Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: svchost Virus der viel CPU verbraucht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.04.2013, 02:02   #1
dodori
 
svchost Virus der viel CPU verbraucht - Frage

svchost Virus der viel CPU verbraucht



Hallo!

Ich habe in letzter Zeit bemerkt das es zu erheblichen Laggs in Spielen kommt,

Also prompt den Task Manager geöffnet, und siehe da...

"svchost.exe" verbraucht 17% Leistung Meines CPUs...

Ich habe die exe beendet, und alles geht wieder.

Jedoch startet er sich beim nächsten Windowsstart wieder..

Die exe wird im TEMP Ordner aufgerufen, das heißt das es ein Virus ist, weil svchost eigentlich in system32 ist.

Ich habe mir Heute den Process Explorer geholt, dieser Zeigt mir an was der Command Line für die Exe ist

Zitat:
"C:\Users\User\AppData\Local\Temp\svchost.exe" -o hxxp://p.9d3e622df914d8de7f747b7b8b143c52.com -O r3:r3 -l 1
Was kann ich tun?

Ich habe die Datei bereits gelöscht, aber sie kommt immer wieder (Nach jedem Neustart)

Ich bitte um Hilfe!

Virustotal sagt folgendes: https://www.virustotal.com/de/file/841071526b73eabb07d891ff359ad3fb424bf9b5a83577e5ea409b1deb849838/analysis/1364777991/
Code:
ATTFilter
https://www.virustotal.com/file/841071526b73eabb07d891ff359ad3fb424bf9b5a83577e5ea409b1deb849838/analysis/1364777991/
MD5:  207e8913fb9874d344c4b7841ea2a013
SHA1:  7d9227722e81e4e3f6697f02636952af193541e9
Detect: 6 /  46

Win32:PUP-gen [PUP]  (Avast)
not-a-virus:RiskTool.Win32.BitCoinMiner.cid  (Kaspersky)
SPR/BitCoin.F  (AntiVir)
Trojan.Win32.BitCoinMiner.AMN (A) (Emsisoft)
a variant  of Win32/BitCoinMiner.N  (ESET-NOD32)
not-a-virus:RiskTool.Win32.BitCoinMiner (Ikarus)
         

Geändert von dodori (01.04.2013 um 02:30 Uhr)

Alt 01.04.2013, 19:43   #2
t'john
/// Helfer-Team
 
svchost Virus der viel CPU verbraucht - Standard

svchost Virus der viel CPU verbraucht





Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



dann:


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 01.04.2013, 23:57   #3
dodori
 
svchost Virus der viel CPU verbraucht - Standard

svchost Virus der viel CPU verbraucht



Ok,

Ich habe 3 mal mit mbar gescannt und es kamen IMMER die gleichen Viren,

es bringt nichts das noch öfter zu machen....

die drei Logfiles von mbar:

1.
Zitat:
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.03.21.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

01.04.2013 21:06:23
mbar-log-2013-04-01 (21-06-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32551
Time elapsed: 19 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
c:\Users\User\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Shopper) -> Delete on reboot.
c:\Users\User\AppData\Local\Temp\pricepeep_1.exe (Adware.Shopper) -> Delete on reboot.
c:\Users\User\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot.
c:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYSB463V\svchost[1].exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

(end)
2.
Zitat:
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.03.21.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

01.04.2013 21:50:47
mbar-log-2013-04-01 (21-50-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32722
Time elapsed: 20 minute(s), 29 second(s)

Memory Processes Detected: 1
c:\Users\User\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> 588 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\User\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot.
c:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72CQVCV8\svchost[1].exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

(end)
3.
Zitat:
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

01.04.2013 22:29:59
mbar-log-2013-04-01 (22-29-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32752
Time elapsed: 22 minute(s), 8 second(s)

Memory Processes Detected: 1
c:\Users\User\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> 3308 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\User\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot.
c:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYSB463V\svchost[1].exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

(end)
Die OTL Logs gibts hier da es sonst zu lang wird:

www.pastebin.com/p6JJ8PnY
__________________

Alt 02.04.2013, 07:05   #4
t'john
/// Helfer-Team
 
svchost Virus der viel CPU verbraucht - Standard

svchost Virus der viel CPU verbraucht



Logs zippen und als Dateien anhaengen, falls sie zu gross sein sollten.
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.04.2013, 07:14   #5
dodori
 
svchost Virus der viel CPU verbraucht - Standard

svchost Virus der viel CPU verbraucht



Hab sie mal alle gezippt.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.04.2013 00:43:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 12,68 Gb Available Physical Memory | 79,34% Memory free
31,96 Gb Paging File | 27,96 Gb Available in Paging File | 87,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 290,10 Gb Free Space | 31,15% Space Free | Partition Type: NTFS
Drive D: | 5,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 1,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\AppData\Local\Temp\svchost.exe ()
PRC - C:\Users\User\AppData\Local\Temp\svchost.exe ()
PRC - C:\Users\User\AppData\Local\Temp\svchost.exe ()
PRC - C:\Users\User\AppData\Local\Temp\svchost.exe ()
PRC - C:\Users\User\AppData\Local\Temp\svchost.exe ()
PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\User\AppData\Roaming\ICQM\icq.exe (ICQ)
PRC - C:\Users\User\AppData\Local\Pokki\Engine\pokki.exe (Pokki)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\IB Updater\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
PRC - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe (Iminent)
PRC - C:\Program Files (x86)\puush\puush.exe ()
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
PRC - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.exe ()
PRC - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (Apple Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe (Take-Two Interactive Software, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\User\AppData\Local\Temp\svchost.exe ()
MOD - C:\Users\User\AppData\Local\Temp\zlib1.dll ()
MOD - C:\Users\User\AppData\Local\Temp\libidn-11.dll ()
MOD - C:\Users\User\AppData\Local\Temp\libcurl-4.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\1505fb78e94fbe5ee73563a5e10ecead\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d0726d49d268d97b4bcbe8b96548bc7c\System.Workflow.Runtime.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\272d9c2ba363f3e7cb5f2c89b99f2e2d\System.Workflow.ComponentModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4a2adcf04444a71d27fb7ad7381f3b8f\System.Workflow.Activities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\31a8f96f8939ac18a867ee26cc37eda8\System.Design.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4976e150a5d096db3981d4d56dda5a8e\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ()
MOD - C:\Users\User\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll ()
MOD - C:\Users\User\AppData\Local\Pokki\Engine\chrome.dll ()
MOD - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
MOD - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\46c1da3f2c4c666140a414394e1cb20b\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\ce70182f0348fc21a07409afd4a922f5\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b26c0ed378c4b15c60cef0baada4e0dc\System.ServiceModel.Routing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebf949aee7febad1902974b1a2bd77a2\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\800370766976fd4ec232b4e29781717d\System.ServiceModel.Channels.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b15622741724e17f1335c4771c3700a0\System.ServiceModel.Activities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9714573400d1d3724808c63f1fd6de83\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\puush\puush.exe ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Users\User\AppData\Local\Pokki\Engine\avformat-53.dll ()
MOD - C:\Users\User\AppData\Local\Pokki\Engine\avcodec-53.dll ()
MOD - C:\Users\User\AppData\Local\Pokki\Engine\avutil-51.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\SysWOW64\PrxerNsp.dll ()
MOD - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.exe ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pyovpnc.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\OpenSSL.crypto.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\OpenSSL.SSL.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\OpenSSL.rand.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\twisted.protocols._c_urlarg.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.dll ()
MOD - C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32com.shell.shell.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pythoncom26.dll ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32gui.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32api.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32process.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32event.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pywintypes26.dll ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32pdh.pyd ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_de_31bf3856ad364e35\System.Workflow.Runtime.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\select.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_hashlib.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pyexpat.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_ctypes.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_ssl.pyd ()
MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_socket.pyd ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\DAODx.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (IB Updater) -- C:\Programme\IB Updater\ExtensionUpdaterService.exe ()
SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SProtection) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe (Iminent)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe (The OpenVPN Project)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (OpenVPNAccessClient) -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WajamUpdater) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (CGVPNCliSrvc) -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.easylifeapp.com/?pid=34&r=2013/02/15&hid=2871535812&lg=EN&cc=DE
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = hxxp://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=34&r=2013/02/15&hid=2871535812&lg=EN&cc=DE
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=404C00FFDEA70CCC
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 10247514
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=404C00FFDEA70CCC
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 36 C6 CC C3 FB CD 01  [binary data]
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes,DefaultScope = {01bd49d7-c76b-4310-8beb-14d7e5f322c6}
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = hxxp://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=34&r=2013/02/15&hid=2871535812&lg=EN&cc=DE
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://mixidj.delta-search.com/?q={searchTerms}&affID=121136&babsrc=SP_ss&mntrId=404C00FFDEA70CCC
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6R8SHYKoKT&i=26
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = usvpn.newfreevpn.com
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..extensions.enabledAddons: webbooster@iminent.com:6.5.5.1
FF - prefs.js..extensions.enabledAddons: noreply@u2bviews.com:2.1.5
FF - prefs.js..extensions.enabledAddons: exif_viewer@mozilla.doslash.org:2.00
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.17.3.100013
FF - prefs.js..extensions.enabledAddons: {0F827075-B026-42F3-885D-98981EE7B1AE}:2.6.1095.52
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "EasyLife"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "EasyLife"
FF - prefs.js..browser.startup.homepage: "hxxp://search.easylifeapp.com/?pid=34&r=2013/02/15&hid=2871535812&lg=EN&cc=DE"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.easylifeapp.com/?pid=34&abc=ff1&r=2013/02/15&hid=2871535812&lg=EN&cc=DE&l=1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.03 17:04:10 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.03 17:04:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.03.03 17:04:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com [2013.02.10 08:56:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.03.03 17:04:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.28 21:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.02.14 17:41:10 | 000,037,909 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.03.16 18:49:21 | 000,000,000 | ---D | M]
 
[2013.01.18 20:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.04.01 22:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1lj4yh94.default\extensions
[2013.01.28 17:04:49 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1lj4yh94.default\extensions\ffxtlbr@incredibar.com
[2013.03.16 18:49:16 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1lj4yh94.default\extensions\ffxtlbr@mixidj.com
[2013.03.16 06:06:39 | 000,000,000 | ---D | M] (U2bview Firefox Add-on) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1lj4yh94.default\extensions\noreply@u2bviews.com
[2013.03.02 19:05:44 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1lj4yh94.default\extensions\toolbar@ask.com
[2013.04.01 02:25:42 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\extensions\exif_viewer@mozilla.doslash.org.xpi
[2013.02.20 13:18:44 | 000,053,943 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\extensions\pricepeep@getpricepeep.com.xpi
[2013.01.18 20:40:08 | 000,002,402 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\searchplugins\bingp.xml
[2013.02.15 19:01:42 | 000,000,580 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\searchplugins\EasyLife.xml
[2013.03.16 06:52:43 | 000,002,376 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\searchplugins\icq.xml
[2013.03.16 18:49:18 | 000,001,296 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\searchplugins\mixidj.xml
[2013.01.28 17:04:43 | 000,002,203 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\searchplugins\MyStart Search.xml
[2013.03.05 18:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.05 18:14:49 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2013.02.10 08:56:23 | 000,000,000 | ---D | M] ("Iminent Minibar") -- C:\PROGRAM FILES (X86)\IMINENT\WEBBOOSTER@IMINENT.COM
[2013.03.16 18:49:21 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1095.52\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2013.01.28 21:03:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.28 21:03:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.16 18:49:10 | 000,006,476 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013.01.28 21:03:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.28 21:03:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.28 21:03:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.28 21:03:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.28 21:03:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=404C00FFDEA70CCC
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - Extension: Angry Birds = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IB Updater = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\
CHR - Extension: Cut the Rope = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\15_0\
CHR - Extension: Ultimate Flash Sonic = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgmfbijldhdncjcipeocgkgbjhaecfp\1.0_0\
CHR - Extension: Iminent = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.13.4.1_0\
CHR - Extension: Wajam = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Break The Wall = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhfgnobmdkblmbdahcnpajbjnfmknpn\1.5_0\
CHR - Extension: PricePeep = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.0.22_0\
CHR - Extension: Minecraft = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlpgoledhpdldmmhcgfcaecodnkmoiea\0.0.0.8_0\
CHR - Extension: Google Mail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe] C:\Users\User\AppData\Roaming\Adobe\color.vbe ()
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov)
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [icq] C:\Users\User\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [iDevice Manager Launcher] C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\pokki.exe" File not found
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000011 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.102 80.69.103.78
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93AC1449-00C3-4293-8E13-CA30B7F421E5}: DhcpNameServer = 80.69.100.102 80.69.103.78
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.21 10:33:27 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011.09.28 20:22:49 | 000,000,074 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{04defebd-6240-11e2-9004-50465db5ab52}\Shell - "" = AutoRun
O33 - MountPoints2\{04defebd-6240-11e2-9004-50465db5ab52}\Shell\AutoRun\command - "" = I:\Setup.exe -- [2011.09.28 20:22:49 | 000,618,212 | R--- | M] (Team17                                                      )
O33 - MountPoints2\{685ecd30-5b65-11e2-acbe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{685ecd30-5b65-11e2-acbe-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2010.11.21 10:33:27 | 000,106,768 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.02 00:34:09 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Luigi's Mansion Dark Moon_ROM
[2013.04.02 00:10:37 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Mep
[2013.04.01 22:56:21 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\3DS Emulator 2.9.4
[2013.04.01 20:46:14 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbar
[2013.04.01 02:40:49 | 002,738,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\User\Desktop\procexp.exe
[2013.04.01 02:22:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Exif Viewer
[2013.04.01 02:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exif Viewer
[2013.04.01 02:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exif Viewer
[2013.04.01 02:21:40 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2013.03.30 20:13:09 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Raven's Roleplay 0.3x
[2013.03.30 03:29:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.30 03:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.30 03:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.30 03:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.29 23:19:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV
[2013.03.29 23:19:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\New Technology Studio
[2013.03.29 23:19:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\New Technology Studio
[2013.03.29 03:06:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013.03.28 00:56:26 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Hasi =3
[2013.03.28 00:54:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\libimobiledevice
[2013.03.28 00:53:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\7952b161783638652fd847e0607544d46321e8fa
[2013.03.28 00:53:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\log
[2013.03.28 00:53:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\4Videosoft Studio
[2013.03.28 00:53:47 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\4Videosoft Studio
[2013.03.28 00:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Videosoft
[2013.03.28 00:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\4Videosoft Studio
[2013.03.28 00:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4Videosoft Studio
[2013.03.27 17:42:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Doctor Entertainment AB
[2013.03.26 02:29:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.26 00:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.03.26 00:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.03.25 22:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\VideoCopilot
[2013.03.25 21:36:57 | 000,000,000 | ---D | C] -- C:\adobeTemp
[2013.03.25 00:44:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.03.21 19:35:09 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Battlefield 3
[2013.03.21 19:18:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ESN
[2013.03.21 19:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2013.03.21 17:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.03.21 17:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.03.21 15:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
[2013.03.21 15:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoIt3
[2013.03.21 15:07:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft Corporation
[2013.03.21 15:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013.03.21 14:35:55 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.21 14:35:55 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.21 14:35:55 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.21 14:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013.03.21 14:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.03.21 14:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013.03.21 14:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.03.21 14:23:18 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Visual Studio 2010
[2013.03.21 14:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2013.03.21 14:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2013.03.21 14:21:32 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2013.03.21 14:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2013.03.21 14:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2013.03.21 14:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2013.03.21 14:21:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.03.21 14:15:11 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.03.21 14:15:11 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.03.21 14:15:11 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.03.21 14:15:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013.03.21 14:15:07 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013.03.21 14:15:07 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.03.21 14:15:07 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013.03.21 14:15:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013.03.21 14:15:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.03.21 14:15:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.03.21 14:14:59 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013.03.21 14:14:30 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.03.21 09:10:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.03.21 09:10:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.03.21 04:01:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.03.21 04:00:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.03.21 01:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013.03.20 15:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag
[2013.03.20 15:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tag
[2013.03.18 18:35:53 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\da
[2013.03.17 19:24:11 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Keybinder DELUXE
[2013.03.17 19:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
[2013.03.17 19:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2013.03.17 19:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTA San Andreas 1.3
[2013.03.16 22:06:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\MINENKRAFT
[2013.03.16 21:56:48 | 000,000,000 | ---D | C] -- C:\Users\User\jagexcache
[2013.03.16 18:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fortop SWF Resources Extractor
[2013.03.16 18:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fortop SWF Resources Extractor
[2013.03.16 18:51:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
[2013.03.16 18:51:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Pokki
[2013.03.16 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.03.16 18:49:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\CRMixiDJTB
[2013.03.16 18:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.03.16 18:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mixidj
[2013.03.16 18:49:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2013.03.16 18:49:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Wajam
[2013.03.16 18:49:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
[2013.03.16 18:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.03.16 18:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2013.03.16 18:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PricePeep
[2013.03.16 07:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2013.03.16 06:59:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQ
[2013.03.16 06:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2013.03.16 06:52:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
[2013.03.16 06:52:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQM
[2013.03.16 06:52:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQ-Profile
[2013.03.16 06:03:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\U2bviews
[2013.03.16 06:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\U2bviews
[2013.03.14 22:01:39 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Any Video Converter
[2013.03.14 21:59:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AnvSoft
[2013.03.14 21:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2013.03.14 21:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2013.03.14 01:02:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.14 01:02:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.14 01:02:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.14 01:02:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.14 01:02:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.14 01:02:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.14 01:02:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.14 01:02:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.14 01:02:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.14 01:02:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.14 01:02:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.14 01:02:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.14 01:02:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.14 01:02:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.14 01:02:39 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.10 16:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013.03.10 16:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Team17
[2013.03.10 03:50:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Games
[2013.03.10 03:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2013.03.09 20:33:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HideIt 3.0
[2013.03.09 20:31:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Precise Logix
[2013.03.08 00:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield
[2013.03.07 18:25:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Audacity
[2013.03.07 18:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.03.07 17:22:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\collection
[2013.03.06 23:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™
[2013.03.06 23:58:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.03.06 23:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.03.06 17:36:10 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\SimCity
[2013.03.06 17:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\FlyVPN
[2013.03.06 17:06:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyVPN
[2013.03.06 17:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlyVPN
[2013.03.05 19:00:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Proxifier
[2013.03.05 19:00:45 | 000,103,016 | ---- | C] (Initex) -- C:\Windows\SysNative\ProxifierShellExt.dll
[2013.03.05 19:00:45 | 000,091,240 | ---- | C] (Initex) -- C:\Windows\SysWow64\ProxifierShellExt.dll
[2013.03.05 19:00:45 | 000,076,392 | ---- | C] (Initex) -- C:\Windows\SysNative\PrxerDrv.dll
[2013.03.05 19:00:45 | 000,070,248 | ---- | C] (Initex) -- C:\Windows\SysWow64\PrxerDrv.dll
[2013.03.05 19:00:45 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SPORDER.DLL
[2013.03.05 19:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier
[2013.03.05 19:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxifier
[2013.03.05 18:37:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PrivateTunnel
[2013.03.05 18:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN Technologies
[2013.03.05 18:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013.03.05 18:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2013.03.05 18:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2013.03.05 18:14:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Hotspot Shield
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.02 00:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.02 00:31:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.02 00:16:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3928150652-2756980015-3035233101-1000UA.job
[2013.04.01 22:11:27 | 000,015,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 22:11:27 | 000,015,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 22:07:07 | 001,162,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.01 22:07:07 | 000,788,470 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.01 22:07:07 | 000,292,670 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.01 22:07:07 | 000,250,968 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.01 22:07:07 | 000,006,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.01 22:01:18 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.04.01 22:00:42 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.04.01 22:00:37 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.01 22:00:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.01 22:00:22 | 4280,901,630 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.01 19:16:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3928150652-2756980015-3035233101-1000Core.job
[2013.04.01 18:49:43 | 000,000,000 | ---- | M] () -- C:\END
[2013.04.01 06:55:19 | 000,008,918 | ---- | M] () -- C:\Users\User\Desktop\Skype-Logo-iOS.jpg
[2013.04.01 02:21:46 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\Exif Viewer.lnk
[2013.03.31 23:55:36 | 000,317,168 | ---- | M] () -- C:\Users\User\Documents\2013-03-31_23.55.09.png
[2013.03.31 19:11:13 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.03.31 19:11:13 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.31 19:10:52 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.03.26 17:20:34 | 004,923,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.26 05:34:36 | 000,003,584 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.24 17:20:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.21 15:55:28 | 000,000,114 | ---- | M] () -- C:\Users\User\SciTE.session
[2013.03.21 14:35:42 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.21 14:35:42 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.21 14:35:42 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.21 04:07:34 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2013.03.21 04:07:34 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2013.03.17 19:29:18 | 000,000,356 | ---- | M] () -- C:\Users\User\Desktop\Wie kann man bei MTA San Andreas so schnell -Polizeikontrolle ....url
[2013.03.17 19:01:59 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2013.03.16 22:38:50 | 000,000,001 | ---- | M] () -- C:\Users\User\random.dat
[2013.03.16 22:02:49 | 000,000,045 | ---- | M] () -- C:\Users\User\jagex_cl_loginapplet_LIVE.dat
[2013.03.16 21:56:48 | 000,000,043 | ---- | M] () -- C:\Users\User\jagex_cl_runescape_LIVE.dat
[2013.03.14 22:34:13 | 000,078,230 | ---- | M] () -- C:\Users\User\dd.camproj
[2013.03.13 21:36:07 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 21:36:07 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.07 23:15:31 | 000,000,132 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2013.03.07 19:12:32 | 012,278,504 | ---- | M] () -- C:\Users\User\Documents\Calli Kartell feat. Alex McMeat - RaUsWeRfEn.wav
[2013.03.06 23:58:16 | 000,001,284 | ---- | M] () -- C:\Users\Public\Desktop\SimCity™.lnk
[2013.03.05 18:37:46 | 000,002,296 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.01 22:38:55 | 000,587,370 | ---- | C] () -- C:\Users\User\Desktop\IMG_0115.JPG
[2013.04.01 06:55:19 | 000,008,918 | ---- | C] () -- C:\Users\User\Desktop\Skype-Logo-iOS.jpg
[2013.04.01 02:21:46 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\Exif Viewer.lnk
[2013.03.31 23:55:35 | 000,317,168 | ---- | C] () -- C:\Users\User\Documents\2013-03-31_23.55.09.png
[2013.03.29 03:14:43 | 000,001,346 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2013.03.25 21:39:42 | 000,001,202 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
[2013.03.21 15:55:28 | 000,000,114 | ---- | C] () -- C:\Users\User\SciTE.session
[2013.03.17 19:29:18 | 000,000,356 | ---- | C] () -- C:\Users\User\Desktop\Wie kann man bei MTA San Andreas so schnell -Polizeikontrolle ....url
[2013.03.17 19:01:59 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2013.03.16 22:02:49 | 000,000,045 | ---- | C] () -- C:\Users\User\jagex_cl_loginapplet_LIVE.dat
[2013.03.16 21:56:48 | 000,000,043 | ---- | C] () -- C:\Users\User\jagex_cl_runescape_LIVE.dat
[2013.03.16 21:56:48 | 000,000,001 | ---- | C] () -- C:\Users\User\random.dat
[2013.03.16 18:51:35 | 000,002,131 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragons of Atlantis.lnk
[2013.03.16 18:49:05 | 000,000,000 | ---- | C] () -- C:\END
[2013.03.15 18:42:29 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.03.14 22:11:44 | 000,078,230 | ---- | C] () -- C:\Users\User\dd.camproj
[2013.03.07 19:11:28 | 012,278,504 | ---- | C] () -- C:\Users\User\Documents\Calli Kartell feat. Alex McMeat - RaUsWeRfEn.wav
[2013.03.07 18:25:00 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.03.06 23:58:16 | 000,001,284 | ---- | C] () -- C:\Users\Public\Desktop\SimCity™.lnk
[2013.03.06 18:41:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2013.03.05 19:00:45 | 000,057,448 | ---- | C] () -- C:\Windows\SysNative\PrxerNsp.dll
[2013.03.05 19:00:45 | 000,056,424 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2013.03.05 18:37:46 | 000,002,296 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk
[2013.03.05 18:37:46 | 000,001,373 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivateTunnel.lnk
[2013.02.25 20:37:55 | 717,238,272 | ---- | C] () -- C:\Users\User\Best Of Squirt2.avi
[2013.02.25 20:37:55 | 716,347,392 | ---- | C] () -- C:\Users\User\Best_of_Squirt1.avi
[2013.02.12 01:44:22 | 000,188,783 | ---- | C] () -- C:\Users\User\ddd.camproj
[2013.02.12 01:41:45 | 002,532,145 | ---- | C] () -- C:\Users\User\17-instructor-mooselini-s-rap.mp3
[2013.02.12 01:08:53 | 002,950,260 | ---- | C] () -- C:\Users\User\23-prince-fleaswallow-s-rap.mp3
[2013.02.10 18:26:13 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.07 17:10:35 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2013.02.04 22:03:03 | 001,303,865 | ---- | C] () -- C:\Users\User\2013-02-04_21.00.16.png
[2013.02.04 22:03:03 | 001,157,850 | ---- | C] () -- C:\Users\User\2013-02-04_21.00.28.png
[2013.02.04 22:03:03 | 001,061,311 | ---- | C] () -- C:\Users\User\2013-02-04_21.00.10.png
[2013.02.04 22:03:03 | 000,772,711 | ---- | C] () -- C:\Users\User\2013-02-04_21.00.23.png
[2013.02.04 22:03:03 | 000,260,252 | ---- | C] () -- C:\Users\User\2013-02-04_21.00.38.png
[2013.02.04 22:03:03 | 000,249,800 | ---- | C] () -- C:\Users\User\2013-02-04_21.01.03.png
[2013.02.04 03:18:16 | 000,000,046 | ---- | C] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013.02.02 12:02:51 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.02 12:02:06 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.02.02 12:02:06 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.01.26 02:03:34 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2013.01.25 23:13:55 | 000,006,438 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.23 17:15:42 | 000,837,206 | ---- | C] () -- C:\Users\User\IMG_1548.JPG
[2013.01.23 17:15:42 | 000,674,443 | ---- | C] () -- C:\Users\User\IMG_1549.JPG
[2013.01.23 16:42:33 | 000,703,104 | ---- | C] () -- C:\Users\User\AppData\Roaming\technic-launcher.jar
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.30 18:23:03 | 000,798,716 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.30 18:22:53 | 000,201,920 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.06.30 18:22:15 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.05.25 04:27:25 | 000,015,872 | ---- | C] () -- C:\Windows\AsTaskSched.dll
[2011.05.25 04:27:17 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.25 04:26:54 | 000,028,814 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.05.25 04:18:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2006.09.26 14:00:02 | 000,000,294 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3928150652-2756980015-3035233101-1000\$R5R1QI2\c_images\stickers\l.gif
[2006.09.26 14:00:02 | 000,000,403 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3928150652-2756980015-3035233101-1000\$R5R1QI2\c_images\stickers\n.gif
[2006.09.26 12:00:02 | 000,000,294 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3928150652-2756980015-3035233101-1000\$RDSYY11\Hotel cms\c_images\stickers\l.gif
[2006.09.26 12:00:02 | 000,000,403 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3928150652-2756980015-3035233101-1000\$RDSYY11\Hotel cms\c_images\stickers\n.gif
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---



Alt 02.04.2013, 08:24   #6
t'john
/// Helfer-Team
 
svchost Virus der viel CPU verbraucht - Standard

svchost Virus der viel CPU verbraucht



Erschreckender Zustand.


Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

MOD - C:\Users\User\AppData\Local\Temp\svchost.exe () 
MOD - C:\Users\User\AppData\Local\Temp\zlib1.dll () 
MOD - C:\Users\User\AppData\Local\Temp\libidn-11.dll () 
MOD - C:\Users\User\AppData\Local\Temp\libcurl-4.dll () 
MOD - C:\Users\User\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll () 
MOD - C:\Users\User\AppData\Local\Pokki\Engine\chrome.dll () 
O4 - HKLM..\Run: [Adobe] C:\Users\User\AppData\Roaming\Adobe\color.vbe () 
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [AdobeBridge] File not found 
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [icq] C:\Users\User\AppData\Roaming\ICQM\icq.exe (ICQ) 
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\pokki.exe" File not found 
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () 
[2013.03.28 00:53:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\7952b161783638652fd847e0607544d46321e8fa 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\User\*.tmp
C:\Users\User\AppData\*.dll
C:\Users\User\AppData\*.exe
C:\Users\User\AppData\Local\Temp\*.exe
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
--> svchost Virus der viel CPU verbraucht

Alt 02.04.2013, 17:40   #7
dodori
 
svchost Virus der viel CPU verbraucht - Standard

svchost Virus der viel CPU verbraucht



So, hab mal die Logfiles angehängt, das sind alle.

Apropos,
Was meinen sie mit "Erschreckender Zustand." ?


Alt 03.04.2013, 08:46   #8
t'john
/// Helfer-Team
 
svchost Virus der viel CPU verbraucht - Standard

svchost Virus der viel CPU verbraucht



Zitat:
Was meinen sie mit "Erschreckender Zustand." ?
Das sehr viel Muell und Malware auf dem Rechner mitlaeuft.

Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.05.2013, 10:36   #9
t'john
/// Helfer-Team
 
svchost Virus der viel CPU verbraucht - Standard

svchost Virus der viel CPU verbraucht



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu svchost Virus der viel CPU verbraucht
adware.shopper, emsisoft, explorer, folgendes, gelöscht, heuristics.reserved.word.exploit, kommt immer wieder, manager, not-a-virus:risktool.win32.bitcoinminer.cid, ordner, risktool.win32.bitcoinminer, spielen, spr/bitcoin.f, svchost.exe, system, task manager, temp, trojan.agent.gen, trojan.win32.bitcoinminer.amn, virus, virustotal, win32/bitcoinminer.n, win32:pup-gen [pup]



Ähnliche Themen: svchost Virus der viel CPU verbraucht


  1. svchost.exe und wuauclt.exe nehmen sehr viel auslastung ein (manchmal svc über 200k)
    Plagegeister aller Art und deren Bekämpfung - 13.06.2015 (1)
  2. svchost.exe verbraucht viel RAM
    Log-Analyse und Auswertung - 03.04.2015 (61)
  3. Svchost.exe verbraucht viel Arbeitsspeicher
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (9)
  4. Virus: Avira kann nicht geupdated werden/ verbraucht sehr viel CPU
    Log-Analyse und Auswertung - 10.05.2014 (74)
  5. Allgemeine Säuberung/ Svchost.exe ->Wlansvc brauch viel Ram
    Log-Analyse und Auswertung - 14.03.2014 (19)
  6. Svchost verbraucht sehr viel Arbeitsspeicher
    Plagegeister aller Art und deren Bekämpfung - 04.03.2014 (5)
  7. Win 7: svchost.exe frisst ungewöhnlich viel Arbeitsspeicher
    Log-Analyse und Auswertung - 21.12.2013 (13)
  8. scheinbar von selbst gelöst: svchost verursacht viel Traffic (Adobe Updater?)
    Alles rund um Windows - 28.10.2011 (3)
  9. svchost.exe verbraucht sehr viel Arbeitsspeicher. Virus?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2011 (8)
  10. Unbekannter Prozess und svchost nimmt viel zu viel RAM ein?
    Log-Analyse und Auswertung - 07.07.2010 (19)
  11. svchost.exe verbraucht 99% der cpu-ressourcen
    Plagegeister aller Art und deren Bekämpfung - 07.05.2010 (10)
  12. svchost.exe verbraucht zu viel speicher
    Log-Analyse und Auswertung - 17.10.2009 (0)
  13. svchost.exe frisst ungewöhnlich viel Ram -- infiziert?
    Log-Analyse und Auswertung - 15.12.2008 (0)
  14. svchost nimmt (im vergleich zu sonst) viel arbeitsspeicher ein
    Log-Analyse und Auswertung - 10.09.2007 (1)
  15. Svchost.exe verbraucht zu viel cpu auslastung
    Mülltonne - 03.06.2007 (0)
  16. Speicherplatz automatisch verbraucht - Virus?
    Plagegeister aller Art und deren Bekämpfung - 13.08.2006 (7)
  17. prozess verbraucht sehr viel!
    Log-Analyse und Auswertung - 26.02.2006 (2)

Zum Thema svchost Virus der viel CPU verbraucht - Hallo! Ich habe in letzter Zeit bemerkt das es zu erheblichen Laggs in Spielen kommt, Also prompt den Task Manager geöffnet, und siehe da... "svchost.exe" verbraucht 17% Leistung Meines CPUs... - svchost Virus der viel CPU verbraucht...
Archiv
Du betrachtest: svchost Virus der viel CPU verbraucht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.