Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.12.2012, 15:37   #1
Kolbenfresse
 
PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden - Standard

PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden



MBAM hat eine mit pup.offerbundler.st infizierte Datei gefunden:
SoftonicDownloader_fuer_teachmaster.exe.
Was ist zu tun?
Fundort ist der Download-Ordner eines anderen Benutzers.
Ich weiß nicht ob die exe jemals ausgeführt wurde.
Reicht löschen?
Mein Virenscaner (avast) meldet bei dem file keine Infektion.
Meine firewall (comodo) hat bisher nichts Auffälliges gemeldet.
Hier im Board gab es einen ähnlichen Fall:
http://www.trojaner-board.de/127438-...undler-st.html
Dort sollte im Wesentlichen der adwcleaner.exe + OTL gestartet werden.

Was ich bisher gemacht habe:
- MBAM Scan, Log s.u.
- Defogger lief, Emulatoren wurden disabled
- OTL lief, Logs s.u.
- awdCleaner Suche, Log s.u.

Meine Hoffnung ist das es sich nur um Adware/ einen beknackten Downloader handelt, den ich einfach löschen kann.
Herzlichen Dank für Hinweise.

MBAM Log


Code:
ATTFilter
  MBAM Log
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.20.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Alexander :: johndoe [Administrator]

Schutz: Aktiviert

20.12.2012 15:10:21
mbam-log-2012-12-20 (15-38-05).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216753
Laufzeit: 26 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

(Ende)
         


OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.12.2012 16:13:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alexander\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,54 Mb Total Physical Memory | 268,27 Mb Available Physical Memory | 29,99% Memory free
2,00 Gb Paging File | 0,78 Gb Available in Paging File | 38,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 15,10 Gb Free Space | 27,01% Space Free | Partition Type: NTFS
Drive D: | 49,06 Gb Total Space | 48,90 Gb Free Space | 99,69% Space Free | Partition Type: NTFS
 
Computer Name: johndoe-PC | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.20 15:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012.11.08 00:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.29 13:54:57 | 003,556,416 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files\Hardcopy\hardcopy.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.07.05 14:56:39 | 000,037,440 | ---- | M] () -- C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.11.13 18:52:36 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
PRC - [2007.11.13 18:52:34 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PRC - [2007.02.15 10:07:15 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.10 00:40:34 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.02.06 02:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 04:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 03:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007.01.18 01:34:22 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2006.12.29 00:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 07:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 01:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.01 06:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.10.18 09:32:10 | 002,915,840 | ---- | M] () -- C:\Program Files\Hardcopy\HcDllS.dll
MOD - [2012.07.30 09:27:59 | 000,116,800 | ---- | M] () -- C:\Program Files\Hardcopy\HcDLL2_38_Win32.dll
MOD - [2012.07.05 14:56:39 | 000,037,440 | ---- | M] () -- C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2012.07.05 14:56:24 | 000,052,800 | ---- | M] () -- C:\Program Files\Hardcopy\hardcopy_05.dll
MOD - [2007.08.08 18:15:02 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.3\program\libxml2.dll
MOD - [2007.02.02 08:01:29 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.02.06 02:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 00:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2006.11.01 06:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys -- (lvupdtio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.03 16:14:26 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012.11.08 00:37:45 | 000,082,952 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2012.11.08 00:37:44 | 000,042,264 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012.11.08 00:37:43 | 000,494,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007.04.19 11:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007.03.01 02:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.02 08:09:39 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007.01.02 23:37:48 | 000,011,120 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\P4G\WCPU.sys -- (WCPU)
DRV - [2006.12.14 16:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.16 03:02:19 | 000,015,216 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.11.14 20:42:45 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.06 11:01:19 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2005.08.02 00:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2577628352-88088191-2881774834-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-2577628352-88088191-2881774834-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com
IE - HKU\S-1-5-21-2577628352-88088191-2881774834-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2577628352-88088191-2881774834-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: s.alfa%40idev.com:1.02
FF - prefs.js..extensions.enabledAddons: john%40velvetcache.org:1.3.7
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: %7B8b86149f-01fb-4842-9dd8-4d7eb02fd055%7D:0.24
FF - prefs.js..extensions.enabledAddons: %7B29852C08-1E91-4889-A6BF-C77F91D6A8F3%7D:2.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 2.3\program [2008.01.13 12:54:01 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.03 15:04:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.03 15:25:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.19 04:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.13 19:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.12.01 21:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions
[2012.12.16 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\3znts76m.default\extensions
[2012.12.11 19:42:51 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\3znts76m.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2012.12.03 15:26:04 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\3znts76m.default\extensions\firefox@ghostery.com
[2012.12.03 15:25:57 | 000,017,677 | ---- | M] () (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\firefox\profiles\3znts76m.default\extensions\john@velvetcache.org.xpi
[2012.12.03 15:25:57 | 000,007,259 | ---- | M] () (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\firefox\profiles\3znts76m.default\extensions\s.alfa@idev.com.xpi
[2012.12.16 13:15:59 | 000,469,434 | ---- | M] () (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\firefox\profiles\3znts76m.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi
[2012.12.03 15:17:44 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\firefox\profiles\3znts76m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.03 12:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.03 15:25:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.12 11:41:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.12.03 15:25:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.03 15:25:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.03 15:25:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.03 15:25:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.03 15:25:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.03 15:25:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.11 15:20:42 | 000,597,071 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost #[IPv6]
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  abcstats.com
O1 - Hosts: 127.0.0.1  a.abv.bg
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  ca.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  aconti.net
O1 - Hosts: 127.0.0.1  secure.aconti.net
O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1  csh.actiondesk.com
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ads.activepower.net
O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  cms.ad2click.nl
O1 - Hosts: 15995 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2577628352-88088191-2881774834-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-2577628352-88088191-2881774834-1001..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64820102-F98E-473E-80E6-BDAD7B619BB0}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.20 15:53:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2012.12.20 14:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.12.20 14:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.20 14:49:41 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2012.12.20 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012.12.20 14:20:24 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2012.12.20 14:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.20 14:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.20 14:19:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.20 14:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.20 14:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
[2012.12.20 14:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCleaner
[2012.12.20 10:02:24 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Thunderbird
[2012.12.20 10:02:24 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Thunderbird
[2012.12.19 10:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Process1523Explorer
[2012.12.17 23:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.12.17 23:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.16 14:15:00 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Audacity
[2012.12.16 12:23:35 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\vlc
[2012.12.16 12:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WAV To MP3
[2012.12.16 12:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\WAV To MP3
[2012.12.08 12:20:32 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\101MSDCF
[2012.12.04 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\TrueCrypt
[2012.12.04 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Macromedia
[2012.12.04 16:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.12.03 17:48:27 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Mindjet
[2012.12.03 17:39:47 | 000,005,632 | ---- | C] (Tracker Software) -- C:\Windows\System32\pxc25pm.dll
[2012.12.03 17:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3
[2012.12.03 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Eigene Maps
[2012.12.03 17:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet MindManager 9
[2012.12.03 17:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet
[2012.12.03 17:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mindjet
[2012.12.03 17:21:14 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{D2B93B31-A725-4060-A0DF-B0D80DE9FB10}
[2012.12.03 17:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\bin
[2012.12.03 16:57:48 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hardcopy - Bildschirmausdruck
[2012.12.03 16:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hardcopy
[2012.12.03 16:48:32 | 001,707,520 | ---- | C] (www.sw4you.de Siegfried Weckmann) -- C:\Windows\SwSetupu.exe
[2012.12.03 16:44:46 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
[2012.12.03 16:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\totalcmd
[2012.12.03 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\GHISLER
[2012.12.03 16:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.12.03 16:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.12.03 16:14:45 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012.12.03 16:14:26 | 000,231,760 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012.12.03 16:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012.12.03 16:07:08 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.12.03 16:05:37 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\IrfanView
[2012.12.03 16:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012.12.03 15:50:03 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\OpenOffice.org2
[2012.12.03 15:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2012.12.03 15:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012.12.03 15:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012.12.03 15:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.12.03 15:06:07 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.12.03 15:06:06 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.12.03 15:06:01 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.12.03 15:06:00 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.12.03 15:05:58 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.12.03 15:05:56 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.12.03 15:04:19 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.12.03 15:04:18 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.12.03 15:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.12.03 15:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.12.03 14:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.03 14:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.03 14:38:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Ahead
[2012.12.03 12:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.12.03 11:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012.12.03 11:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012.12.01 21:57:25 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Adobe
[2012.12.01 21:54:33 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Mozilla
[2012.12.01 21:54:32 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Mozilla
[2012.12.01 21:53:33 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\ATI
[2012.12.01 21:53:33 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\ATI
[2012.12.01 21:51:53 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Toshiba
[2012.12.01 21:49:05 | 000,000,000 | R--D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.12.01 21:49:05 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Searches
[2012.12.01 21:49:05 | 000,000,000 | R--D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.12.01 21:48:40 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Identities
[2012.12.01 21:48:31 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Contacts
[2012.12.01 21:47:56 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\VirtualStore
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Vorlagen
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\AppData\Local\Verlauf
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\AppData\Local\Temporary Internet Files
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Startmenü
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\SendTo
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Recent
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Netzwerkumgebung
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Lokale Einstellungen
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Documents\Eigene Videos
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Documents\Eigene Musik
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Eigene Dateien
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Documents\Eigene Bilder
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Druckumgebung
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Cookies
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\AppData\Local\Anwendungsdaten
[2012.12.01 21:45:51 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Anwendungsdaten
[2012.12.01 21:45:47 | 000,000,000 | --SD | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft
[2012.12.01 21:45:47 | 000,000,000 | R--D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.12.01 21:45:47 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Links
[2012.12.01 21:45:47 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Favorites
[2012.12.01 21:45:47 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Downloads
[2012.12.01 21:45:47 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Documents
[2012.12.01 21:45:47 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Desktop
[2012.12.01 21:45:47 | 000,000,000 | R--D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.12.01 21:45:47 | 000,000,000 | -H-D | C] -- C:\Users\Alexander\AppData
[2012.12.01 21:45:47 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Temp
[2012.12.01 21:45:47 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Microsoft
[2012.12.01 21:45:47 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Media Center Programs
[2012.12.01 21:45:47 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Macromedia
[2012.12.01 21:45:46 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Videos
[2012.12.01 21:45:46 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Saved Games
[2012.12.01 21:45:46 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Pictures
[2012.12.01 21:45:46 | 000,000,000 | R--D | C] -- C:\Users\Alexander\Music
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.20 16:47:50 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.20 16:34:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 16:34:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 16:05:43 | 000,000,000 | ---- | M] () -- C:\Users\Alexander\defogger_reenable
[2012.12.20 15:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2012.12.20 15:52:52 | 000,050,477 | ---- | M] () -- C:\Users\Alexander\Desktop\Defogger.exe
[2012.12.20 15:17:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.20 14:52:59 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.12.20 14:51:03 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.20 14:46:41 | 000,000,667 | ---- | M] () -- C:\Users\Alexander\Desktop\EasyCleaner.lnk
[2012.12.20 14:38:10 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.20 14:34:20 | 938,762,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.20 14:31:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.12.20 14:25:51 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.20 08:02:54 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.12.19 20:25:51 | 000,000,134 | ---- | M] () -- C:\Users\Alexander\Desktop\Sichern und Wiederherstellen - Verknüpfung.lnk
[2012.12.19 11:32:56 | 000,001,717 | ---- | M] () -- C:\Users\Alexander\Desktop\Windows Defender.lnk
[2012.12.19 10:59:33 | 000,000,881 | ---- | M] () -- C:\Users\Alexander\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.19 10:38:32 | 000,000,696 | ---- | M] () -- C:\Users\Alexander\Desktop\cmd.exe - Verknüpfung.lnk
[2012.12.18 20:12:50 | 000,000,517 | ---- | M] () -- C:\Users\Alexander\Desktop\Verwaltung - Verknüpfung.lnk
[2012.12.18 20:12:45 | 000,000,134 | ---- | M] () -- C:\Users\Alexander\Desktop\System - Verknüpfung.lnk
[2012.12.18 20:12:31 | 000,000,134 | ---- | M] () -- C:\Users\Alexander\Desktop\Programme und Funktionen - Verknüpfung.lnk
[2012.12.18 20:12:27 | 000,000,206 | ---- | M] () -- C:\Users\Alexander\Desktop\Sicherheitscenter - Verknüpfung.lnk
[2012.12.18 20:10:23 | 000,000,134 | ---- | M] () -- C:\Users\Alexander\Desktop\Geräte-Manager - Verknüpfung.lnk
[2012.12.18 20:05:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.18 19:57:23 | 108,738,842 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.17 14:19:19 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.17 14:19:19 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.17 14:19:19 | 000,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.17 14:19:19 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.16 15:34:55 | 002,682,126 | ---- | M] () -- C:\Users\Alexander\Desktop\teil 1 tief.mp3
[2012.12.12 23:58:33 | 000,712,097 | ---- | M] () -- C:\Users\Alexander\Documents\Bohrerschleifen.pdf
[2012.12.12 23:58:08 | 000,776,035 | ---- | M] () -- C:\Users\Alexander\Documents\Universalschleifmaschine.pdf
[2012.12.12 23:56:55 | 000,692,646 | ---- | M] () -- C:\Users\Alexander\Documents\Universalschleifmaschine2.pdf
[2012.12.12 23:55:07 | 000,594,748 | ---- | M] () -- C:\Users\Alexander\Documents\Mechanikertricks.pdf
[2012.12.12 16:12:47 | 000,384,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.12 14:45:05 | 000,008,226 | ---- | M] () -- C:\Users\Alexander\Documents\Wunschliste Werkzeug.odt
[2012.12.11 15:20:42 | 000,597,071 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2012.12.08 12:36:05 | 000,005,632 | ---- | M] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.06 22:46:16 | 000,287,636 | ---- | M] () -- C:\Users\Alexander\Documents\holzis_handbuch.pdf
[2012.12.04 14:08:46 | 000,000,366 | ---- | M] () -- C:\Users\Alexander\Desktop\Download.lnk
[2012.12.03 16:57:49 | 000,002,177 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
[2012.12.03 16:14:26 | 000,231,760 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012.12.03 15:51:07 | 000,001,047 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
[2012.12.03 15:01:02 | 000,066,486 | ---- | M] () -- C:\Users\Alexander\Documents\cc_20121203_150042.reg
[2012.11.27 20:34:20 | 035,520,810 | ---- | M] () -- C:\Users\Alexander\Desktop\Teil 4 tief.wav
[2012.11.27 17:02:26 | 035,053,682 | ---- | M] () -- C:\Users\Alexander\Desktop\Teil 3 tief.wav
[2012.11.27 16:29:32 | 032,327,686 | ---- | M] () -- C:\Users\Alexander\Desktop\Teil 2 tief.wav
[2012.11.27 15:49:18 | 029,558,674 | ---- | M] () -- C:\Users\Alexander\Desktop\teil 1 tief.wav
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.20 16:05:43 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\defogger_reenable
[2012.12.20 15:52:21 | 000,050,477 | ---- | C] () -- C:\Users\Alexander\Desktop\Defogger.exe
[2012.12.20 14:52:59 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.12.20 14:51:03 | 000,001,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.20 14:51:03 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.20 14:46:41 | 000,000,667 | ---- | C] () -- C:\Users\Alexander\Desktop\EasyCleaner.lnk
[2012.12.20 14:19:41 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.19 20:25:51 | 000,000,134 | ---- | C] () -- C:\Users\Alexander\Desktop\Sichern und Wiederherstellen - Verknüpfung.lnk
[2012.12.19 11:32:56 | 000,001,717 | ---- | C] () -- C:\Users\Alexander\Desktop\Windows Defender.lnk
[2012.12.19 10:59:33 | 000,000,881 | ---- | C] () -- C:\Users\Alexander\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.19 10:38:32 | 000,000,696 | ---- | C] () -- C:\Users\Alexander\Desktop\cmd.exe - Verknüpfung.lnk
[2012.12.18 20:12:50 | 000,000,517 | ---- | C] () -- C:\Users\Alexander\Desktop\Verwaltung - Verknüpfung.lnk
[2012.12.18 20:12:45 | 000,000,134 | ---- | C] () -- C:\Users\Alexander\Desktop\System - Verknüpfung.lnk
[2012.12.18 20:12:31 | 000,000,134 | ---- | C] () -- C:\Users\Alexander\Desktop\Programme und Funktionen - Verknüpfung.lnk
[2012.12.18 20:12:26 | 000,000,206 | ---- | C] () -- C:\Users\Alexander\Desktop\Sicherheitscenter - Verknüpfung.lnk
[2012.12.18 20:10:23 | 000,000,134 | ---- | C] () -- C:\Users\Alexander\Desktop\Geräte-Manager - Verknüpfung.lnk
[2012.12.18 19:57:23 | 108,738,842 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.16 15:33:27 | 002,682,126 | ---- | C] () -- C:\Users\Alexander\Desktop\teil 1 tief.mp3
[2012.12.16 14:28:37 | 029,558,674 | ---- | C] () -- C:\Users\Alexander\Desktop\teil 1 tief.wav
[2012.12.16 14:28:28 | 035,520,810 | ---- | C] () -- C:\Users\Alexander\Desktop\Teil 4 tief.wav
[2012.12.16 14:28:13 | 035,053,682 | ---- | C] () -- C:\Users\Alexander\Desktop\Teil 3 tief.wav
[2012.12.16 14:27:44 | 032,327,686 | ---- | C] () -- C:\Users\Alexander\Desktop\Teil 2 tief.wav
[2012.12.12 23:58:32 | 000,712,097 | ---- | C] () -- C:\Users\Alexander\Documents\Bohrerschleifen.pdf
[2012.12.12 23:58:08 | 000,776,035 | ---- | C] () -- C:\Users\Alexander\Documents\Universalschleifmaschine.pdf
[2012.12.12 23:56:55 | 000,692,646 | ---- | C] () -- C:\Users\Alexander\Documents\Universalschleifmaschine2.pdf
[2012.12.12 23:55:07 | 000,594,748 | ---- | C] () -- C:\Users\Alexander\Documents\Mechanikertricks.pdf
[2012.12.12 14:11:54 | 000,008,226 | ---- | C] () -- C:\Users\Alexander\Documents\Wunschliste Werkzeug.odt
[2012.12.08 12:34:40 | 000,005,632 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.06 22:46:14 | 000,287,636 | ---- | C] () -- C:\Users\Alexander\Documents\holzis_handbuch.pdf
[2012.12.04 14:08:46 | 000,000,366 | ---- | C] () -- C:\Users\Alexander\Desktop\Download.lnk
[2012.12.03 16:57:49 | 000,002,177 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
[2012.12.03 15:51:07 | 000,001,047 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
[2012.12.03 15:00:52 | 000,066,486 | ---- | C] () -- C:\Users\Alexander\Documents\cc_20121203_150042.reg
[2012.12.03 12:45:44 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.12.01 21:49:15 | 000,000,956 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.12.01 21:49:01 | 000,000,951 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.12.01 21:48:30 | 000,000,922 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2008.01.26 01:09:15 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.16 15:50:09 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Audacity
[2012.12.03 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\GHISLER
[2012.12.03 16:05:37 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\IrfanView
[2012.12.20 10:02:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Thunderbird
[2012.12.04 20:43:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TrueCrypt
[2011.01.09 22:10:50 | 000,000,000 | ---D | M] -- C:\Users\johndoe\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



OTL extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.12.2012 16:13:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alexander\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,54 Mb Total Physical Memory | 268,27 Mb Available Physical Memory | 29,99% Memory free
2,00 Gb Paging File | 0,78 Gb Available in Paging File | 38,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 15,10 Gb Free Space | 27,01% Space Free | Partition Type: NTFS
Drive D: | 49,06 Gb Total Space | 48,90 Gb Free Space | 99,69% Space Free | Partition Type: NTFS
 
Computer Name: johndoe-PC | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2577628352-88088191-2881774834-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{13729821-9A85-470D-8863-D9A0F48C0C5F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{AFEDFDFE-8A99-4E27-829A-EC8439B84E36}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05D67915-50EC-56C9-7148-552F8D205383}" = CCC Help German
"{08C69626-1E29-7EE2-E122-D475D7BAAF0B}" = Catalyst Control Center Localization Hungarian
"{09E9F3B1-2965-3D8B-F624-2F44D99B53B0}" = Catalyst Control Center Graphics Light
"{0E4E7AB0-6FFB-4C76-FD74-810DE985D518}" = Catalyst Control Center Localization Greek
"{10D3701B-1463-0C2F-748E-3E03FADEB711}" = Catalyst Control Center Localization Norwegian
"{117FBA8C-9325-4BCD-B19A-0BF21EA9A374}" = Catalyst Control Center Localization Spanish
"{122321B4-A450-0052-CAD8-B419C0EAD392}" = CCC Help Spanish
"{1606E90F-5327-EE07-9137-C518BF3DFFCE}" = Catalyst Control Center Localization Swedish
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{196BC239-53AB-615F-9B0D-FD2D61D31A58}" = Catalyst Control Center Localization Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2D06A54D-6FA7-62F1-E824-E0109C069D8E}" = CCC Help Russian
"{2EBC713F-3022-A21B-6266-376ED7C43C07}" = CCC Help French
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3969961F-4B9A-DEB9-BC69-F0348E527DEA}" = Catalyst Control Center Localization Chinese Standard
"{39EAC702-D866-AA54-97C6-13E8AAAC2219}" = CCC Help Hungarian
"{3CE73C5D-D8F0-D6D0-E5AB-39A798BF4571}" = Skins
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{46663439-F39E-BF21-673C-19A035F9C708}" = Catalyst Control Center Localization Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C4A9592-2854-E201-F7A9-2AE77AB35E37}" = CCC Help Portuguese
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.0
"{5A74F5DD-CD86-FE24-C8D3-9850F43FD42D}" = CCC Help Czech
"{5BD877FE-9E11-D996-DEDB-ABAF4A251C39}" = CCC Help Chinese Standard
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6153EBDC-A52B-6B24-4A3C-5CC8F85BE0DF}" = Catalyst Control Center Graphics Full New
"{6173A4FC-D42D-69A6-52CA-A30496389760}" = ccc-core-static
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{661EA4BC-FF51-FE25-7E59-D8BA41170189}" = Catalyst Control Center Localization Chinese Traditional
"{67645155-2149-7ED9-003E-92BFB7EA262A}" = Catalyst Control Center Localization Portuguese
"{6773963F-6FF0-4A21-97C8-8DFF0EBCECAE}" = OpenOffice.org 2.3
"{68AB9F5B-85BA-1A49-F5B9-103C172A90F6}" = Catalyst Control Center Localization Korean
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{740323AF-4EFD-EB99-8632-6B5AA9D53411}" = Catalyst Control Center Localization Dutch
"{7D5F5F2C-B978-2AD9-B54D-BC9006C35333}" = CCC Help Japanese
"{7D6E6E66-8B3D-42C2-DE13-E3F0C6A178D9}" = CCC Help Korean
"{7DFBD5A5-F88B-ED78-E5FD-FB994138BB25}" = ccc-utility
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{893EFD7C-B705-892C-E6E0-49BFB6C621BC}" = Catalyst Control Center Localization Russian
"{8B8FC6A3-3467-5786-657E-6893DDA7F52D}" = CCC Help Swedish
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A70075D-6071-4704-EAF6-6DEB51CB777B}" = Catalyst Control Center Localization Finnish
"{9D513AEB-187D-C020-317A-5804F781CC95}" = CCC Help Chinese Traditional
"{9D88CAFF-7CB3-916A-0A1F-5E0DB4ECD073}" = Catalyst Control Center Localization Danish
"{9EE7095B-F74E-4DC9-FAF7-75C940A1C3E9}" = Catalyst Control Center Localization French
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A315B77A-24C5-95D9-9325-61C98FBB7C53}" = Catalyst Control Center Localization German
"{A480B428-5A5E-8D8F-6D8E-2CCBFF6029FA}" = CCC Help Norwegian
"{A7AF2BC7-FCFB-03CB-DA36-5E9D44A53091}" = CCC Help Turkish
"{A8FD0C55-0D21-89F3-57E9-1E22235765B3}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5DCE5D7-6FDD-D5C2-C6B7-14E264E695C9}" = Catalyst Control Center Core Implementation
"{B5FE6702-0B5F-6866-7FD2-A7B28BCAB15B}" = Catalyst Control Center Localization Japanese
"{B89BD504-63FF-03DC-5B8B-CEBCEBF2B08D}" = CCC Help English
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C263E891-CA9F-7CE4-B31D-6A100D5D2F3C}" = CCC Help Polish
"{C4693D41-87C5-A2E0-00AB-5E0A0A205E9E}" = CCC Help Italian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DCC7315A-F551-0778-AFC1-C19D853E0AFA}" = Catalyst Control Center Localization Turkish
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6D07CB-BA1B-60D3-8D51-69A5775AC7D9}" = CCC Help Thai
"{E26DD81D-91CF-7348-65E2-5AC16E14612B}" = Catalyst Control Center Localization Polish
"{E33E9943-2679-C829-5E9E-4D981A1C264C}" = CCC Help Danish
"{E62381A7-B1C1-4121-8262-84D38C77786C}" = COMODO Internet Security
"{E7F0262E-84B8-9EBE-D6FD-E3865FCDB0EB}" = Catalyst Control Center Localization Italian
"{EC3636D4-4FC7-4C0C-B16B-FA64C2020FF4}" = Mindjet MindManager 9
"{ED8C5498-6C39-92E6-B17F-414BF1722E42}" = Catalyst Control Center Graphics Previews Vista
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F173C327-FAA5-D463-2CBD-A4818C7EDC8C}" = Catalyst Control Center Graphics Full Existing
"{F49109F4-EA87-B982-8A66-CCD32C6FC8AF}" = CCC Help Greek
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F5AB638D-91F6-6517-9872-BE6996E06AF6}" = CCC Help Dutch
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Uninstaller" = ATI Uninstaller
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"COGPACK-DEMO" = COGPACK-DEMO
"Hardcopy" = Hardcopy
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"PDF-XChange 3_is1" = PDF-XChange 3
"SB_ClipboardPath" = ClipboardPath
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.4
"WAV To MP3_is1" = WAV To MP3 V2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2010 13:57:32 | Computer Name = johndoe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 17:19:10 | Computer Name = johndoe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.08.2010 17:19:10 | Computer Name = johndoe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2010 08:44:37 | Computer Name = johndoe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2010 08:44:37 | Computer Name = johndoe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2010 16:30:20 | Computer Name = johndoe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2010 16:30:20 | Computer Name = johndoe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2010 17:05:47 | Computer Name = johndoe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2010 17:05:47 | Computer Name = johndoe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2010 17:33:17 | Computer Name = johndoe-PC | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 20.12.2012 04:57:56 | Computer Name = johndoe-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.111 für die Netzwerkkarte mit der Netzwerkadresse
 0015AF3F81A2 wurde durch den DHCP-Server 192.168.220.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 20.12.2012 04:58:38 | Computer Name = johndoe-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 20.12.2012 09:30:48 | Computer Name = johndoe-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.220.138 für die Netzwerkkarte mit der Netzwerkadresse
 0015AF3F81A2 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 20.12.2012 09:38:16 | Computer Name = johndoe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.12.2012 09:38:16 | Computer Name = johndoe-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.12.2012 09:38:16 | Computer Name = johndoe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.12.2012 09:52:15 | Computer Name = johndoe-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.12.2012 09:52:15 | Computer Name = johndoe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.12.2012 11:00:07 | Computer Name = johndoe-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.111 für die Netzwerkkarte mit der Netzwerkadresse
 0015AF3F81A2 wurde durch den DHCP-Server 192.168.220.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 20.12.2012 11:01:07 | Computer Name = johndoe-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.220.138 für die Netzwerkkarte mit der Netzwerkadresse
 0015AF3F81A2 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
 
< End of report >
         
--- --- ---


awdCleaner Such-Log:
Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 23/12/2012 um 16:45:36 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Alexander - johndoe-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alexander\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\g9ajbmx6.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3znts76m.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [930 octets] - [23/12/2012 16:45:36]

########## EOF - C:\AdwCleaner[R1].txt - [989 octets] ##########
         

Geändert von Kolbenfresse (23.12.2012 um 15:55 Uhr) Grund: weitere Logs erstellt

Alt 23.12.2012, 16:40   #2
Undertaker
/// Helfer-Team
 
PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden - Standard

PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden



Zitat:
Zitat von Kolbenfresse Beitrag anzeigen
MBAM hat eine mit pup.offerbundler.st infizierte Datei gefunden:
SoftonicDownloader_fuer_teachmaster.exe.
Was ist zu tun?
moin moin,
der Downloader ist Bestandteil der Firmenphilosophie von Softronic.

Schicke die Datei ins Nirvana und in Zukunft Finger weg von dieser Firma.
Die dort angebotenen legalen Downloads bekommst Du auch aus anderen Quellen.
Den Vokabeltrainer TeachMaster bekommst Du auch als Freeware direkt über die Homepage teachmaster.de

Undertaker
__________________

__________________

Alt 23.12.2012, 19:42   #3
Kolbenfresse
 
PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden - Standard

PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden



Danke für die schnelle, klare Info!
Wünsche ein paar schöne freie Tage.
Gruß, Kolbenfresser
__________________

Geändert von Kolbenfresse (23.12.2012 um 19:42 Uhr) Grund: Rechtschreibung...

Antwort

Themen zu PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden
7-zip, administrator, antivirus, application/pdf:, autorun, avast, awdcleaner, bho, defender, error, explorer, firefox, firewall, flash player, format, home, infizierte, install.exe, installation, internet browser, logfile, nvidia, programme und funktionen, pup.offerbundler.st, realtek, refresh, registrierungsdatenbank, registry, rundll, safer networking, security, senden, softonicdownloader_fuer_teachmaster.exe, software, tracker, udp, virenscaner, vista



Ähnliche Themen: PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden


  1. Windows 8 - 'TR/Inject.cdodsf' in 'C:\Users\Claudia\Downloads\COMPUTER_BILD-Download-Manager_fuer_setup.exe'
    Log-Analyse und Auswertung - 24.06.2015 (7)
  2. "TR/Dldr.Agent.1169920.4 in c:\windows\temp\db22.exe" & "ADWARE\InstallCore.771128 in c:\Users\Julian\Downloads\openal-2.0.7.0.exe"
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (9)
  3. C:\Users\Be\AppData\Local\Temp\OCS Virus gefunden?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (14)
  4. in Temp\OCS\Downloads\..... PUP.Optional.InstallIQ gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2013 (1)
  5. Win32/StartPage.OPH trojan in C:\Users\uli\Downloads\vlc-2.0.0-win32.exe
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (30)
  6. C:\Users\***\Downloads\chromeinstall-7u11.exe TR/zusy.21072.4
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (7)
  7. GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden
    Log-Analyse und Auswertung - 12.02.2013 (29)
  8. TR/Matsnu.EB.98 in C:\Users\marijke\Downloads\Daten_23.01.2013.zip
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (16)
  9. Trojan.Inject.MN in C:Users\ID\Downloads\Isi Fellnase.exe
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (13)
  10. Adware Agent in C:\Users\xxxxx\AppData\Local\Temp\814044.Uninstall\Uninstall.exe ;Adware.Agent in C:\Users\xxxxxx\Downloads\FLV
    Log-Analyse und Auswertung - 30.12.2012 (32)
  11. Pup.offerbundler.st und pup.bundlerinstaller.bi mit Malwarebytes Anti-Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (9)
  12. "PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe
    Log-Analyse und Auswertung - 29.09.2012 (13)
  13. TR/Dropper.VB.Gen in C:\Users\Julia\AppData\Roaming... gefunden
    Log-Analyse und Auswertung - 07.07.2012 (2)
  14. PUP.OfferBundler.ST gefunden, was nun?
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (5)
  15. Trojanisches Pferd - TR/Gendal.5743353.1 in C:\Users\***\Downloads\VideoConverter_Setup.exe
    Log-Analyse und Auswertung - 04.03.2012 (13)
  16. 'C:\Users\User\Downloads\sampkeys02.exe wurd BDS/IRCNite.aox gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (30)
  17. TR/Agent.LP.miv in C:\Users\***\Downloads\tvbrowser-2.7.5.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (5)

Zum Thema PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden - MBAM hat eine mit pup.offerbundler.st infizierte Datei gefunden: SoftonicDownloader_fuer_teachmaster.exe. Was ist zu tun? Fundort ist der Download-Ordner eines anderen Benutzers. Ich weiß nicht ob die exe jemals ausgeführt wurde. Reicht - PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden...
Archiv
Du betrachtest: PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.