Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
pup.offerbundler.st

pup.offerbundler.st


Plagegeister aller Art und deren Bekämpfung: pup.offerbundler.st

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.06.2013, 08:06   #1
Lilolcheb
 
pup.offerbundler.st - Standard

pup.offerbundler.st


Hallo ihr Lieben,
ich hatte einen Scan ,mit Malebytes und Aviria gemacht und dabei kam heraus, dass ich mir einen PUP-Offerbundler.st eingefangen habe. daraufhin hab ich die Anleitung von http://www.trojaner-board.de/127438-...undler-st.html befolgt.

Alo in kurzfassung ich habe schon folgendes gemacht:
1.Adw.cleaner,
2. OTL und
3.eset durchlaufen lassen. Ich wollte euch jetzt mal die Ergebnisse geben, weil ich mich damit nicht sonderlich auskenne.




Also OTL:





OTL logfile created on: 22.06.2013 14:44:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,87 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 68,76% Memory free
5,73 Gb Paging File | 4,71 Gb Available in Paging File | 82,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,55 Gb Total Space | 44,55 Gb Free Space | 30,40% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 3,74 Gb Free Space | 12,48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1,96 Gb Total Space | 0,01 Gb Free Space | 0,30% Space Free | Partition Type: FAT

Computer Name: LENA-PC | User Name: Lena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.06.22 13:27:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2013.05.08 18:54:25 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.23 06:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.04.23 06:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2013.04.18 12:10:38 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Programme\Samsung\Kies\KiesAirMessage.exe
PRC - [2013.04.18 12:09:20 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2013.04.03 18:50:07 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.03 18:49:47 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.04.03 18:49:43 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2012.06.11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2012.03.02 18:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2012.03.02 00:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareAgent.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.06.21 13:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2009.12.14 11:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2009.12.11 15:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2009.09.14 07:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE


========== Modules (No Company Name) ==========

MOD - [2013.06.19 21:49:26 | 018,686,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ehshell\5b4663d825aded574d7f70e7dc04cd01\ehshell.ni.dll
MOD - [2013.06.19 21:49:10 | 006,499,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\21419c051ef316c955a7771435de4b43\Microsoft.MediaCenter.UI.ni.dll
MOD - [2013.06.19 21:49:06 | 001,009,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\94af6d702babb83cb5bebb2d7ceef980\Microsoft.MediaCenter.ni.dll
MOD - [2013.05.24 00:11:04 | 000,614,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\29be5a9cc5b83e2b30e9d788ac201f83\DevicePodcast.ni.dll
MOD - [2013.05.24 00:11:04 | 000,115,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\9ab54aea64046cd2b4ff895b1c027c05\DeviceStoryAlbum.ni.dll
MOD - [2013.05.24 00:11:03 | 000,300,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\b44e10add0a5276dc3fbbde338c4b5ea\DeviceVideo.ni.dll
MOD - [2013.05.24 00:11:02 | 000,355,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\9661c2265a6fb7782243c0633378a1e5\DevicePhoto.ni.dll
MOD - [2013.05.24 00:11:01 | 000,474,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\df3496a7e1364e2b78bac5b4aef48ae6\VideoManager.ni.dll
MOD - [2013.05.24 00:11:01 | 000,307,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\ec4ba3e13a88086bf95ea05919513917\DeviceMusic.ni.dll
MOD - [2013.05.24 00:11:00 | 000,782,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\88ec39193b34cf293d0887383c2ccde5\PhotoManager.ni.dll
MOD - [2013.05.24 00:10:59 | 001,988,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\be4228490407398b302edeed5ea57879\Phonebook.ni.dll
MOD - [2013.05.24 00:10:57 | 000,207,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\ea5424dfc774422fa2038d980b1642d1\StoryAlbumManager.ni.dll
MOD - [2013.05.24 00:10:56 | 000,945,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\218ed646a2ca6d2c08509295ce556260\MusicManager.ni.dll
MOD - [2013.05.24 00:10:55 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\fbe4134679a5506a54004cd5952d7d29\BATPlugin.ni.dll
MOD - [2013.05.24 00:10:52 | 000,534,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\730c70013610eb7e73f49213b1076bab\Kies.Common.MediaDB.ni.dll
MOD - [2013.05.24 00:10:51 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\94fd3d4235723a962f8b3f29d7eac567\Kies.Common.AllShare.ni.dll
MOD - [2013.05.24 00:10:50 | 001,146,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\1f04da0191d585e975a3f43548a70e2e\Podcaster.ni.dll
MOD - [2013.05.24 00:10:50 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\1784a3c837a81be9ad8608a9405de178\Kies.Common.DBManager.ni.dll
MOD - [2013.05.24 00:10:48 | 000,580,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f0dfcf225ea9ee5911a199d90da24d76\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013.05.24 00:10:48 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\35992f641f4348746cfe0c6c1b48ece7\Kies.Common.DeviceServiceLib.FirmwareUpdate.Commo n.ni.dll
MOD - [2013.05.24 00:10:47 | 001,205,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ddd3ef7293ae9ddaca67c1ab86f328c3\Kies.Common.DeviceService.ni.dll
MOD - [2013.05.24 00:10:45 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\99bba258903cd892a867461d55d728ff\DeviceCommonLib.ni.dll
MOD - [2013.05.24 00:10:44 | 000,743,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\d68e9699b3319f4d4a0d0fdb8855f48a\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013.05.24 00:10:43 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\50c6d0af63aa7107ec15d7ef86a62609\Kies.Common.MainUI.ni.dll
MOD - [2013.05.24 00:10:37 | 000,928,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6704d4bac5e6b834fe7cd1502f09f2cb\Kies.Common.DeviceServiceLib.DeviceManagement.ni. dll
MOD - [2013.05.24 00:10:33 | 002,202,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\dfc6504af8cd62a4a38a5b6ad7ca6566\Kies.Common.Multimedia.ni.dll
MOD - [2013.05.24 00:10:31 | 000,638,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2627bfc447a741309a32dbd51ee23dbc\Kies.Common.DeviceServiceLib.DeviceDataService.ni .dll
MOD - [2013.05.24 00:10:26 | 007,031,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\ef0ca0f4bbf4b69a4e0e94ff43ace2bd\DeviceHost.ni.dll
MOD - [2013.05.24 00:10:20 | 001,899,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7aef2d5e9f446c4108ed337e465cd196\Kies.UI.ni.dll
MOD - [2013.05.24 00:10:20 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\37bb8c2ca86bf868044bce11e73d1efc\Kies.Common.Util.ni.dll
MOD - [2013.05.24 00:10:18 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f67e1afe33aa6c76e375dbd4fa132363\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013.05.24 00:10:17 | 001,273,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\0687f786aa9dd34f7dd8d26cdfdb065f\Kies.Interface.ni.dll
MOD - [2013.05.24 00:09:54 | 002,177,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\81b8201bf1ea967ba701b63e65e75e47\Kies.ni.exe
MOD - [2013.05.23 19:37:22 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll
MOD - [2013.05.23 19:37:07 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll
MOD - [2013.05.23 19:37:00 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll
MOD - [2013.05.23 19:36:59 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll
MOD - [2013.05.23 19:36:54 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll
MOD - [2013.05.23 19:36:51 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll
MOD - [2013.04.29 00:07:31 | 017,554,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\71b6200b469ae31187226c5634b6d6bb\Kies.Theme.ni.dll
MOD - [2013.04.29 00:07:30 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\5face173af94a7083cea1c078a6b4938\DummyStorePlugin.ni.dll
MOD - [2013.04.29 00:07:19 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\a5bd3f2855afcc1f5bf15057c35bd48d\Kies.Common.StoreManager.ni.dll
MOD - [2013.04.29 00:07:18 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\fde643974d1f6bc8843237cedb262c9b\Kies.Common.CRMManager.ni.dll
MOD - [2013.04.29 00:07:15 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\94eee0f7d59880d4ff2754ad67877ac1\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downl oader.ni.dll
MOD - [2013.04.29 00:07:15 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\931b9596988f8d16731b691a35a25727\Interop.DevFileServiceLib.ni.dll
MOD - [2013.04.29 00:07:04 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bd5cbd625647b2af277b7c5c0ffb8f5b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Firmw areUpdateAgentHelper.ni.dll
MOD - [2013.04.29 00:07:02 | 000,080,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ZipStore\bbd37020633f9e7f190af58b7bf6138f\ZipStore.ni.dll
MOD - [2013.04.29 00:07:02 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\bfc490c6779a7a9ae85832ca58c27054\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013.04.29 00:07:00 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\15fff4c0b61cdf95cf8c94850bfbde5f\Interop.DeviceServiceModelDBLib.ni.dll
MOD - [2013.04.29 00:06:59 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f93e893f927f890bffe924ec7e8c1323\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013.04.29 00:06:45 | 001,644,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c5572a7e44449de16eb4e7db6b7b5b82\Kies.Locale.ni.dll
MOD - [2013.04.29 00:06:45 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2cbf81c1b1b5e7bd6a4758bd057e2d4c\Kies.MVVM.ni.dll
MOD - [2013.02.15 09:01:25 | 002,035,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\744604b4a3bb3625de9541f0f81a3893\mcstore.ni.dll
MOD - [2013.02.15 08:39:03 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.01.10 04:30:40 | 000,107,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MCESidebarCtrl\04963ea62d2cf90bfc1225bf11f11e59\MCESidebarCtrl.ni.dll
MOD - [2013.01.10 04:30:20 | 000,705,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\e26eca09671bb3080b96ef36cc2e11ba\Microsoft.MediaCenter.Sports.ni.dll
MOD - [2013.01.10 04:30:18 | 000,849,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7c6a11cf74acbfe5c8c8d654c7cadf45\Microsoft.MediaCenter.Shell.ni.dll
MOD - [2013.01.10 04:30:13 | 000,364,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\b8e516ed0f2c0bee78580ac0a758d7b3\mcstoredb.ni.dll
MOD - [2013.01.10 04:30:11 | 003,328,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mcepg\1355556186a0cfcef21dadab36b38355\mcepg.ni.dll
MOD - [2013.01.10 04:30:01 | 000,442,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\454ecc5a1795270b2dbe55bfe3dd87be\ehiProxy.ni.dll
MOD - [2013.01.10 04:29:41 | 000,621,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\c575fae8f07583615f50ca8058271a01\BDATunePIA.ni.dll
MOD - [2013.01.10 04:26:17 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 04:26:03 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.10 04:12:03 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 04:10:57 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll
MOD - [2013.01.10 04:10:56 | 000,043,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll
MOD - [2013.01.10 04:10:47 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013.01.10 04:10:47 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013.01.10 04:10:46 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013.01.10 04:10:39 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll
MOD - [2013.01.10 04:10:35 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll
MOD - [2013.01.10 04:10:06 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 04:09:58 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.10 04:06:49 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.10 04:06:43 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
MOD - [2013.01.10 04:06:41 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.10 04:06:34 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2012.01.10 21:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010.11.20 14:32:22 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
MOD - [2010.11.20 14:32:20 | 000,238,080 | ---- | M] () -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll


========== Services (SafeList) ==========

SRV - [2013.06.14 20:16:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.18 12:09:20 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2013.04.03 18:50:07 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.03 18:49:43 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.12 23:07:41 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.12 16:58:46 | 001,512,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.03.02 18:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012.03.02 18:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2013.04.18 12:09:20 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013.04.03 18:50:14 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.03 18:50:14 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.03 18:50:14 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.04.03 09:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.04.03 09:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.08.27 16:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.09.17 19:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 01 03 0E 00 00 00 10 10 A5 4E 01 00 00 80 06 00 01 03 00 00 00 00 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA FB 1C 24 BE 6F CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3429DCF8-2E05-4F05-9E00-8DB84B029966}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{3DBF875E-4FF3-4D83-BDB3-DAC006F4B54F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=5952b846-c552-4595-8370-37d3d745a435&apn_sauid=ED822FF7-A54D-4EDB-BF07-9381793A6063
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B9D93659-926E-40AE-AB30-0DF0288144D4}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.12 23:07:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.08.01 11:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Extensions
[2013.06.22 13:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\0kuikzuv.default\extensions
[2013.01.12 23:07:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.06.01 00:33:13 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
File not found (No name found) -- C:\USERS\LENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0KUIKZUV.DEFAULT\EXTENSIONS\FFXTLBRA@SOFTONIC.COM
File not found (No name found) -- C:\USERS\LENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0KUIKZUV.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2013.01.12 23:07:41 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AllShareAgent] C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [EPSON SX420W Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON195F4F (Epson Stylus SX420W)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25F1D8AB-5D61-4CA0-B9C9-3BF9B3B3A062}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "services" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.06.01 00:37:09 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\TuneUp Software
[2013.06.01 00:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.06.01 00:34:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.06.01 00:34:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.06.01 00:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.06.01 00:33:06 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\DVDVideoSoft
[2013.06.01 00:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.06.01 00:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

========== Files - Modified Within 30 Days ==========

[2013.06.22 14:45:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.22 14:45:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.22 14:40:45 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.22 14:37:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.22 14:37:31 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.22 14:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.22 13:29:00 | 000,000,579 | ---- | M] () -- C:\Users\Lena\Desktop\OTL - Verknüpfung.lnk
[2013.06.22 13:21:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.22 13:15:55 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.22 13:15:55 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.22 13:15:55 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.22 13:15:55 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.22 13:14:44 | 000,000,662 | ---- | M] () -- C:\Users\Lena\Desktop\adwcleaner2303 - Verknüpfung.lnk
[2013.06.01 00:33:22 | 000,001,364 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2013.06.01 00:33:22 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013.05.24 00:02:50 | 000,294,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.23 19:28:36 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Files Created - No Company Name ==========

[2013.06.22 13:29:00 | 000,000,579 | ---- | C] () -- C:\Users\Lena\Desktop\OTL - Verknüpfung.lnk
[2013.06.22 13:14:44 | 000,000,662 | ---- | C] () -- C:\Users\Lena\Desktop\adwcleaner2303 - Verknüpfung.lnk
[2013.06.01 00:33:22 | 000,001,364 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2013.06.01 00:33:22 | 000,001,205 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013.05.23 19:28:36 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.28 21:15:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.04.28 21:15:55 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012.11.27 18:52:54 | 000,027,136 | ---- | C] () -- C:\Windows\System32\qtuninst.dll
[2012.11.27 18:49:03 | 000,000,035 | ---- | C] () -- C:\Windows\simgrim2.INI
[2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.10.29 07:30:23 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.09.30 14:11:32 | 000,004,608 | ---- | C] () -- C:\Users\Lena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.29 13:20:55 | 000,021,494 | ---- | C] () -- C:\Users\Lena\0x0409.ini
[2012.09.29 13:20:55 | 000,003,584 | ---- | C] () -- C:\Users\Lena\1033.MST
[2012.09.29 13:20:48 | 093,976,064 | ---- | C] () -- C:\Users\Lena\Samsung Kies.msi
[2012.08.28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.08.28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.08.28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.08.28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.08.01 10:04:10 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2012.08.01 10:04:08 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2012.08.01 09:57:43 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012.06.10 12:40:02 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.04.29 21:44:25 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012.01.10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.10 21:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.01.10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.06.01 00:33:46 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\DVDVideoSoft
[2012.08.01 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\OpenOffice.org
[2013.01.09 13:56:51 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\Samsung
[2013.06.01 00:37:09 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012.04.29 22:25:48 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR
[2012.08.03 00:06:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.04.29 21:44:41 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q
[2012.08.02 17:21:52 | 000,000,000 | ---D | M] -- C:\3f456371c6ab08375ec8b1e047a6751a
[2013.01.09 13:56:46 | 000,000,000 | ---D | M] -- C:\AllShare
[2010.06.25 17:12:15 | 000,000,000 | ---D | M] -- C:\bb969bb87ff7862ed59d9ae1
[2011.05.03 00:07:57 | 000,000,000 | ---D | M] -- C:\coktel
[2013.06.19 20:18:14 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.08.01 11:36:14 | 000,000,000 | ---D | M] -- C:\Digitale Schultasche
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.06.17 18:51:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.01.10 04:27:27 | 000,000,000 | ---D | M] -- C:\Download
[2012.11.27 18:49:03 | 000,000,000 | ---D | M] -- C:\europamm
[2010.04.22 14:42:22 | 000,000,000 | ---D | M] -- C:\Intel
[2012.08.02 17:24:37 | 000,000,000 | ---D | M] -- C:\Medion
[2010.04.23 12:51:02 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.02.02 21:51:21 | 000,000,000 | ---D | M] -- C:\output
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.06.22 13:15:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.06.22 13:15:48 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.06.17 18:51:28 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.04.29 21:51:16 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010.08.18 21:52:21 | 000,000,000 | ---D | M] -- C:\Sounds
[2013.06.22 14:46:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.09.30 13:37:34 | 000,000,000 | ---D | M] -- C:\Temp
[2011.12.28 17:55:06 | 000,000,000 | ---D | M] -- C:\Terzio
[2012.08.03 00:06:09 | 000,000,000 | R--D | M] -- C:\Users
[2013.06.01 00:34:39 | 000,000,000 | ---D | M] -- C:\Windows
[2012.04.22 11:38:47 | 000,000,000 | ---D | M] -- C:\Windows.old
[2012.04.22 14:35:26 | 000,000,000 | ---D | M] -- C:\Windows.old.000
[2011.12.04 15:04:50 | 000,000,000 | ---D | M] -- C:\_C

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %windir%\installer\*. /5 >

< %localappdata%\*. /5 >
[2013.06.22 14:43:30 | 000,000,000 | ---D | M] -- C:\Users\Lena\AppData\Local\Temp

< End of report >






ESSET:


C:\Users\Lena\AppData\Local\Temp\FreeTwitTube-S-Setup_Suite1.exe Win32/Adware.Yontoo application
C:\Windows.old\Program Files\Bandoo\Plugins\AIM\AIMPlugin.dll a variant of Win32/Adware.Bandoo.AA application
C:\Windows.old\Program Files\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Windows.old\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\Lena\Anwendungsdaten\Mozilla\Firefox\Profiles\f1svenvg.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\searchqutb.js Win32/Adware.Bandoo application
C:\Windows.old\Users\Lena\Anwendungsdaten\Mozilla\Firefox\Profiles\f1svenvg.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.htm Win32/Adware.Bandoo application
C:\Windows.old\Users\Lena\Anwendungsdaten\Mozilla\Firefox\Profiles\f1svenvg.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.xul Win32/Adware.Bandoo application
C:\Windows.old\Users\Lena\AppData\Local\Temp\YontooFFClient.xpi Win32/Adware.Yontoo application
C:\Windows.old\Users\Lena\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Windows.old\Users\Lena\AppData\Local\Temp\YontooLayers.crx multiple threats
C:\Windows.old\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\f1svenvg.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\searchqutb.js Win32/Adware.Bandoo application
C:\Windows.old\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\f1svenvg.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.htm Win32/Adware.Bandoo application
C:\Windows.old\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\f1svenvg.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.xul Win32/Adware.Bandoo application
C:\Windows.old\Users\Lena\Lokale Einstellungen\Temp\YontooFFClient.xpi Win32/Adware.Yontoo application
C:\Windows.old\Users\Lena\Lokale Einstellungen\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Windows.old\Users\Lena\Lokale Einstellungen\Temp\YontooLayers.crx multiple threats
D:\LENA-PC\Backup Set 2012-01-29 190005\Backup Files 2012-01-29 190005\Backup files 7.zip Win32/Adware.Bandoo application
D:\LENA-PC\Backup Set 2012-01-29 190005\Backup Files 2012-02-05 190003\Backup files 2.zip HTML/ScrInject.B.Gen virus







Aviria Ereignisse:

C:\Users\Lena\AppData\Local\Temp\FreeTwitTube-S-Setup_Suite1.exe Win32/Adware.Yontoo application
C:\Windows.old\Program Files\Bandoo\Plugins\AIM\AIMPlugin.dll a variant of Win32/Adware.Bandoo.AA application
C:\Windows.old\Program Files\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Windows.old\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows.old\Users\Lena\Anwendungsdaten\Mozilla\Firefox\Profiles\f1svenvg.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\searchqutb.js Win32/Adware.Bandoo application
C:\Windows.old\Users\Lena\Anwendungsdaten\Mozilla\Firefox\Profiles\f1svenvg.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.htm Win32/Adware.Bandoo application
C:\Windows.old\Users\Lena\Anwendungsdaten\Mozilla\Firefox\Profiles\f1svenvg.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.xul Win32/Adware.Bandoo application
C:\Windows.old\Users\Lena\AppData\Local\Temp\YontooFFClient.xpi Win32/Adware.Yontoo application
C:\Windows.old\Users\Lena\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Windows.old\Users\Lena\AppData\Local\Temp\YontooLayers.crx multiple threats
C:\Windows.old\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\f1svenvg.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\searchqutb.js Win32/Adware.Bandoo application
C:\Windows.old\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\f1svenvg.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.htm Win32/Adware.Bandoo application
C:\Windows.old\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\f1svenvg.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.xul Win32/Adware.Bandoo application
C:\Windows.old\Users\Lena\Lokale Einstellungen\Temp\YontooFFClient.xpi Win32/Adware.Yontoo application
C:\Windows.old\Users\Lena\Lokale Einstellungen\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Windows.old\Users\Lena\Lokale Einstellungen\Temp\YontooLayers.crx multiple threats
D:\LENA-PC\Backup Set 2012-01-29 190005\Backup Files 2012-01-29 190005\Backup files 7.zip Win32/Adware.Bandoo application
D:\LENA-PC\Backup Set 2012-01-29 190005\Backup Files 2012-02-05 190003\Backup files 2.zip HTML/ScrInject.B.Gen virus


Wäre echt super wenn ihr mir weiterhelfen könntet!!!

LG Lilolcheb

Alt 23.06.2013, 08:23   #2
schrauber
/// the machine
/// TB-Ausbilder
 
pup.offerbundler.st - Standard

pup.offerbundler.st


Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Antwort

Themen zu pup.offerbundler.st
adobe, autorun, avg, bandoo, bho, bingbar, defender, desktop, firefox, flash player, home, html/scrinject.b.gen, launch, logfile, opera, plug-in, programme, registry, rundll, security, software, super, tarma, win32/adware.bandoo, win32/adware.bandoo.aa, win32/adware.yontoo, win32/adware.yontoo.a, win32/adware.yontoo.b


« verschlüsselte Bilder | Das angegebene Modul wurde nicht gefunden »


Ähnliche Themen: pup.offerbundler.st


  1. Vista-Befall mit Trojan:Win32\Necurs.A und PUP.OfferBundler.ST
    Log-Analyse und Auswertung - 02.02.2014 (12)
  2. PUP.OfferBundler.ST
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (6)
  3. GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden
    Log-Analyse und Auswertung - 12.02.2013 (29)
  4. PUP.OfferBundler.ST 2x Dateiinfizierung
    Log-Analyse und Auswertung - 28.01.2013 (13)
  5. pup.offerbundler.st
    Plagegeister aller Art und deren Bekämpfung - 07.01.2013 (2)
  6. PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (2)
  7. pup.offerbundler.st
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (7)
  8. Spam-Mails aus Outlook - PUP.OfferBundler.ST
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (16)
  9. Pup.offerbundler.st und pup.bundlerinstaller.bi mit Malwarebytes Anti-Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (9)
  10. Adware.InstallCore und PUP.OfferBundler.ST
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (8)
  11. PUP.OfferBundler Win 7 AVG Business 2012
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  12. von MBAM entdeckt: PUP.OfferBundler.ST + PUP.RemoveWGA
    Log-Analyse und Auswertung - 15.10.2012 (3)
  13. Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (48)
  14. PUP.OfferBundler.ST googlelinks werden umgeleitet.
    Log-Analyse und Auswertung - 06.09.2012 (7)
  15. PUP.OfferBundler.ST - Fund und verlorene Admin-Rechte
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (1)
  16. PUP.OfferBundler.ST gefunden, was nun?
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (5)
  17. Malwarebytes Fund - PUP.OfferBundler.ST
    Log-Analyse und Auswertung - 02.06.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema pup.offerbundler.st - Hallo ihr Lieben, ich hatte einen Scan ,mit Malebytes und Aviria gemacht und dabei kam heraus, dass ich mir einen PUP-Offerbundler.st eingefangen habe. daraufhin hab ich die Anleitung von http://www.trojaner-board.de/127438-...undler-st.html - pup.offerbundler.st...
Archiv
Du betrachtest: pup.offerbundler.st auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131