Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


Log-Analyse und Auswertung: "PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 26.09.2012, 22:27   #1
mega-daddy
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


Hallo zusammen,

ich hoffe, Ihr könnt mir helfen.

Malwarebytes hat auf meinem Rechner einen Trojaner mit dem Namen "PUP.OfferBundler.ST" gefunden.

Avira Free Antivirus hat bei einem vollständigen Systemscan nichts gefunden.


Anbei das entsprechende Logfile:


Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.24.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mama_Papa :: MAMA_PAPA-PC [Administrator]

Schutz: Aktiviert

25.09.2012 18:48:45
mbam-log-2012-09-25 (18-48-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 493389
Laufzeit: 2 Stunde(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Den Fund habe ich entfernt (Button unten links in Malwarebytes).


Defogger habe ich entsprechend den Anweisungen im Board laufen gelassen und "Disable" gedrückt. Es gab keine Fehlermeldung.

Dann habe ich den Quick Scan mit OTL durchgeführt.

Hier der Inhalt von OTL.txt:




OTL logfile created on: 26.09.2012 22:31:00 - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = c:\Users\Mama_Papa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,91 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,09% Memory free
7,81 Gb Paging File | 5,52 Gb Available in Paging File | 70,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 647,54 Gb Total Space | 261,84 Gb Free Space | 40,44% Space Free | Partition Type: NTFS
Drive D: | 48,00 Gb Total Space | 22,11 Gb Free Space | 46,06% Space Free | Partition Type: NTFS

Computer Name: MAMA_PAPA-PC | User Name: Mama_Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.26 22:28:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\Mama_Papa\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.08 21:14:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.19 14:25:40 | 000,197,296 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2012.05.08 21:09:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:09:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.13 05:06:20 | 000,447,016 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe
PRC - [2011.08.06 02:20:10 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe
PRC - [2011.08.06 02:20:10 | 000,207,400 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
PRC - [2011.08.06 02:20:10 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
PRC - [2011.07.25 09:40:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.07.25 03:15:54 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.03.30 23:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2010.12.28 13:47:06 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.28 13:47:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.04.02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.11.07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe


========== Modules (No Company Name) ==========

MOD - [2012.09.11 22:08:49 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlServ#\5660a2e02280885f4fb581688f8157e8\System.Data.SqlServerCe.ni.dll
MOD - [2012.08.30 04:58:45 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
MOD - [2012.08.30 04:58:44 | 012,237,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012.08.30 04:58:42 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012.08.30 04:57:27 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012.08.30 04:57:26 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012.08.30 04:57:15 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012.08.30 04:57:13 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012.08.30 04:57:12 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012.06.13 03:17:02 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012.06.13 03:16:53 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012.05.11 09:41:42 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012.05.11 09:41:30 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012.05.11 09:41:29 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.11 09:41:23 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.05.11 09:41:18 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.11 09:41:06 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011.11.08 22:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.09.21 17:31:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 21:09:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:09:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.06 02:20:10 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2011.07.25 09:40:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.07.25 03:15:54 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010.12.28 13:47:06 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.28 13:47:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010.11.21 05:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.11.07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 21:09:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:09:04 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.10 21:57:34 | 000,165,504 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV:64bit: - [2011.07.27 01:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.25 09:40:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.07.20 14:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011.07.20 14:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011.06.22 00:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.22 00:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.03.23 03:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.03.15 18:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.08 23:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.03.08 23:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.01.25 21:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.12.28 13:47:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.16 17:08:50 | 001,077,416 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2010.09.03 14:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.13 21:47:44 | 000,032,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2009.05.13 21:26:14 | 000,015,896 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10hid.sys -- (X10Hid)
DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_deDE455
IE - HKCU\..\SearchScopes\{A00F77A9-66EA-4527-9977-19E9E715BBDF}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2405280
IE - HKCU\..\SearchScopes\{B9A7C864-0E2B-492C-BE45-228D90C7D560}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.14 23:22:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.10.28 21:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama_Papa\AppData\Roaming\mozilla\Extensions
[2012.07.21 00:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama_Papa\AppData\Roaming\mozilla\Firefox\Profiles\t1asf9kp.default\extensions
[2011.12.27 17:33:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mama_Papa\AppData\Roaming\mozilla\Firefox\Profiles\t1asf9kp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.26 23:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.09 15:33:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.14 23:22:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 23:22:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 23:22:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 23:22:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 23:22:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 23:22:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 23:22:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Google Mail = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.03.15 05:38:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mama_Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mama_Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03825670-E143-4A1C-9D66-6B83C604CAAB}: DhcpNameServer = 192.168.220.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.26 22:28:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mama_Papa\Desktop\OTL.exe
[2012.09.23 22:35:25 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Roaming\mkvtoolnix
[2012.09.23 22:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
[2012.09.21 00:04:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.20 19:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2012.09.16 17:12:32 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\{50168BC8-CFC0-4505-AB79-099A0A59B656}
[2012.09.16 02:11:28 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\{AB3335F6-A856-46D2-AB09-59901C1B56FA}
[2012.09.15 18:22:06 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\fotokasten comfort
[2012.09.15 18:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotokasten comfort
[2012.09.15 18:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\fotokasten comfort
[2012.09.15 18:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fotokasten comfort
[2012.09.14 14:43:40 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Roaming\fotofotoSoftware
[2012.09.14 14:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fotofotoSoftware
[2012.09.12 18:17:23 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\restore
[2012.09.12 18:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2012.09.12 18:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2012.09.12 18:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
[2012.09.12 18:06:44 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\Mein CEWE FOTOBUCH
[2012.09.12 17:56:02 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\{5734E661-A3B2-4B80-96E3-57330CC862AA}
[2012.09.11 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\ISL
[2012.09.11 22:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SILKYPIX Developer Studio 3.1 SE
[2012.09.11 22:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ISL
[2012.09.11 22:12:51 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.09.11 22:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic
[2012.09.11 22:10:49 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\Panasonic
[2012.09.11 22:10:38 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Roaming\InstallShield
[2012.09.11 22:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2012.09.11 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic
[2012.09.11 22:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2012.09.11 22:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.09.11 22:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.09.11 22:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.09.10 22:12:14 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\{A18E8715-64AB-49A9-8F8C-CF38FE16C082}
[2012.09.10 22:11:34 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Roaming\XMedia Recode
[2012.09.10 21:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode
[2012.09.09 22:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.26 22:31:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.26 22:31:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.26 22:30:48 | 000,000,000 | ---- | M] () -- C:\Users\Mama_Papa\defogger_reenable
[2012.09.26 22:29:12 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 22:29:12 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 22:28:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mama_Papa\Desktop\OTL.exe
[2012.09.26 22:26:35 | 000,000,000 | ---- | M] () -- C:\Users\Mama_Papa\Desktop\defogger_reenable
[2012.09.26 22:25:42 | 000,050,477 | ---- | M] () -- C:\Users\Mama_Papa\Desktop\Defogger.exe
[2012.09.26 22:20:48 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.26 22:20:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.26 22:20:38 | 3147,198,464 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.26 22:09:41 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.26 22:09:41 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.26 22:09:41 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.26 22:09:41 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.26 22:09:41 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.25 21:21:05 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.09.24 21:52:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.21 00:06:40 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.15 18:21:49 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\fotokasten comfort.lnk
[2012.09.14 14:43:29 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\fotofotoSoftware.lnk
[2012.09.12 08:42:36 | 000,368,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.11 22:13:51 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[2012.09.11 22:10:21 | 000,002,480 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.2 PE.lnk
[2012.09.11 22:07:57 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.2 PE.lnk
[2012.09.09 15:35:13 | 000,002,678 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.26 22:30:48 | 000,000,000 | ---- | C] () -- C:\Users\Mama_Papa\defogger_reenable
[2012.09.26 22:26:35 | 000,000,000 | ---- | C] () -- C:\Users\Mama_Papa\Desktop\defogger_reenable
[2012.09.26 22:25:40 | 000,050,477 | ---- | C] () -- C:\Users\Mama_Papa\Desktop\Defogger.exe
[2012.09.24 19:34:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.21 00:06:40 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.15 18:21:49 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\fotokasten comfort.lnk
[2012.09.14 14:43:29 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotofotoSoftware.lnk
[2012.09.14 14:43:29 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\fotofotoSoftware.lnk
[2012.09.11 22:13:51 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[2012.09.11 22:10:41 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.09.11 22:10:41 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.09.11 22:10:41 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.09.11 22:10:41 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.09.11 22:10:41 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.09.11 22:10:41 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.09.11 22:10:41 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.09.11 22:10:41 | 000,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2012.09.11 22:10:41 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.09.11 22:10:41 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg
[2012.09.11 22:10:41 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2012.09.11 22:10:41 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2012.09.11 22:10:41 | 000,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg
[2012.09.11 22:10:41 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2012.09.11 22:10:41 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2012.09.11 22:10:41 | 000,006,122 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_DU.cfg
[2012.09.11 22:10:41 | 000,006,103 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2012.09.11 22:10:41 | 000,005,817 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_KO.cfg
[2012.09.11 22:10:41 | 000,005,436 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_SC.cfg
[2012.09.11 22:10:41 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.09.11 22:10:41 | 000,002,889 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_RU.cfg
[2012.09.11 22:10:41 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_TC.cfg
[2012.09.11 22:10:41 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.09.11 22:10:41 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.09.11 22:10:41 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.09.11 22:10:41 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.09.11 22:10:41 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.09.11 22:10:41 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.09.11 22:10:41 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.09.11 22:10:41 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.09.11 22:10:41 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.09.11 22:10:41 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.09.11 22:10:21 | 000,002,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.2 PE.lnk
[2012.09.11 22:07:57 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.2 PE.lnk
[2012.06.11 21:39:58 | 000,000,078 | ---- | C] () -- C:\Users\Mama_Papa\AppData\Roaming\mbam.context.scan
[2012.03.15 05:26:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.15 05:26:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.15 05:26:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.15 05:26:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.15 05:26:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.10.29 21:24:32 | 001,527,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.29 21:22:04 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.08.18 23:01:07 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011.08.18 23:01:06 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2011.07.27 01:20:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.27 01:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.27 01:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.27 01:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.27 00:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2010.05.16 17:42:06 | 000,015,428 | ---- | C] () -- C:\Users\Mama_Papa\RefEdit.exd
[2009.06.18 11:13:01 | 000,000,101 | ---- | C] () -- C:\Users\Mama_Papa\default.pls

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.07.26 18:23:44 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Amazon
[2012.09.13 00:10:35 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Ashampoo
[2011.12.17 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Canon
[2011.12.17 16:56:41 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\CD-LabelPrint
[2011.11.26 02:08:59 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Cuttermaran
[2011.12.18 16:31:11 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2012.06.11 23:32:44 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\DVDVideoSoft
[2011.12.27 17:33:44 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.15 01:52:02 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\FileZilla
[2012.09.14 14:43:40 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\fotofotoSoftware
[2012.07.21 13:13:39 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\IrfanView
[2012.09.23 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\mkvtoolnix
[2012.05.10 21:14:23 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Phase6
[2012.09.21 23:46:33 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\SoftGrid Client
[2011.10.29 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\TP
[2011.11.15 00:07:06 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Windows Live Writer
[2012.09.10 22:11:34 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\XMedia Recode

========== Purity Check ==========



< End of report >


Die Datei Extras.txt hänge ich an.

Ich habe ein 64-Bit-System.


Vielen Dank für Eure Unterstützung.

Alt 27.09.2012, 06:43   #2
schrauber
/// the machine
/// TB-Ausbilder
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


Hi,


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________

__________________
Alt 27.09.2012, 19:59   #3
mega-daddy
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


Hallo Schrauber,

danke für den Hinweis. Hier die Logdatei:

# AdwCleaner v2.003 - Datei am 09/27/2012 um 20:58:52 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Mama_Papa - MAMA_PAPA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mama_Papa\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Schlüssel Gefunden : HKU\S-1-5-21-186122192-3399378445-1465514167-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-186122192-3399378445-1465514167-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280

-\\ Mozilla Firefox v11.0 (de)

Profilname : default
Datei : C:\Users\Mama_Papa\AppData\Roaming\Mozilla\Firefox\Profiles\t1asf9kp.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1615 octets] - [27/09/2012 20:58:52]

########## EOF - C:\AdwCleaner[R1].txt - [1675 octets] ##########
__________________
Alt 27.09.2012, 20:02   #4
schrauber
/// the machine
/// TB-Ausbilder
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.


Und ein frisches OTL log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.09.2012, 21:13   #5
mega-daddy
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


OK,

hier die Logdatei nach dem Löschen:

# AdwCleaner v2.003 - Datei am 09/27/2012 um 21:37:47 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Mama_Papa - MAMA_PAPA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mama_Papa\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-186122192-3399378445-1465514167-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280 --> hxxp://www.google.com

-\\ Mozilla Firefox v11.0 (de)

Profilname : default
Datei : C:\Users\Mama_Papa\AppData\Roaming\Mozilla\Firefox\Profiles\t1asf9kp.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1740 octets] - [27/09/2012 20:58:52]
AdwCleaner[S1].txt - [2232 octets] - [27/09/2012 21:37:47]

########## EOF - C:\AdwCleaner[S1].txt - [2292 octets] ##########


Hier das OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.09.2012 21:45:14 - Run 2
OTL by OldTimer - Version 3.2.68.0     Folder = C:\Users\Mama_Papa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 47,88% Memory free
7,81 Gb Paging File | 5,42 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 647,54 Gb Total Space | 268,23 Gb Free Space | 41,42% Space Free | Partition Type: NTFS
Drive D: | 48,00 Gb Total Space | 22,11 Gb Free Space | 46,06% Space Free | Partition Type: NTFS
 
Computer Name: MAMA_PAPA-PC | User Name: Mama_Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.26 22:28:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mama_Papa\Desktop\OTL.exe
PRC - [2012.09.25 11:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.08 21:14:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.19 14:25:40 | 000,197,296 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2012.05.08 21:09:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:09:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.13 05:06:20 | 000,447,016 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe
PRC - [2011.08.06 02:20:10 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe
PRC - [2011.08.06 02:20:10 | 000,207,400 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
PRC - [2011.08.06 02:20:10 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
PRC - [2011.07.25 09:40:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.07.25 03:15:54 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.03.30 23:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2010.12.28 13:47:06 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.28 13:47:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.04.02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.11.07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.25 11:42:58 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
MOD - [2012.09.25 11:42:57 | 012,278,808 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012.09.25 11:42:55 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012.09.25 11:41:39 | 000,578,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012.09.25 11:41:38 | 000,123,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012.09.25 11:41:27 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012.09.25 11:41:26 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012.09.25 11:41:24 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2012.09.11 22:08:49 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlServ#\5660a2e02280885f4fb581688f8157e8\System.Data.SqlServerCe.ni.dll
MOD - [2012.06.13 03:17:02 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012.06.13 03:16:53 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012.05.11 09:41:42 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012.05.11 09:41:30 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012.05.11 09:41:29 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.11 09:41:23 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.05.11 09:41:18 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.11 09:41:06 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011.11.08 22:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.09.21 17:31:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 21:09:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:09:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.06 02:20:10 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2011.07.25 09:40:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.07.25 03:15:54 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010.12.28 13:47:06 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.28 13:47:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.11.07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 21:09:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:09:04 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.10 21:57:34 | 000,165,504 | ---- | M] (ITE                      ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV:64bit: - [2011.07.27 01:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.25 09:40:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.07.20 14:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011.07.20 14:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011.06.22 00:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.22 00:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.03.23 03:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.03.15 18:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.08 23:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.03.08 23:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.01.25 21:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.12.28 13:47:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.16 17:08:50 | 001,077,416 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2010.09.03 14:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.13 21:47:44 | 000,032,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2009.05.13 21:26:14 | 000,015,896 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10hid.sys -- (X10Hid)
DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_deDE455
IE - HKCU\..\SearchScopes\{A00F77A9-66EA-4527-9977-19E9E715BBDF}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{B9A7C864-0E2B-492C-BE45-228D90C7D560}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.14 23:22:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.10.28 21:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama_Papa\AppData\Roaming\mozilla\Extensions
[2012.07.21 00:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama_Papa\AppData\Roaming\mozilla\Firefox\Profiles\t1asf9kp.default\extensions
[2011.12.27 17:33:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mama_Papa\AppData\Roaming\mozilla\Firefox\Profiles\t1asf9kp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.26 23:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.09 15:33:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.14 23:22:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 23:22:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 23:22:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 23:22:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 23:22:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 23:22:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 23:22:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: iGoogle
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: iGoogle
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Google Mail = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.03.15 05:38:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mama_Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mama_Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03825670-E143-4A1C-9D66-6B83C604CAAB}: DhcpNameServer = 192.168.220.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.26 22:28:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mama_Papa\Desktop\OTL.exe
[2012.09.23 22:35:25 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Roaming\mkvtoolnix
[2012.09.23 22:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
[2012.09.21 00:04:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.20 19:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2012.09.16 17:12:32 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\{50168BC8-CFC0-4505-AB79-099A0A59B656}
[2012.09.16 02:11:28 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\{AB3335F6-A856-46D2-AB09-59901C1B56FA}
[2012.09.15 18:22:06 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\fotokasten comfort
[2012.09.15 18:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotokasten comfort
[2012.09.15 18:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\fotokasten comfort
[2012.09.15 18:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fotokasten comfort
[2012.09.14 14:43:40 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Roaming\fotofotoSoftware
[2012.09.14 14:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fotofotoSoftware
[2012.09.12 18:17:23 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\restore
[2012.09.12 18:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2012.09.12 18:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2012.09.12 18:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
[2012.09.12 18:06:44 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\Mein CEWE FOTOBUCH
[2012.09.12 17:56:02 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\{5734E661-A3B2-4B80-96E3-57330CC862AA}
[2012.09.11 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\ISL
[2012.09.11 22:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SILKYPIX Developer Studio 3.1 SE
[2012.09.11 22:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ISL
[2012.09.11 22:12:51 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.09.11 22:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic
[2012.09.11 22:10:49 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\Panasonic
[2012.09.11 22:10:38 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Roaming\InstallShield
[2012.09.11 22:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2012.09.11 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic
[2012.09.11 22:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2012.09.11 22:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.09.11 22:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.09.11 22:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.09.10 22:12:14 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\{A18E8715-64AB-49A9-8F8C-CF38FE16C082}
[2012.09.10 22:11:34 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Roaming\XMedia Recode
[2012.09.10 21:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode
[2012.09.09 22:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.27 21:48:39 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 21:48:39 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 21:40:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.27 21:40:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.27 21:40:08 | 3147,198,464 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.27 21:31:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.27 21:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.27 20:57:39 | 000,513,501 | ---- | M] () -- C:\Users\Mama_Papa\Desktop\adwcleaner.exe
[2012.09.27 20:32:44 | 000,002,712 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.26 22:30:48 | 000,000,000 | ---- | M] () -- C:\Users\Mama_Papa\defogger_reenable
[2012.09.26 22:28:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mama_Papa\Desktop\OTL.exe
[2012.09.26 22:26:35 | 000,000,000 | ---- | M] () -- C:\Users\Mama_Papa\Desktop\defogger_reenable
[2012.09.26 22:25:42 | 000,050,477 | ---- | M] () -- C:\Users\Mama_Papa\Desktop\Defogger.exe
[2012.09.26 22:09:41 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.26 22:09:41 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.26 22:09:41 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.26 22:09:41 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.26 22:09:41 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.25 21:21:05 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.09.24 21:52:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.21 00:06:40 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.15 18:21:49 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\fotokasten comfort.lnk
[2012.09.14 14:43:29 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\fotofotoSoftware.lnk
[2012.09.12 08:42:36 | 000,368,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.11 22:13:51 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[2012.09.11 22:10:21 | 000,002,480 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.2 PE.lnk
[2012.09.11 22:07:57 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.2 PE.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.27 20:57:38 | 000,513,501 | ---- | C] () -- C:\Users\Mama_Papa\Desktop\adwcleaner.exe
[2012.09.26 22:30:48 | 000,000,000 | ---- | C] () -- C:\Users\Mama_Papa\defogger_reenable
[2012.09.26 22:26:35 | 000,000,000 | ---- | C] () -- C:\Users\Mama_Papa\Desktop\defogger_reenable
[2012.09.26 22:25:40 | 000,050,477 | ---- | C] () -- C:\Users\Mama_Papa\Desktop\Defogger.exe
[2012.09.24 19:34:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.21 00:06:40 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.15 18:21:49 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\fotokasten comfort.lnk
[2012.09.14 14:43:29 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotofotoSoftware.lnk
[2012.09.14 14:43:29 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\fotofotoSoftware.lnk
[2012.09.11 22:13:51 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[2012.09.11 22:10:41 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.09.11 22:10:41 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.09.11 22:10:41 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.09.11 22:10:41 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.09.11 22:10:41 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.09.11 22:10:41 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.09.11 22:10:41 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.09.11 22:10:41 | 000,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2012.09.11 22:10:41 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.09.11 22:10:41 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg
[2012.09.11 22:10:41 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2012.09.11 22:10:41 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2012.09.11 22:10:41 | 000,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg
[2012.09.11 22:10:41 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2012.09.11 22:10:41 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2012.09.11 22:10:41 | 000,006,122 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_DU.cfg
[2012.09.11 22:10:41 | 000,006,103 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2012.09.11 22:10:41 | 000,005,817 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_KO.cfg
[2012.09.11 22:10:41 | 000,005,436 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_SC.cfg
[2012.09.11 22:10:41 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.09.11 22:10:41 | 000,002,889 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_RU.cfg
[2012.09.11 22:10:41 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_TC.cfg
[2012.09.11 22:10:41 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.09.11 22:10:41 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.09.11 22:10:41 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.09.11 22:10:41 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.09.11 22:10:41 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.09.11 22:10:41 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.09.11 22:10:41 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.09.11 22:10:41 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.09.11 22:10:41 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.09.11 22:10:41 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.09.11 22:10:21 | 000,002,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.2 PE.lnk
[2012.09.11 22:07:57 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.2 PE.lnk
[2012.06.11 21:39:58 | 000,000,078 | ---- | C] () -- C:\Users\Mama_Papa\AppData\Roaming\mbam.context.scan
[2012.03.15 05:26:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.15 05:26:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.15 05:26:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.15 05:26:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.15 05:26:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.10.29 21:24:32 | 001,527,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.29 21:22:04 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.08.18 23:01:07 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011.08.18 23:01:06 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2011.07.27 01:20:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.27 01:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.27 01:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.27 01:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.27 00:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2010.05.16 17:42:06 | 000,015,428 | ---- | C] () -- C:\Users\Mama_Papa\RefEdit.exd
[2009.06.18 11:13:01 | 000,000,101 | ---- | C] () -- C:\Users\Mama_Papa\default.pls
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | -
Code:
ATTFilter
--- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.26 18:23:44 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Amazon
[2012.09.13 00:10:35 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Ashampoo
[2011.12.17 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Canon
[2011.12.17 16:56:41 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\CD-LabelPrint
[2011.11.26 02:08:59 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Cuttermaran
[2011.12.18 16:31:11 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2012.06.11 23:32:44 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\DVDVideoSoft
[2011.12.27 17:33:44 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.15 01:52:02 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\FileZilla
[2012.09.14 14:43:40 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\fotofotoSoftware
[2012.07.21 13:13:39 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\IrfanView
[2012.09.23 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\mkvtoolnix
[2012.05.10 21:14:23 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Phase6
[2012.09.21 23:46:33 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\SoftGrid Client
[2011.10.29 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\TP
[2011.11.15 00:07:06 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Windows Live Writer
[2012.09.10 22:11:34 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
Alt 28.09.2012, 04:11   #6
schrauber
/// the machine
/// TB-Ausbilder
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> "PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe

Alt 28.09.2012, 21:07   #7
mega-daddy
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


So, alles erledigt.

Hier das Logfile:

C:\Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_jahreskalender-2011-fur-excel.exe a variant of Win32/SoftonicDownloader.A application

Gruß,

mega-daddy

Alt 29.09.2012, 09:01   #8
schrauber
/// the machine
/// TB-Ausbilder
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


Gut

Poste bitte ein frisches OTL logfile und teile mir mit ob du noch Probleme hast.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2012, 13:56   #9
mega-daddy
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


So, da bin ich wieder.

Hier kommt das neue OTL-File:

OTL logfile created on: 29.09.2012 11:12:15 - Run 3
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Mama_Papa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,91 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 52,90% Memory free
7,81 Gb Paging File | 5,49 Gb Available in Paging File | 70,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 647,54 Gb Total Space | 266,63 Gb Free Space | 41,18% Space Free | Partition Type: NTFS
Drive D: | 48,00 Gb Total Space | 22,11 Gb Free Space | 46,06% Space Free | Partition Type: NTFS

Computer Name: MAMA_PAPA-PC | User Name: Mama_Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.26 22:28:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mama_Papa\Desktop\OTL.exe
PRC - [2012.09.25 11:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.08 21:14:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.19 14:25:40 | 000,197,296 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2012.05.08 21:09:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:09:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.13 05:06:20 | 000,447,016 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe
PRC - [2011.08.06 02:20:10 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe
PRC - [2011.08.06 02:20:10 | 000,207,400 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
PRC - [2011.08.06 02:20:10 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
PRC - [2011.07.25 09:40:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.07.25 03:15:54 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.03.30 23:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2010.12.28 13:47:06 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.28 13:47:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.04.02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.11.07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe


========== Modules (No Company Name) ==========

MOD - [2012.09.25 11:42:58 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
MOD - [2012.09.25 11:42:57 | 012,278,808 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012.09.25 11:42:55 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012.09.25 11:41:39 | 000,578,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012.09.25 11:41:38 | 000,123,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012.09.25 11:41:27 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012.09.25 11:41:26 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012.09.25 11:41:24 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2012.09.11 22:08:49 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlServ#\5660a2e02280885f4fb581688f8157e8\System.Data.SqlServerCe.ni.dll
MOD - [2012.06.13 03:17:02 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012.06.13 03:16:53 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012.05.11 09:41:42 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012.05.11 09:41:30 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012.05.11 09:41:29 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.11 09:41:23 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.05.11 09:41:18 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.11 09:41:06 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011.11.08 22:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.09.28 22:21:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.21 17:31:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 21:09:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:09:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.06 02:20:10 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2011.07.25 09:40:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.07.25 03:15:54 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010.12.28 13:47:06 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.28 13:47:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.11.07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 21:09:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:09:04 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.10 21:57:34 | 000,165,504 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV:64bit: - [2011.07.27 01:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.25 09:40:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.07.20 14:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011.07.20 14:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011.06.22 00:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.22 00:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.03.23 03:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.03.15 18:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.08 23:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.03.08 23:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.01.25 21:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.12.28 13:47:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.16 17:08:50 | 001,077,416 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2010.09.03 14:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.13 21:47:44 | 000,032,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2009.05.13 21:26:14 | 000,015,896 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10hid.sys -- (X10Hid)
DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_deDE455
IE - HKCU\..\SearchScopes\{A00F77A9-66EA-4527-9977-19E9E715BBDF}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{B9A7C864-0E2B-492C-BE45-228D90C7D560}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.28 22:21:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.10.28 21:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama_Papa\AppData\Roaming\mozilla\Extensions
[2012.07.21 00:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama_Papa\AppData\Roaming\mozilla\Firefox\Profiles\t1asf9kp.default\extensions
[2011.12.27 17:33:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mama_Papa\AppData\Roaming\mozilla\Firefox\Profiles\t1asf9kp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.26 23:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.09 15:33:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.28 22:21:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.28 22:21:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.28 22:21:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.28 22:21:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.28 22:21:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.28 22:21:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.28 22:21:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Google Mail = C:\Users\Mama_Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.03.15 05:38:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mama_Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mama_Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03825670-E143-4A1C-9D66-6B83C604CAAB}: DhcpNameServer = 192.168.220.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.28 22:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.28 22:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.28 17:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.28 17:03:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mama_Papa\Desktop\esetsmartinstaller_enu.exe
[2012.09.26 22:28:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mama_Papa\Desktop\OTL.exe
[2012.09.23 22:35:25 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Roaming\mkvtoolnix
[2012.09.23 22:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
[2012.09.21 00:04:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.20 19:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2012.09.16 17:12:32 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\{50168BC8-CFC0-4505-AB79-099A0A59B656}
[2012.09.16 02:11:28 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\{AB3335F6-A856-46D2-AB09-59901C1B56FA}
[2012.09.15 18:22:06 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\fotokasten comfort
[2012.09.15 18:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotokasten comfort
[2012.09.15 18:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\fotokasten comfort
[2012.09.15 18:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fotokasten comfort
[2012.09.14 14:43:40 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Roaming\fotofotoSoftware
[2012.09.14 14:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fotofotoSoftware
[2012.09.12 18:17:23 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\restore
[2012.09.12 18:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2012.09.12 18:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2012.09.12 18:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
[2012.09.12 18:06:44 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\Mein CEWE FOTOBUCH
[2012.09.12 17:56:02 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\{5734E661-A3B2-4B80-96E3-57330CC862AA}
[2012.09.11 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\ISL
[2012.09.11 22:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SILKYPIX Developer Studio 3.1 SE
[2012.09.11 22:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ISL
[2012.09.11 22:12:51 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.09.11 22:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic
[2012.09.11 22:10:49 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\Panasonic
[2012.09.11 22:10:38 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Roaming\InstallShield
[2012.09.11 22:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2012.09.11 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic
[2012.09.11 22:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2012.09.11 22:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.09.11 22:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.09.11 22:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.09.10 22:12:14 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Local\{A18E8715-64AB-49A9-8F8C-CF38FE16C082}
[2012.09.10 22:11:34 | 000,000,000 | ---D | C] -- C:\Users\Mama_Papa\AppData\Roaming\XMedia Recode
[2012.09.10 21:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode
[2012.09.09 22:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.29 10:31:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.29 10:31:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.29 09:40:43 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.29 09:40:43 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.29 09:32:33 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.29 09:32:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.29 09:32:20 | 3147,198,464 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.28 17:03:31 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mama_Papa\Desktop\esetsmartinstaller_enu.exe
[2012.09.28 05:21:54 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.28 05:21:54 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.28 05:21:54 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.28 05:21:54 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.28 05:21:54 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.27 20:57:39 | 000,513,501 | ---- | M] () -- C:\Users\Mama_Papa\Desktop\adwcleaner.exe
[2012.09.27 20:32:44 | 000,002,712 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.26 22:30:48 | 000,000,000 | ---- | M] () -- C:\Users\Mama_Papa\defogger_reenable
[2012.09.26 22:28:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mama_Papa\Desktop\OTL.exe
[2012.09.26 22:26:35 | 000,000,000 | ---- | M] () -- C:\Users\Mama_Papa\Desktop\defogger_reenable
[2012.09.26 22:25:42 | 000,050,477 | ---- | M] () -- C:\Users\Mama_Papa\Desktop\Defogger.exe
[2012.09.25 21:21:05 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.09.24 21:52:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.21 00:06:40 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.15 18:21:49 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\fotokasten comfort.lnk
[2012.09.14 14:43:29 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\fotofotoSoftware.lnk
[2012.09.12 08:42:36 | 000,368,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.11 22:13:51 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[2012.09.11 22:10:21 | 000,002,480 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.2 PE.lnk
[2012.09.11 22:07:57 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.2 PE.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.27 20:57:38 | 000,513,501 | ---- | C] () -- C:\Users\Mama_Papa\Desktop\adwcleaner.exe
[2012.09.26 22:30:48 | 000,000,000 | ---- | C] () -- C:\Users\Mama_Papa\defogger_reenable
[2012.09.26 22:26:35 | 000,000,000 | ---- | C] () -- C:\Users\Mama_Papa\Desktop\defogger_reenable
[2012.09.26 22:25:40 | 000,050,477 | ---- | C] () -- C:\Users\Mama_Papa\Desktop\Defogger.exe
[2012.09.24 19:34:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.21 00:06:40 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.09.15 18:21:49 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\fotokasten comfort.lnk
[2012.09.14 14:43:29 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotofotoSoftware.lnk
[2012.09.14 14:43:29 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\fotofotoSoftware.lnk
[2012.09.11 22:13:51 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[2012.09.11 22:10:41 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.09.11 22:10:41 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.09.11 22:10:41 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.09.11 22:10:41 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.09.11 22:10:41 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.09.11 22:10:41 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.09.11 22:10:41 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.09.11 22:10:41 | 000,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2012.09.11 22:10:41 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.09.11 22:10:41 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg
[2012.09.11 22:10:41 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2012.09.11 22:10:41 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2012.09.11 22:10:41 | 000,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg
[2012.09.11 22:10:41 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2012.09.11 22:10:41 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2012.09.11 22:10:41 | 000,006,122 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_DU.cfg
[2012.09.11 22:10:41 | 000,006,103 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2012.09.11 22:10:41 | 000,005,817 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_KO.cfg
[2012.09.11 22:10:41 | 000,005,436 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_SC.cfg
[2012.09.11 22:10:41 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.09.11 22:10:41 | 000,002,889 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_RU.cfg
[2012.09.11 22:10:41 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_TC.cfg
[2012.09.11 22:10:41 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.09.11 22:10:41 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.09.11 22:10:41 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.09.11 22:10:41 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.09.11 22:10:41 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.09.11 22:10:41 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.09.11 22:10:41 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.09.11 22:10:41 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.09.11 22:10:41 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.09.11 22:10:41 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.09.11 22:10:21 | 000,002,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.2 PE.lnk
[2012.09.11 22:07:57 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.2 PE.lnk
[2012.06.11 21:39:58 | 000,000,078 | ---- | C] () -- C:\Users\Mama_Papa\AppData\Roaming\mbam.context.scan
[2012.03.15 05:26:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.15 05:26:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.15 05:26:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.15 05:26:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.15 05:26:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.10.29 21:24:32 | 001,527,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.29 21:22:04 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.08.18 23:01:07 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011.08.18 23:01:06 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2011.07.27 01:20:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.27 01:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.27 01:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.27 01:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.27 00:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2010.05.16 17:42:06 | 000,015,428 | ---- | C] () -- C:\Users\Mama_Papa\RefEdit.exd
[2009.06.18 11:13:01 | 000,000,101 | ---- | C] () -- C:\Users\Mama_Papa\default.pls

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.07.26 18:23:44 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Amazon
[2012.09.13 00:10:35 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Ashampoo
[2011.12.17 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Canon
[2011.12.17 16:56:41 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\CD-LabelPrint
[2011.11.26 02:08:59 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Cuttermaran
[2011.12.18 16:31:11 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2012.06.11 23:32:44 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\DVDVideoSoft
[2011.12.27 17:33:44 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.15 01:52:02 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\FileZilla
[2012.09.14 14:43:40 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\fotofotoSoftware
[2012.07.21 13:13:39 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\IrfanView
[2012.09.23 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\mkvtoolnix
[2012.05.10 21:14:23 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Phase6
[2012.09.21 23:46:33 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\SoftGrid Client
[2011.10.29 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\TP
[2011.11.15 00:07:06 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\Windows Live Writer
[2012.09.10 22:11:34 | 000,000,000 | ---D | M] -- C:\Users\Mama_Papa\AppData\Roaming\XMedia Recode

========== Purity Check ==========

Schöne Grüße,

mega-daddy

Ach so,

ich habe keine Ahnung, ob es noch Probleme gibt. Mir fällt zumindest nichts auf.

Bei dem ESET Online Scanner habe ich, wie von Dir angegeben, nichts gelöscht.

Was denkst Du, schaut es gut aus?

Mich würde auch mal interessieren, was dieser Trojaner denn so anstellt und ob er gefährlich ist. Wisst Ihr das?

Danke nochmals für Eure / Deine Unterstützung!

Schöne Grüße,

mega-daddy

Alt 29.09.2012, 14:20   #10
schrauber
/// the machine
/// TB-Ausbilder
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=

:Commands
[emptytemp]
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.


Dabei handelt es sich um adware, die den browser beeinflusst und rum nervt mit werbung und so.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2012, 15:17   #11
mega-daddy
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


Ok, das hört sich, zumindest für mich, erst mal nicht gefährlich an.

Hier ist das Textfile:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gedaechtnis
->Temp folder emptied: 0 bytes

User: Mama_Papa
->Temp folder emptied: 350475741 bytes
->Temporary Internet Files folder emptied: 324832514 bytes
->Java cache emptied: 16371449 bytes
->FireFox cache emptied: 76708006 bytes
->Google Chrome cache emptied: 46773582 bytes
->Flash cache emptied: 80432 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: var
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 143190687 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 4512909289 bytes

Total Files Cleaned = 5.218,00 mb


OTL by OldTimer - Version 3.2.68.0 log created on 09292012_161000

Files\Folders moved on Reboot...
C:\Users\Mama_Papa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Gruß,

Mega-daddy

Alt 29.09.2012, 15:30   #12
schrauber
/// the machine
/// TB-Ausbilder
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


AdwCleaner öffnen > Uninstall

OTL öffnen > Button Bereinigung drücken



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2012, 18:35   #13
mega-daddy
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


Hallo Schrauber,

ich habe alles soweit durchgeführt.

Als Virenscanner verwende ich Avira Free Antivirus.

Die verschiedenen Tools habe ich installiert.

Jetzt sollte eigentlich alles passen...

Nochmals ganz herzlichen Dank, dass Du Dir soviel Zeit für mich genommen hast!

Alt 29.09.2012, 18:46   #14
schrauber
/// the machine
/// TB-Ausbilder
 
"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Standard

"PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


gern geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu "PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe
adobe, antivirus, autorun, avg, bho, bonjour, canon, converter, defender, error, explorer, firefox, flash player, format, ftp, google, helper, home, homepage, launch, logfile, monitor, mp3, nodrives, nvpciflt.sys, plug-in, realtek, registry, software, trojaner


« Flashpla.exe Trojaner, ja oder nein? | Das Betriebssystem wurde im zusammenhang ................ »


Ähnliche Themen: "PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe


  1. Problem beim Starten: "C:\Users\xxx\AppData\Local\Image Camera\Bin\ImageCamera.dll"
    Plagegeister aller Art und deren Bekämpfung - 19.10.2015 (9)
  2. "TR/Dldr.Agent.1169920.4 in c:\windows\temp\db22.exe" & "ADWARE\InstallCore.771128 in c:\Users\Julian\Downloads\openal-2.0.7.0.exe"
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (9)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe"
    Log-Analyse und Auswertung - 05.06.2013 (10)
  6. Trojaner: "HEUR:Exploit.Java.CVE-2012-1723.gen" in c:\documents and settings\ela\appdata\local\temp\jar_cache8475908429309578927.tmp
    Plagegeister aller Art und deren Bekämpfung - 08.04.2013 (6)
  7. "JS: pdfka-gen [Expl]" in "C:\Users\***\AppData\Local\Temp\plugtmp-44\plugin-dare.php"
    Log-Analyse und Auswertung - 19.03.2013 (13)
  8. PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (2)
  9. "AcroIEHelpe163.dll" in C:\Users\Hendrik\AppData\Roaming\, TR/Rogue.kdv.666318
    Log-Analyse und Auswertung - 08.08.2012 (5)
  10. C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? Fehlermeldung
    Log-Analyse und Auswertung - 08.07.2012 (5)
  11. größere Downloads brechen ab / Online Banking wird mit "Sicherheitsmaske" überdeckt
    Log-Analyse und Auswertung - 12.04.2012 (18)
  12. "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (11)
  13. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  14. Crypt.CFI.Gen in C:\Documents and Settings\All Users\Documents\lojdce.exe
    Plagegeister aller Art und deren Bekämpfung - 28.02.2009 (0)
  15. Internet ist langsam, Downloads brechen ab und Google stuft alles als "Gefahr" ein
    Plagegeister aller Art und deren Bekämpfung - 31.01.2009 (2)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. "Free Downloads" Google Serach Trojaner ??!?
    Plagegeister aller Art und deren Bekämpfung - 26.02.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema "PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe - Hallo zusammen, ich hoffe, Ihr könnt mir helfen. Malwarebytes hat auf meinem Rechner einen Trojaner mit dem Namen "PUP.OfferBundler.ST" gefunden. Avira Free Antivirus hat bei einem vollständigen Systemscan nichts gefunden. - "PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe...
Archiv
Du betrachtest: "PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19