Space Free | Partition Type: NTFS
 
Computer Name: STINA-PC | User Name: Stina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\Ask.com\AbineSDK\IE\DNTPService.exe (Abine Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Ask.com\AbineSDK\IE\DNTPButton.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll ()
MOD - C:\Programme\System\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (FPSensor) -- C:\Windows\System32\drivers\FPSensor.sys (Egis Technology Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (RSUSBVSTOR) -- C:\Windows\System32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV - (LHDmgr) -- C:\Windows\System32\drivers\LhdX86.sys (Lenovo.)
DRV - (VSPerfDrv100) -- G:\Programme\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0DzzyC0C0A0C0DyCtDyEtN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1225978215
IE - HKLM\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0DzzyC0C0A0C0DyCtDyEtN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1225978215
IE - HKLM\..\SearchScopes\{13CFF033-710C-B657-0D85-7AF4F2081FC3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 6C C3 8A 35 BE CD 01  [binary data]
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0DzzyC0C0A0C0DyCtDyEtN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1225978215
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes\{13CFF033-710C-B657-0D85-7AF4F2081FC3}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=4512_2&babsrc=SP_clro&mntrId=5e41d6040000000000009cb70d46afb7
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes\{396629D1-3698-4F0C-A751-084FAAD550CA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=01700707-15fe-4467-a394-df2b49472b27&apn_sauid=16B8A508-D497-4BD7-BA0E-DFC711B3E201
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes\{6BB12CE0-99F2-4E1B-90B1-EE8B434BE9B9}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.18.37268
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.11 08:39:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.11 08:39:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.11.19 19:34:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stina\AppData\Roaming\mozilla\Extensions
[2013.02.12 17:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stina\AppData\Roaming\mozilla\Firefox\Profiles\jqm8jeti.default\Extensions
[2013.03.10 20:17:44 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Stina\AppData\Roaming\mozilla\Firefox\Profiles\jqm8jeti.default\Extensions\toolbar@ask.com
[2013.02.19 19:07:05 | 000,002,413 | ---- | M] () -- C:\Users\Stina\AppData\Roaming\mozilla\firefox\profiles\jqm8jeti.default\searchplugins\askcom.xml
[2012.11.19 19:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.11 08:39:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.11 08:39:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.11 08:39:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.11 08:39:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.11 08:39:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.11 08:39:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.11 08:39:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.13.0\
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0\
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\5.1_0\
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - G:\Programme\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\Toolbar\WebBrowser: (WiseConvert 1.3 Toolbar) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23F3FB21-7B03-4D95-910C-ECF47CF5EA4E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B563B082-C935-4864-AF7F-B87E36D541F6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999.10.01 13:47:28 | 000,024,064 | R--- | M] (D) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2002.08.27 21:37:48 | 000,000,052 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2005.02.19 03:37:44 | 000,000,171 | R--- | M] () - D:\AUTORUN.INI -- [ CDFS ]
O33 - MountPoints2\{4d81e83f-1912-11e2-8a56-b579936d9be9}\Shell - "" = AutoRun
O33 - MountPoints2\{4d81e83f-1912-11e2-8a56-b579936d9be9}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{4d81e83f-1912-11e2-8a56-b579936d9be9}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{4d81e83f-1912-11e2-8a56-b579936d9be9}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{a97c1c8e-190e-11e2-87ce-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a97c1c8e-190e-11e2-87ce-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [1999.10.01 13:47:28 | 000,024,064 | R--- | M] (D)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.12 08:08:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stina\Desktop\OTL.exe
[2013.03.11 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.03.11 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\Stina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.03.11 11:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013.03.11 11:36:21 | 085,525,104 | ---- | C] (Sophos Limited) -- C:\Users\Stina\Desktop\Sophos Virus Removal Tool.exe
[2013.03.11 08:59:20 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.11 08:59:20 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.03 10:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Terzio
[2013.03.02 17:44:59 | 000,086,016 | ---- | C] (MindVision) -- C:\Windows\unvise32qt.exe
[2013.03.02 17:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.03.02 17:42:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2013.03.02 17:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.03.02 17:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2013.03.02 17:40:58 | 000,000,000 | ---D | C] -- C:\Users\Stina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terzio
[2013.03.02 17:40:44 | 000,000,000 | ---D | C] -- C:\Terzio
[2013.02.12 20:10:43 | 000,028,144 | ---- | C] (REINER SCT) -- C:\Windows\System32\drivers\cjusb.sys
[2013.02.12 20:10:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013.02.12 19:55:54 | 000,000,000 | ---D | C] -- C:\Users\Stina\AppData\Local\DoNotTrackPlus
[2013.02.12 19:55:43 | 000,000,000 | ---D | C] -- C:\Users\Stina\AppData\Local\AskToolbar
[2013.02.12 19:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013.02.12 17:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2013.02.12 17:52:30 | 000,000,000 | ---D | C] -- C:\Users\Stina\AppData\Roaming\Avira
[2013.02.12 17:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.12 17:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2013.02.12 17:48:31 | 000,000,000 | ---D | C] -- C:\Users\Stina\AppData\Local\APN
[2013.02.12 17:48:11 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.02.12 17:48:11 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.02.12 17:48:11 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.02.12 17:48:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.02.12 17:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.12 17:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.02.12 15:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.12 08:23:22 | 000,764,584 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.12 08:23:22 | 000,719,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.12 08:23:22 | 000,173,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.12 08:23:22 | 000,146,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.12 08:18:15 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.12 08:18:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.12 08:08:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stina\Desktop\OTL.exe
[2013.03.11 16:50:35 | 000,023,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 16:50:35 | 000,023,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 16:42:50 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.11 16:42:36 | 2349,969,408 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.11 11:41:24 | 085,525,104 | ---- | M] (Sophos Limited) -- C:\Users\Stina\Desktop\Sophos Virus Removal Tool.exe
[2013.03.11 11:37:32 | 000,003,193 | ---- | M] () -- C:\Users\Stina\Desktop\Sophos Virus Removal Tool.lnk
[2013.03.11 11:26:08 | 000,000,016 | ---- | M] () -- C:\Windows\hbcikrnl.ini
[2013.03.11 10:22:34 | 000,597,667 | ---- | M] () -- C:\Users\Stina\Desktop\adwcleaner.exe
[2013.03.11 08:59:20 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.11 08:59:20 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.06 10:49:18 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.02 17:45:05 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2013.03.02 17:45:05 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2013.02.21 16:05:32 | 000,410,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.12 17:49:04 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.12 17:46:51 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.02.12 17:46:51 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.02.12 17:46:49 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.02.12 17:46:48 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2013.03.11 11:37:32 | 000,003,193 | ---- | C] () -- C:\Users\Stina\Desktop\Sophos Virus Removal Tool.lnk
[2013.03.11 10:39:05 | 000,597,667 | ---- | C] () -- C:\Users\Stina\Desktop\adwcleaner.exe
[2013.03.02 17:43:01 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2013.03.02 17:43:01 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2013.02.12 20:10:42 | 000,000,016 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2013.02.12 17:49:04 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.10 21:24:25 | 000,290,500 | ---- | C] () -- C:\Users\Stina\AppData\Local\funmoods-speeddial_sf.crx
[2012.11.10 21:24:22 | 000,031,465 | ---- | C] () -- C:\Users\Stina\AppData\Local\funmoods.crx
[2012.11.07 11:57:24 | 000,696,277 | ---- | C] () -- C:\Users\Stina\AppData\Roaming\unins000.exe
[2012.11.07 11:57:24 | 000,001,281 | ---- | C] () -- C:\Users\Stina\AppData\Roaming\unins000.dat
[2012.11.07 11:46:30 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012.11.07 11:40:25 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.03.25 18:10:20 | 000,216,876 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.03.25 18:10:20 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.03.25 18:10:18 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.03.25 17:33:50 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.03.25 17:31:52 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.03.25 17:28:22 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 22:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.03.2013 08:23:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stina\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,92 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 73,43% Memory free
5,83 Gb Paging File | 4,82 Gb Available in Paging File | 82,65% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,85 Gb Total Space | 20,38 Gb Free Space | 37,84% Space Free | Partition Type: NTFS
Drive D: | 644,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 3,73 Gb Total Space | 3,23 Gb Free Space | 86,76% Space Free | Partition Type: FAT32
Drive G: | 238,28 Gb Total Space | 212,52 Gb Free Space | 89,19% Space Free | Partition Type: NTFS
Drive Z: | 5,86 Gb Total Space | 5,80 Gb Free Space | 99,03% Space Free | Partition Type: NTFS
 
Computer Name: STINA-PC | User Name: Stina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2380933962-3331389925-1504841794-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1997866E-6069-4C9C-B36A-25DC99451220}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2C5B05B1-087C-408C-9995-221B27C98FCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2F09198D-E562-43FC-B470-16659FE91CCF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{32F32D05-B790-4F3A-8274-EBA496ABE30C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3CBA034D-9060-4387-8C44-F48FC53F31F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43349806-00AA-49E7-9DD4-DE94F89847CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4C71CB5F-9C7F-4817-905F-67C6DB627DD5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5062FE8D-42E2-4767-B1A3-968A1A39B0FF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{584BA078-978D-4FA4-81B9-D67A52FE2620}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{667CF1AB-2AA3-492E-9979-46B2183A3ACB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{73972B69-2C52-440C-BD23-3C50C79538E6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7F424DA0-1113-402B-A48E-C3027E60B554}" = lport=139 | protocol=6 | dir=in | app=system | 
"{82E7EA54-BC78-4BBC-9020-05F9B9769621}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{83E37AC2-6CA8-46AE-8A47-B6AD37A4D2B2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{922293C4-936F-45D0-B9A4-F4B205BA555F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A1D5132A-EF5F-434E-AB6D-258A3E9D5026}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A75EC814-77F1-4B33-BD9F-C3AE55C06E28}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{AC01CA5E-9400-448E-9E63-28D1075EA0B8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BC8A2F95-4F55-47CC-BC07-FFA4B7479503}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DE17EEA5-90A0-4FA6-81CA-BF1D7AB66FB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F80CD9B5-B4D2-43B2-ACD6-F2B4369E9C56}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F8CC1CA5-2FDD-40BF-9249-4BA636FD7A6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{128A7B3C-7E82-40C9-A5D8-624FE7F84BEB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2D7F4DE1-3F13-49CB-B194-B5E76273DAFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{37CB4781-BD92-4A44-B718-335D34EFA441}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3BF4A21F-06C2-4F6F-8222-2944CB089F23}" = protocol=6 | dir=out | app=system | 
"{45F85202-3157-437A-B77E-F72B52F0ABC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{47A8A959-A213-4720-8843-E9742322123A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{58928560-FEC7-4E79-8A4A-66E263E195EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65B782CB-3307-4FF4-A270-8D7B6EDFC2FB}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | 
"{6780CB14-E884-49E1-92B0-D7D145F28300}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{84ED4427-B24B-4E55-91EE-AAAD73F22C41}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{96E521AD-5D72-4F5A-B603-9C30F58821B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9778AA56-5AB6-4C27-9B1C-4C8A2D96EFDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{97B66885-3C48-4F7A-9F8E-B006F0AB59FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B692EF9-A542-47AA-809E-FC8B271BF7FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A789C5EB-8571-44C9-BC56-484751FCB8D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{BB52B184-CB4A-4C6D-A226-8AEFAAA8DBDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4C3776B-E063-45D9-B19A-B6C2F46D7B89}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D328F6C8-B2D6-4147-8EC8-1A33AE6D58D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA66997C-245E-49A2-A0E3-47A5C48BD171}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E59BD98A-DC19-49E2-B6E4-3BC5A2172BFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E60D6159-BA94-4060-B9CD-2D9D4946F050}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EFC30984-EC29-4C7F-A5EE-2C69FF2F53CF}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | 
"{F4B5CAF6-6BC2-4E97-8258-ADBFF4B2A0DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{6D9386B5-F32C-415D-9E54-8AECD3F708CC}G:\programme\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\programme\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{B58DB663-2D9B-41A0-A0B6-BCCE9AF6A8A1}G:\programme\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\programme\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{53709AD8-FA7B-4BDC-A7A8-AA7D10D0E1C8}G:\programme\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\programme\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{93AA2431-3C1A-4AA6-BAF0-C1DE24435A19}G:\programme\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\programme\xampp\mysql\bin\mysqld.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1570DE88-A78A-37FD-8A05-92620D160CCA}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{38C9BDE0-59DB-4DE0-B4C9-AB2A6258108C}" = Löwenzahn 1
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D339202-76E6-4815-89D0-B59A8654B812}" = Loewenzahn 2
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC04B19-F01D-49E2-B5E3-4025B7A4B07A}" = StarMoney
"{8EAA9D70-C912-3708-92DD-0CCC26F386E1}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9757062A-CF62-47C3-B649-C91BBB8CA9DE}" = VmciSockets
"{993B26A3-3BA8-4EA5-9099-E96C1BF236AF}" = StarMoney
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HeidiSQL_is1" = HeidiSQL 7.0.0.4053
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"QuickTime" = QuickTime
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VMware_Player" = VMware Player
"WinRAR archiver" = WinRAR Archivierer
"WiseConvert_1.3 Toolbar" = WiseConvert 1.3 Toolbar
"xampp" = XAMPP 1.7.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2380933962-3331389925-1504841794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.03.2013 05:11:50 | Computer Name = Stina-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 10.03.2013 12:48:36 | Computer Name = Stina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
 Zeitstempel: 0x503723f6  Name des fehlerhaften Moduls: YontooIEClient.dll, Version:
 1.10.1.0, Zeitstempel: 0x508737fe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00008fff
ID
 des fehlerhaften Prozesses: 0x1ef0  Startzeit der fehlerhaften Anwendung: 0x01ce1b5e359182aa
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Yontoo\YontooIEClient.dll  Berichtskennung:
 59d14e16-89a2-11e2-8a9d-005056c00008
 
Error - 10.03.2013 12:59:02 | Computer Name = Stina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
 Zeitstempel: 0x503723f6  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00056bf4  ID des fehlerhaften
 Prozesses: 0x1204  Startzeit der fehlerhaften Anwendung: 0x01ce1502fcb62e64  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ce94841d-89a3-11e2-8a9d-005056c00008
 
Error - 10.03.2013 13:24:12 | Computer Name = Stina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
 Zeitstempel: 0x503723f6  Name des fehlerhaften Moduls: AcroPDF.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x50d0b8e1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6689f747
ID
 des fehlerhaften Prozesses: 0x278c  Startzeit der fehlerhaften Anwendung: 0x01ce1db3c7d612da
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: AcroPDF.dll  Berichtskennung: 52bddbb2-89a7-11e2-8a9d-005056c00008
 
Error - 10.03.2013 13:47:19 | Computer Name = Stina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.03.2013 15:17:26 | Computer Name = Stina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
 Zeitstempel: 0x503723f6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e2111c0  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000d36f  ID des fehlerhaften
 Prozesses: 0x1384  Startzeit der fehlerhaften Anwendung: 0x01ce1dc3e5d43c52  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 2452404a-89b7-11e2-88c7-9e87dd9f6a74
 
Error - 10.03.2013 17:42:44 | Computer Name = Stina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 02:20:15 | Computer Name = Stina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 06:30:19 | Computer Name = Stina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 11:44:31 | Computer Name = Stina-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 11.03.2013 05:37:28 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
 
Error - 11.03.2013 05:37:28 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
 
Error - 11.03.2013 06:36:04 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 11.03.2013 06:36:05 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 11.03.2013 06:36:05 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 11.03.2013 06:36:06 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 12.03.2013 03:22:07 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.03.2013 03:22:08 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.03.2013 03:22:08 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.03.2013 03:22:09 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >
         
--- --- ---
!");
//-->
</script>


Geändert von MysteriusGen (12.03.2013 um 07:48 Uhr)

Alt 12.03.2013, 15:54   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Zitat:
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________
--> bprotector for Windows gefunden...Wie richtig entfernen?

Alt 12.03.2013, 17:11   #7
MysteriusGen
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Das ist ein Uni Rechner.Meine Bekannte hat diesen Laptop so gekauft. Warum auch immer.

Das ist ein Uni Laptop. Sie hat sich den so kaufen lassen. Warum auch immer.
Grüße MysteriusGenius

Alt 12.03.2013, 22:14   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Ok, danke für die Erklärung

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.03.2013, 08:28   #9
MysteriusGen
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Hier die Gmer.txt

<script type="text/javascript">
<!--
alert("GMER Logfile:
Code:
ATTFilter
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-13 08:51:07
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-24JJ5T0 rev.01.01A01 298,09GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Stina\AppData\Local\Temp\ugloypog.sys


---- System - GMER 2.1 ----

SSDT            92E58076                                                                  ZwCreateSection
SSDT            92E58080                                                                  ZwRequestWaitReplyPort
SSDT            92E5807B                                                                  ZwSetContextThread
SSDT            92E58085                                                                  ZwSetSecurityObject
SSDT            92E5808A                                                                  ZwSystemDebugControl
SSDT            92E58017                                                                  ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                  82C8EA49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                    82CC84D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                       82CCF62C 4 Bytes  [76, 80, E5, 92] {JBE 0xffffff82; IN EAX, 0x92}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                       82CCF988 4 Bytes  [80, 80, E5, 92]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                       82CCF9CC 4 Bytes  [7B, 80, E5, 92] {JNP 0xffffff82; IN EAX, 0x92}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                       82CCFA48 2 Bytes  [85, 80]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1616                                       82CCFA4B 1 Byte  [92]
.text           ...                                                                       

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                   VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                   Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                   VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                   Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\usbehci \Device\USBPDO-0                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbehci \Device\USBPDO-1                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-2                                           hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-3                                           hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-4                                           hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-5                                           hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\00000071                                           hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\00000072                                           hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\00000078                                           hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\00000079                                           hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbehci \Device\USBFDO-0                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbehci \Device\USBFDO-1                                          hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice  \FileSystem\fastfat \Fat                                                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\FPSensor\Parameters@ContactSensor  1

---- EOF - GMER 2.1 ----
         
--- --- ---



");
//-->
</script>

hier die mbar log nummer 1

Code:
ATTFilter
<script type="text/javascript">
<!--
    alert("Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.02.15.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stina :: STINA-PC [administrator]

13.03.2013 08:59:39
mbar-log-2013-03-13 (08-59-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29612
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKLM\SOFTWARE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\esrv.funmoodsESrvc (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Delete on reboot.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Delete on reboot.
HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (PUP.FunMoods) -> Bad: (hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0DzzyC0C0A0C0DyCtDyEtN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1225978215) Good: (hxxp://www.google.com) -> Delete on reboot.

Folders Detected: 3
c:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
c:\Users\Stina\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Delete on reboot.
c:\Users\Stina\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Delete on reboot.

Files Detected: 5
c:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Delete on reboot.
c:\Users\Stina\AppData\Local\funmoods.crx (PUP.Funmoods) -> Delete on reboot.
c:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Delete on reboot.
c:\Users\Stina\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Delete on reboot.
c:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Delete on reboot.

(end)
");
//-->
</script>
         
und die mbar log nummer 2 nach neustart

Code:
ATTFilter
<script type="text/javascript">
<!--
    alert("Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.02.15.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stina :: STINA-PC [administrator]

13.03.2013 09:14:50
mbar-log-2013-03-13 (09-14-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29603
Time elapsed: 8 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
");
//-->
</script>
         

Alt 13.03.2013, 10:38   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Zitat:
Database version: v2013.02.15.09
Warum wurde MBAR vorher nicht aktualisiert?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.03.2013, 11:29   #11
MysteriusGen
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Wurde nicht aktualisiert da da wo ich den Laptop mache keine Internetverbindung verfügbar ist.Habe nur daheim Zugriff auf Internet

Alt 13.03.2013, 11:42   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Dann wiederhole MBAR bitte mit Internetzugriff und aktuellen Signaturen, sonst macht das ganze nicht viel Sinn
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.03.2013, 08:02   #13
MysteriusGen
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Hier die mbar log mit den aktuellen signaturen

Code:
ATTFilter
<script type="text/javascript">
<!--
    alert("Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.14.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stina :: STINA-PC [administrator]

14.03.2013 08:42:26
mbar-log-2013-03-14 (08-42-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29381
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Stina\AppData\Local\Temp\is2036094744\PricePeepInstaller.exe (Adware.Shopper) -> Delete on reboot.

(end)
");
//-->
</script>
         
Die mbar log nach dem Neustart

Code:
ATTFilter
<script type="text/javascript">
<!--
    alert("Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.14.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stina :: STINA-PC [administrator]

14.03.2013 08:56:12
mbar-log-2013-03-14 (08-56-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29385
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
");
//-->
</script>
         

Alt 14.03.2013, 14:43   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Code:
ATTFilter
<script type="text/javascript">
<!--
");
//-->
</script>
         
Wieso steht das in den Logs bei dir am Anfang und Ende?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.03.2013, 10:09   #15
MysteriusGen
 
bprotector for Windows gefunden...Wie richtig entfernen? - Standard

bprotector for Windows gefunden...Wie richtig entfernen?



Das steht jedes mal da da ich mich mit den Code Tags nicht auskenne und ich mir die Syntax kopiere und den Text da reinkopieren wo ich denke das es richtig ist.

Antwort

Themen zu bprotector for Windows gefunden...Wie richtig entfernen?
antwort, arbeit, ausgeführt, bekannte, bprotector, brauch, entferne, entfernen, gefunde, googel, googeln, heute, hoffe, installier, installiert, langsam, laptop, namens, programm, richtig, schadsoftware, sehr langsam, suche, troja, trojaner-board, wenig, windows



Ähnliche Themen: bprotector for Windows gefunden...Wie richtig entfernen?


  1. Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!
    Log-Analyse und Auswertung - 25.11.2014 (7)
  2. AVSCAN TR/Dldr.Brantall.A.16 und BHO.BProtector.1.2 gefunden
    Log-Analyse und Auswertung - 18.11.2014 (19)
  3. Ich hab auch TR/BProtector.Gen2 gefunden.
    Log-Analyse und Auswertung - 24.10.2014 (21)
  4. TR/BProtector.gen von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.07.2014 (7)
  5. Avast hat bei Startzeit-Überprüfung BProtector gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (7)
  6. TR/BProtector.Gen von AVIRA gefunden
    Log-Analyse und Auswertung - 18.05.2014 (5)
  7. TR/BProtector.Gen2 von Avira gefunden.
    Plagegeister aller Art und deren Bekämpfung - 15.04.2014 (4)
  8. TR\BProtector.Gen auf Netbook (Win7) gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.04.2014 (12)
  9. Windows 7: TR/BProtector.Gen gefunden
    Log-Analyse und Auswertung - 02.04.2014 (10)
  10. Win7 x64 | Bitguard-Trojaner? - BProtector.F , BProtector.E , BHO.Bprotector.1.4
    Log-Analyse und Auswertung - 15.12.2013 (11)
  11. Adware/BProtector.E gefunden
    Log-Analyse und Auswertung - 05.12.2013 (5)
  12. ADWARE/BProtector.E gefunden!
    Log-Analyse und Auswertung - 03.12.2013 (1)
  13. BHO.Bprotector.1.2 und Adware.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.10.2013 (5)
  14. Adware.BProtector gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.10.2013 (13)
  15. Bprotector von sophos gefunden als Adware und in Quarantäne geschickt
    Log-Analyse und Auswertung - 03.09.2013 (5)
  16. bprotector adware gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (19)
  17. Habe " bprotector for windows " als Programm auf meinem Rechner gefunden - ist das ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (19)

Zum Thema bprotector for Windows gefunden...Wie richtig entfernen? - Hallo liebes Trojaner-Board Team. Ich habe heute von einer bekannten einen Laptop bekommen um mal zu schauen was da los ist. Der Laptop ist sehr langsam und nach ein wenig - bprotector for Windows gefunden...Wie richtig entfernen?...
Archiv
Du betrachtest: bprotector for Windows gefunden...Wie richtig entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.