Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 18.12.2012, 22:45   #1
myf125
 
Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean? - Standard

Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean?



Hallo,
hab auf meinem Windows7 Professional 64bit Malwarebytes laufen lassen,
nachdem immerwieder WLAN-Abbrüche kamen und ich heute ein sehr langsames System hatte.

Malwarebytes fand
Pub.Adware.Relevantknowledge
Pub.Bundleinstaller.SOL.
Nach verschieben in Quarantäne und Recherche bin ich auf euch gestoßen.
Jetzt ist natürlich die Frage, ob das System clean ist oder nicht.

Hab gleich ein Scan mit OTL gemacht:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.12.2012 22:08:00 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\mika\Downloads\trojaner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,71% Memory free
7,96 Gb Paging File | 6,18 Gb Available in Paging File | 77,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,09 Gb Total Space | 6,71 Gb Free Space | 5,73% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 310,65 Gb Free Space | 90,89% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 34,29 Gb Free Space | 35,11% Space Free | Partition Type: NTFS
Drive F: | 472,53 Gb Total Space | 183,08 Gb Free Space | 38,74% Space Free | Partition Type: NTFS
Drive G: | 292,97 Gb Total Space | 151,18 Gb Free Space | 51,60% Space Free | Partition Type: NTFS
Drive H: | 263,67 Gb Total Space | 114,42 Gb Free Space | 43,39% Space Free | Partition Type: NTFS
Drive I: | 277,21 Gb Total Space | 6,20 Gb Free Space | 2,24% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: mika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mika\Desktop\Defogger.exe ()
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe (ACD Systems)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Users\mika\Downloads\trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe ()
PRC - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe ()
PRC - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\mika\Desktop\Defogger.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05dbad5299910497c7b4951aa213f13a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f961fb1ec279c14554f5580a457ef542\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa143a722656801e18a200ec93f62015\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5a9b62aa4b4080c52d6fe5f41431b5f7\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudrs.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files (x86)\Vtune\TBMANAGE.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (uvnc_service) -- C:\Program Files\uvnc bvba\UltraVnc\winvnc.exe (UltraVNC)
SRV:64bit: - (lxdu_device) -- C:\Windows\SysNative\lxducoms.exe ( )
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SearchAnonymizer) -- C:\Users\mika\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Lexware_Datenbank_Plus) -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (lxdu_device) -- C:\Windows\SysWow64\lxducoms.exe ( )
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) Logitech Webcam C210(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (V0260VID) -- C:\Windows\SysNative\drivers\V0260Vid.sys (Creative Technology Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 11 4D 11 28 D3 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.18 01:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 22:34:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.25 22:28:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 22:34:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.28 21:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mika\AppData\Roaming\mozilla\Extensions
[2012.05.28 21:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mika\AppData\Roaming\mozilla\Extensions\support@ipernity.com
[2012.12.18 21:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mika\AppData\Roaming\mozilla\Firefox\Profiles\25ahgsuu.default\extensions
[2012.11.21 19:58:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mika\AppData\Roaming\mozilla\Firefox\Profiles\25ahgsuu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.14 01:14:40 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\mika\AppData\Roaming\mozilla\Firefox\Profiles\25ahgsuu.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.10.09 23:46:12 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\mika\AppData\Roaming\mozilla\Firefox\Profiles\25ahgsuu.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.10.09 23:46:12 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\mika\AppData\Roaming\mozilla\Firefox\Profiles\25ahgsuu.default\extensions\es-es@dictionaries.addons.mozilla.org
[2012.09.17 15:06:15 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\mika\AppData\Roaming\mozilla\Firefox\Profiles\25ahgsuu.default\extensions\ich@maltegoetz.de
[2012.12.10 20:39:58 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\mika\AppData\Roaming\mozilla\Firefox\Profiles\25ahgsuu.default\extensions\plugin@yontoo.com
[2012.12.06 22:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.06 22:33:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.12.06 22:34:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.08 00:32:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 20:13:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.08 00:32:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.08 00:32:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.08 00:32:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.08 00:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: D'Fusion @Home Web Plug-In (3.10.17859) (Enabled) = C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\mika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\mika\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Google Mail = C:\Users\mika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.06.10 10:58:17 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [lxduamon] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe ()
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\mika\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ACSW15DE] C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BirdieSync] C:\Program Files (x86)\BirdieSync\BirdieSync.exe -minimized File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{113737FF-2663-4716-A52B-EE235F427A98}: NameServer = 192.168.1.155
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22769FD5-5D9B-4570-9B24-D319B956DAC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ADB8AD4-FBDB-42A5-B901-D0FC8A65B784}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB71CB31-9E8C-460C-9319-A8414B761BFF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3e6e7f63-284a-11e2-9265-14dae9760e2b}\Shell - "" = AutoRun
O33 - MountPoints2\{3e6e7f63-284a-11e2-9265-14dae9760e2b}\Shell\AutoRun\command - "" = J:\pushinst.exe
O33 - MountPoints2\{c28f5689-17c2-11e2-ab99-14dae9760e2b}\Shell - "" = AutoRun
O33 - MountPoints2\{c28f5689-17c2-11e2-ab99-14dae9760e2b}\Shell\AutoRun\command - "" = J:\PdtStart.exe
O33 - MountPoints2\{cba3ef72-f9d8-11e1-a320-8d4864314619}\Shell - "" = AutoRun
O33 - MountPoints2\{cba3ef72-f9d8-11e1-a320-8d4864314619}\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.18 21:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.18 01:19:53 | 000,000,000 | ---D | C] -- C:\Users\mika\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.18 01:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.12.18 01:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.12.18 01:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.12.13 10:04:15 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2012.12.10 23:25:15 | 000,000,000 | -H-D | C] -- C:\Users\mika\Documents\Freemake_do_not_remove_this_folder
[2012.12.10 23:24:50 | 000,000,000 | ---D | C] -- C:\Users\mika\Documents\Freemake
[2012.12.10 23:24:49 | 000,000,000 | ---D | C] -- C:\Users\mika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012.12.10 23:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2012.12.10 23:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012.12.10 23:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2012.12.10 22:59:50 | 000,000,000 | ---D | C] -- C:\Users\mika\Documents\OurFreeware
[2012.12.10 22:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Your Free Video Converter
[2012.12.10 22:14:09 | 000,000,000 | ---D | C] -- C:\Users\mika\AppData\Roaming\MOVAVI
[2012.12.10 20:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2012.12.10 20:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2012.12.10 20:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.12.10 20:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.12.10 16:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.12.06 22:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.06 00:33:31 | 000,000,000 | ---D | C] -- C:\Users\mika\AppData\Roaming\onOne Software
[2012.12.06 00:30:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.12.06 00:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2012.12.06 00:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\onOne Software
[2012.12.05 23:11:11 | 000,000,000 | ---D | C] -- C:\Users\mika\Documents\Hafennebel_tiles
[2012.12.05 00:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
[2012.12.05 00:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\onOne Software
[2012.11.24 17:48:54 | 000,000,000 | ---D | C] -- C:\Users\mika\Documents\Electronic Arts
[2012.11.24 15:57:30 | 000,000,000 | ---D | C] -- C:\Users\mika\AppData\Roaming\Origin
[2012.11.24 15:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.11.24 15:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.11.24 15:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012.11.24 15:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.11.24 14:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012.11.24 14:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012.11.21 22:06:13 | 000,000,000 | ---D | C] -- C:\Users\mika\Desktop\Ant Test
[2012.11.20 00:14:34 | 000,000,000 | ---D | C] -- C:\Users\mika\Documents\Catalogs
[2012.11.20 00:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ant Movie Catalog
[2012.11.20 00:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Ant Movie Catalog
[2012.11.20 00:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ant Movie Catalog
[2012.08.13 21:52:40 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2012.08.13 21:52:40 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2012.08.13 21:52:40 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2012.08.13 21:52:40 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2012.08.13 21:52:40 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2012.08.13 21:52:40 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
[2012.08.13 21:52:40 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2012.08.13 21:52:40 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2012.08.13 21:52:40 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2012.08.13 21:52:40 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe
[2012.08.13 21:52:40 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2012.08.13 21:52:40 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.18 22:08:43 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.18 22:08:43 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.18 22:04:31 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.18 22:01:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.18 22:01:18 | 3207,315,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.18 21:52:31 | 000,000,000 | ---- | M] () -- C:\Users\mika\defogger_reenable
[2012.12.18 21:51:47 | 000,050,477 | ---- | M] () -- C:\Users\mika\Desktop\Defogger.exe
[2012.12.18 21:42:12 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 21:27:42 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.17 17:46:51 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.17 17:46:51 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.17 17:46:51 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.17 17:46:51 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.17 17:46:51 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.13 10:02:49 | 000,004,148 | ---- | M] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof
[2012.12.13 10:02:47 | 000,204,105 | ---- | M] () -- C:\Windows\SysNative\winrm.vbs
[2012.12.13 10:02:47 | 000,004,675 | ---- | M] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012.12.13 10:02:45 | 000,204,105 | ---- | M] () -- C:\Windows\SysWow64\winrm.vbs
[2012.12.13 10:02:45 | 000,004,675 | ---- | M] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012.12.13 03:22:45 | 004,844,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.12 23:44:58 | 000,002,384 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.10 16:45:00 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.12.10 16:32:59 | 000,020,798 | ---- | M] () -- C:\Users\mika\Documents\mika.kdbx
[2012.12.06 00:33:45 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Perfect Effects 4.lnk
[2012.12.05 23:11:14 | 000,001,660 | ---- | M] () -- C:\Users\mika\Documents\Hafennebel.xml
[2012.12.05 23:11:14 | 000,000,724 | ---- | M] () -- C:\Users\mika\Documents\Hafennebel.html
[2012.11.26 22:02:26 | 000,001,469 | ---- | M] () -- C:\Users\mika\Desktop\AMC-Updater (mika6.0).lnk
[2012.11.26 21:59:04 | 000,002,318 | ---- | M] () -- C:\Users\mika\Desktop\MyFilms Grabber Script Editor.lnk
[2012.11.26 21:59:04 | 000,002,271 | ---- | M] () -- C:\Users\mika\Desktop\MyFilms Setup.lnk
[2012.11.25 14:19:36 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2012.11.19 21:39:22 | 000,002,481 | ---- | M] () -- C:\Users\mika\Desktop\TightVNC Viewer.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.18 21:52:31 | 000,000,000 | ---- | C] () -- C:\Users\mika\defogger_reenable
[2012.12.18 21:51:46 | 000,050,477 | ---- | C] () -- C:\Users\mika\Desktop\Defogger.exe
[2012.12.18 21:26:39 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.13 10:00:39 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012.12.13 10:00:37 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012.12.13 10:00:30 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012.12.13 10:00:27 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof
[2012.12.13 10:00:22 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012.12.10 16:45:00 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.12.06 00:33:45 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Perfect Effects 4.lnk
[2012.12.05 23:11:11 | 000,001,660 | ---- | C] () -- C:\Users\mika\Documents\Hafennebel.xml
[2012.12.05 23:11:11 | 000,000,724 | ---- | C] () -- C:\Users\mika\Documents\Hafennebel.html
[2012.11.26 22:02:26 | 000,001,469 | ---- | C] () -- C:\Users\mika\Desktop\AMC-Updater (mika6.0).lnk
[2012.11.26 21:59:04 | 000,002,318 | ---- | C] () -- C:\Users\mika\Desktop\MyFilms Grabber Script Editor.lnk
[2012.11.26 21:59:04 | 000,002,271 | ---- | C] () -- C:\Users\mika\Desktop\MyFilms Setup.lnk
[2012.11.19 21:39:22 | 000,002,481 | ---- | C] () -- C:\Users\mika\Desktop\TightVNC Viewer.lnk
[2012.09.20 23:04:45 | 000,000,218 | ---- | C] () -- C:\Users\mika\AppData\Local\recently-used.xbel
[2012.08.13 21:53:24 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2012.08.13 21:53:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2012.08.13 21:53:24 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2012.08.13 21:52:40 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2012.08.13 21:52:40 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2012.08.09 00:45:00 | 000,007,607 | ---- | C] () -- C:\Users\mika\AppData\Local\Resmon.ResmonCfg
[2012.07.29 23:17:25 | 000,001,347 | ---- | C] () -- C:\Users\mika\AppData\Roaming\.ptbt0
[2012.06.27 19:29:41 | 000,000,158 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.06.01 22:52:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Leads
[2012.06.01 22:52:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Channel
[2012.06.01 19:40:52 | 000,097,792 | ---- | C] () -- C:\Windows\FunambolAddin.dll
[2012.04.25 21:38:01 | 000,000,076 | ---- | C] () -- C:\Windows\SysWow64\llbiirc.dll
[2012.04.07 00:22:30 | 000,000,498 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.03.27 22:07:57 | 000,053,084 | ---- | C] () -- C:\Users\mika\AppData\Roaming\Video.wmv
[2012.03.16 23:10:16 | 000,000,268 | RH-- | C] () -- C:\ProgramData\PDEs
[2012.03.16 23:10:16 | 000,000,268 | RH-- | C] () -- C:\Users\mika\AppData\Roaming\Noise Gate
[2012.03.16 22:57:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2012.03.14 01:24:36 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Basics
[2012.03.14 01:24:36 | 000,000,268 | RH-- | C] () -- C:\Users\mika\AppData\Roaming\Super Strings
[2012.03.14 01:24:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2012.03.14 01:24:36 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Calibrators
[2012.03.14 01:24:34 | 000,000,268 | RH-- | C] () -- C:\Users\mika\AppData\Roaming\SupportPrinters
[2012.03.14 01:16:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2012.03.02 21:38:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\People
[2012.03.02 21:38:20 | 000,000,268 | RH-- | C] () -- C:\Users\mika\AppData\Roaming\PDEs
[2012.03.02 21:37:45 | 000,000,268 | RH-- | C] () -- C:\Users\mika\AppData\Roaming\PPD Plugins
[2012.03.02 21:37:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Percussion Kit
[2012.03.02 21:37:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Pedal Hard
[2012.01.29 00:11:58 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.21 18:28:25 | 000,000,153 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.13 17:42:16 | 000,000,000 | -H-- | C] () -- C:\ProgramData\V93GE
[2012.01.13 15:22:22 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\daspi32u.dll
[2012.01.13 15:22:22 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\IO_PORT.DLL
[2012.01.13 15:22:22 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\FVC.DLL
[2012.01.13 15:22:22 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\SQ1394.DLL
[2012.01.13 15:22:22 | 000,010,624 | ---- | C] () -- C:\Windows\SysWow64\GENEUSB.SYS
[2012.01.13 15:22:22 | 000,010,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\GENEUSB.SYS
[2012.01.13 15:15:45 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.01.05 12:41:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.01.05 12:41:15 | 000,000,268 | RH-- | C] () -- C:\Users\mika\AppData\Roaming\Overdrive
[2012.01.05 12:41:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.01.05 12:41:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.01.04 03:16:09 | 000,016,731 | ---- | C] () -- C:\Windows\SysWow64\w3xdc.dll
[2012.01.02 20:53:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.02 20:52:56 | 000,026,828 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2011.02.21 22:17:34 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2010.07.05 13:37:06 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
[2005.11.11 11:43:28 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libssl32.dll
[2005.11.11 11:43:24 | 000,887,296 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2004.12.13 14:39:00 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\SDKDLL PS3650.dll
 
========== LOP Check ==========
 
[2012.11.18 20:59:41 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\ACD Systems
[2012.07.14 22:27:21 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\BirdieSync
[2012.03.26 20:41:56 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Canneverbe Limited
[2012.06.10 11:24:16 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.02.22 01:00:41 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\DesktopIconForAmazon
[2012.10.14 01:09:55 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Dropbox
[2012.12.18 01:20:39 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\DVDVideoSoft
[2012.12.18 01:19:54 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.03 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\DxO Labs
[2012.02.10 23:02:45 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\elsterformular
[2012.04.01 23:20:29 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1
[2012.01.31 20:53:10 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\FreePDF
[2012.08.29 07:50:12 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\HTC
[2012.08.29 07:50:22 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\HTC Sync
[2012.06.03 15:21:49 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\inkscape
[2012.05.28 21:20:32 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\ipernity
[2012.04.25 21:37:49 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\J River
[2012.08.08 20:58:50 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\jAlbum
[2012.12.10 16:37:54 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\KeePass
[2012.01.13 17:42:16 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\LaserSoft Imaging
[2012.08.13 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Lexmark Productivity Studio
[2012.01.24 10:16:01 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Lexware
[2012.03.22 23:39:17 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\LightZone
[2012.07.11 22:21:39 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\LRTimelapse
[2012.10.17 20:43:36 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\MAXON
[2012.09.30 22:56:32 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\MediaMonkey
[2012.03.04 19:40:26 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Mobipocket
[2012.12.10 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\MOVAVI
[2012.03.17 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Nikon
[2012.07.16 20:29:25 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Nokia
[2012.07.16 20:29:25 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Nokia Suite
[2012.02.22 01:00:38 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\OCS
[2012.12.06 00:34:04 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\onOne Software
[2012.01.02 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Opera
[2012.11.24 15:57:30 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Origin
[2012.11.17 22:15:05 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\PACE Anti-Piracy
[2012.12.05 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\PanoramaStudio2
[2012.07.29 23:37:44 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\PanoramaStudio2Pro
[2012.07.01 12:33:28 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\PC Suite
[2012.01.13 15:27:26 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\PIE
[2012.04.22 21:26:30 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Samsung
[2012.07.08 21:19:44 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.15 19:57:46 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\SteelBytes
[2012.03.13 00:05:09 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Stellarium
[2012.04.11 00:21:17 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\TeamViewer
[2012.04.25 22:34:37 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Thunderbird
[2012.11.18 17:59:34 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\TightVNC
[2012.12.18 00:29:38 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\TV-Browser
[2012.11.04 21:39:21 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\Xirrus
[2012.12.17 01:09:42 | 000,000,000 | ---D | M] -- C:\Users\mika\AppData\Roaming\XnView
[2012.12.04 15:06:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1191 bytes -> C:\ProgramData\Microsoft:FWBLpnxAjN0GUkkpTP9zUoqI
@Alternate Data Stream - 1160 bytes -> C:\ProgramData\Microsoft:rc537Wc4kI9JMDASGNgBrWO0nF
@Alternate Data Stream - 1146 bytes -> C:\Users\mika\AppData\Local\bd2YWfauABjkF5R:TosQTr2QuuwbrRdZkpVQcfs
@Alternate Data Stream - 1067 bytes -> C:\Users\mika\AppData\Local\Temp:98JObcAiKd2AheN6kjuD8d4y
@Alternate Data Stream - 1040 bytes -> C:\ProgramData\Microsoft:WIwHQHkHhnhymW61NTa544l3z

< End of report >
         
--- --- ---


PS Ein weiterer scan mit Malwarebytes brachte keine weiteren Meldungen.

Vielen Dank schon mal!
mika

Geändert von myf125 (18.12.2012 um 22:58 Uhr)

Alt 19.12.2012, 02:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean? - Standard

Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean?



Hallo und

Zitat:
Malwarebytes fand
Pub.Adware.Relevantknowledge
Pub.Bundleinstaller.SOL.
Poste doch einfach die Logs anstatt solcher dürftigen eigenen Formulieren, die keinem richtig weiterhelfen!

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 19.12.2012, 18:46   #3
myf125
 
Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean? - Standard

Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean?



Pardon, hatte mich an die "Hilfesuchendenanleitung" gehalten,
hab nicht gesehen, dass noch mehr Anleitungen dazu da sind :-)

Log1 Malwarebytes mit Befund:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mika :: *** [Administrator]

18.12.2012 21:28:15
mbam-log-2012-12-18 (21-28-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255681
Laufzeit: 5 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\mika\Downloads\dvd shrink.exe (PUP.BundleInstaller.SOL) -> Keine Aktion durchgeführt.
C:\Users\mika\AppData\Local\Temp\CSMFDD2.tmp (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Log2 (hatte zuerst nur einen in die Quarantäne verschoben)
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mika :: *** [Administrator]

18.12.2012 21:40:26
mbam-log-2012-12-18 (21-40-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255198
Laufzeit: 2 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\mika\Downloads\dvd shrink.exe (PUP.BundleInstaller.SOL) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
und das letzte ohne Befund:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mika :: *** [Administrator]

18.12.2012 22:43:47
mbam-log-2012-12-18 (22-43-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255190
Laufzeit: 4 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Danke nochmal
mika
__________________

Alt 19.12.2012, 23:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean? - Standard

Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean?



Code:
ATTFilter
O1 - Hosts: 127.0.0.1 activate.adobe.com
         
Oh, den seh ich ja jetzt erst

So ein Eintrag macht nur Sinn wenn man seine Adobe-Raubkopie zum Laufen bringen will

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean?
adobe, autorun, avast, bho, bonjour, converter, desktop, downloader, explorer, firefox, format, frage, home, logfile, mp3, nvidia, nvidia update, opera, photoshop, plug-in, realtek, registry, scan, security, software, super, system, tarma, windows, yontoo



Ähnliche Themen: Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean?


  1. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  2. PUP.Optional.BundleInstaller.A auf dem PC gefunden.
    Log-Analyse und Auswertung - 24.03.2014 (7)
  3. AviraScan hat jede menge Viren gefunden und in Quarantäne geschoben! Rechner jetzt clean???
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (3)
  4. Malwarebytes hat 2 Adware.DomaIQ gefunden
    Log-Analyse und Auswertung - 06.08.2013 (7)
  5. pup.adware.relevantknowledge entdeckt
    Log-Analyse und Auswertung - 31.07.2013 (9)
  6. Malwarebytes hat adware bprot gefunden
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (11)
  7. Adware.Agent mit Malwarebytes gefunden
    Log-Analyse und Auswertung - 02.07.2013 (8)
  8. Malwarebytes hat 3 Adware.DomaIQ gefunden!HILFE!
    Log-Analyse und Auswertung - 17.06.2013 (13)
  9. Firefox lahmt - Malwarebytes hat 'PUP.Adware.InstallCore' gefunden
    Log-Analyse und Auswertung - 06.05.2013 (28)
  10. PUP.Bundleinstaller, Adware Shopper und Trojan.Downloader...am Ende meines IT-Lateins
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (33)
  11. Mit Malwarebytes C:\Windows\KMService.exe gefunden, was jetzt?
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (3)
  12. PUP.Adbundle PUP.BundleInstaller.VG PUP.InstallBrain mit MalwareBytes gefunden, was tun?
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  13. Online-Banking-Probleme -> mittels Malwarebytes Trojan.FakeMS + Malware.Trace gefunden. Was jetzt?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (3)
  14. PUP.Adware.RelevantKnowledge u. a.
    Log-Analyse und Auswertung - 11.09.2012 (1)
  15. Nach ZeroAccess PC neuaufgesetzt - jetzt clean?
    Log-Analyse und Auswertung - 28.02.2012 (1)
  16. Data Recovery - Bin ich jetzt clean?
    Log-Analyse und Auswertung - 20.12.2011 (22)
  17. MBAM findet "Adware.RelevantKnowledge"
    Log-Analyse und Auswertung - 01.10.2011 (5)

Zum Thema Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean? - Hallo, hab auf meinem Windows7 Professional 64bit Malwarebytes laufen lassen, nachdem immerwieder WLAN-Abbrüche kamen und ich heute ein sehr langsames System hatte. Malwarebytes fand Pub.Adware.Relevantknowledge Pub.Bundleinstaller.SOL. Nach verschieben in Quarantäne - Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean?...
Archiv
Du betrachtest: Pub.Adware.Relevantknowledge und Pub.Bundleinstaller.SOL von Malwarebytes gefunden - jetzt clean? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.